Forum Discussion
How to Prevent Admin Users to add exclusions via Registry? + Simple Posh to disable Real-time?
So I know this is pretty much a quick "REMOVE ADMIN ACCESS!" answer, but in this case it is not. We'd like to know how to prevent users to exclude extensions, paths, or even processes via Registry. ...
To not allow the user to disable real-time scanning, Tamper Protection can be used. But this is currently only supported by Intune (https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-in-Microsoft-Defender-ATP/ba-p/389571)
For exclusions, I don't think there is much you can do. You could use MDATP to alert you when one of those registry paths have been changed.
PS: Have you looked at CyberArk (https://www.cyberark.com/), this allows you to give the user local admin rights for a few use cases (For example allow them to update Java), but don't give them full blown rights
For exclusions, I don't think there is much you can do. You could use MDATP to alert you when one of those registry paths have been changed.
PS: Have you looked at CyberArk (https://www.cyberark.com/), this allows you to give the user local admin rights for a few use cases (For example allow them to update Java), but don't give them full blown rights
- I knew this coming in, but right now it is only available for 1903 and up. 😞
we're mostly 1809.
