Security News > 2022 > August > Microsoft's macOS Tamper Protection hits general availability
Microsoft Defender for Endpoint's Tamper Protection in macOS has entered general availability.
It represents one more layer of protection and prevents the unauthorized removal of Microsoft Defender for Endpoint on macOS. It also prevents tampering with files, process and configuration settings for Defender for Endpoint, and applies at device level.
Alerts are not raised in the Security Center while in audit mode.
The thinking is that administrators can use audit mode to get a sense for how the new feature works before switching to block mode where tampering attempts are blocked and alerts are raised.
Supported macOS versions are Monterey, Big Sur, and Catalina, and version 101.70.19 or above of Microsoft Defender for Endpoint is needed.
Some users might grumble at yet more locking down of their devices when block mode is enabled, but an initial look at audit mode will help administrators spot problems before the security hammer comes down.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/16/macos_tamper_protection/
Related news
- Microsoft fixes OneDrive bug causing macOS app freezes (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)