Defender tamper protection

[Disassembler0]

1903 added Tamper protection feature into Windows Defender. This basically blocks all attempts to modify defender-related registry, unless you're doing it as TrustedInstaller user.

By default, the protection seems to be disabled, but nags with a warning. Scope of this issue is either:

• Find how to disable the warning (preferred)

or

• Enable tamper protection but find how to do the modifications in other defender-related tweaks, either via Set-MpPreference cmdlet or directly as TrustedInstaller (this theoretically should not be possible, but where there's a will, there's a way)

There is related setting under HKLM:\SOFTWARE\Microsoft\Windows Defender\Features but manually dismissing the warning doesn't seem to change anything anywhere in registry, so there may be something else in SQLite databases under C:\ProgramData\Microsoft\Windows Defender.

[God-damnit-all]

Perhaps the TamperProtection key in HKLM\SOFTWARE\Microsoft\Windows Defender\Features might be something that is only honored during the initial install of the OS, similar to the ShippedWithReserves key for the Reserved Storage feature?