Is there any way to turn off tamper protection using command line?

Question

I work with many test PCs, so I want to automate the procedure for installing OS and setting up.

Disabling anti-virus is one of the set-up steps via the below, with it working well for a while, but now doesn't work, showing error Access Denied:
```
Reg Add "HKLM\software\policies\microsoft\windows defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
```

I found that "Tamper Protection" blocks attempts to modify registry keys for Windows Defender; I know how to turn it off using GUI, but for automating, I'd like to do this via CLI.

I tried to modify the registry key for "Tamper Protection" via regedit, but it seems it blocks the attempt to modify itself

Is there any way to turn off "Tamper Protection" using command line?

score 0 · Answer 1 · answered Mar 27 '20 at 13:28

As mentioned in the comments, you need permission to change some registry keys. NTLite was also mentioned - a great program.

I use SetACL tool to do it programatically. Changing permissions for a registry key with SetACL:

SetACL.exe -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YourService" -ot reg -actn setowner -ownr "n:Administrators"

score 0 · Answer 2 · answered Jun 12 '20 at 10:53

TL;DR you can't.

Even if you take permission of the key and revoke permissions to all other accounts/groups, the key is still protected and unable to be changed. MS's official answer is to either use Intune for your organization or do it manually.

Is there any way to turn off tamper protection using command line?

2 Answers2