Jump to content

Recommended Posts

Hello Malwarebytes community,

 

My name is Steve and I had this issue about 5 months ago please see my link below

Getting tampering restore notice if run MS Safety Scanner - Resolved Malware Removal Logs - Malwarebytes Forums

 

The tampering restore malware is back again it is only detected in MS Safety Scanner every anti malware software I have tried doesn't detect it and after all the time I have spent back and fourth with people it still hasn't been resolved as it has returned again. Can someone please help me remove this malware once and for all because its really frustrating.

 

Please advise Thank you.

 

Link to post
Share on other sites

  • Root Admin

Please see the following @Steve-o8

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=VirTool:Win32/DefenderTamperingRestore&ThreatID=2147741622

VirTool:Win32/DefenderTamperingRestore
Detected by Microsoft Defender Antivirus

Aliases: No associated aliases
Summary

This detection is for suboptimal configurations that may prevent Microsoft Defender Antivirus from functioning properly.

If you see this detection, a suboptimal configuration was detected, and Microsoft Defender Antivirus will auto-heal by automatically resetting to more secure configurations.

 

Protect security settings with tamper protection
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide

 

What is tamper protection?

Tamper protection is a capability in Microsoft Defender for Endpoint that helps protect certain security settings, such as virus and threat protection, from being disabled or changed. During some kinds of cyber attacks, bad actors try to disable security features on devices. Disabling security features provides bad actors with easier access to your data, the ability to install malware, and the ability to exploit your data, identity, and devices. Tamper protection helps guard against these types of activities.

 

What happens when tamper protection is turned on?

When tamper protection is turned on, tamper-protected settings can't be changed.

    Virus and threat protection is enabled.
    Real-time protection is turned on.
    Behavior monitoring is turned on.
    Antivirus protection, including IOfficeAntivirus (IOAV) is enabled.
    Cloud protection is enabled.
    Security intelligence updates occur.
    Automatic actions are taken on detected threats.
    Notifications are visible in the Windows Security app on Windows devices.
    Archived files are scanned.

 

Built-in protection helps guard against ransomware
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/built-in-protection?view=o365-worldwide


Attack surface reduction (ASR) rules reference
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide

 

 

Please click on START and type in PowerShell and when it shows on the menu select to run it with Admin rights.

Then copy and paste the following and press the Enter key.

Get-MpComputerStatus

You can highlight the results with your mouse cursor and then press the Enter key and that will put the results in the clipboard where you can use CTRL-V to paste the results here.

 

Then click on START and type in CMD.EXE and when it shows start that with Admin rights as well. Then copy and paste the following into the command prompt windows and press the Enter key.

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features"

 

Then highlight and copy those results too and post those results as well

 

Thank you

 

 

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.