HEIMDAL's Next-Gen Antivirus with XTP leverages Windows Defender as its baseline engine. Consequently, users with Administrator privileges may attempt to disable Windows Defender's Real-time Protection for many reasons. To safeguard against this, Windows' Tamper Protection is designed to automatically re-enable Real-time Protection when it's turned OFF. Specifically, when Tamper Protection is active, the following core security features remain enforced:
- Virus and threat protection remains enabled;
- Real-time protection remains turned on;
- Behavior monitoring remains turned on;
- Antivirus protection, including IOfficeAntivirus (IOAV), remains enabled;
- Cloud protection remains enabled;
- Security intelligence updates occur;
- Automatic actions are taken on detected threats;
- Notifications are visible in the Windows Security app on Windows devices;
- Archived files are scanned;
- Exclusions cannot be modified or added (This restriction applies to devices managed by Intune or Configuration Manager exclusively. Co-managed devices are not supported).
However, the time it takes for Tamper Protection to restore Real-time Protection can vary, ranging from a few minutes to several hours, influenced by factors such as system load and policy synchronization.
Crucially, if Tamper Protection is disabled, the HEIMDAL Agent can proactively intervene and rapidly re-enable Real-time Protection, ensuring continuous protection (a check is done every 10 minutes). This immediate response from the HEIMDAL Agent significantly reduces the window of vulnerability that might otherwise occur while relying solely on Windows' Tamper Protection.
IMPORTANT
The HEIMDAL Agent can re-enable Real-time Protection only if the Tamper Protection is disabled.