- Jul 27, 2015
- 5,459
Microsoft Defender for Endpoint's Tamper Protection in macOS has entered general availability.
The update is important for administrators having to deal with Apple hardware while also keeping everything secure. It represents one more layer of protection and prevents the unauthorized removal of Microsoft Defender for Endpoint on macOS. It also prevents tampering with files, process and configuration settings for Defender for Endpoint, and applies at device level. By default, the feature will roll out with audit mode enabled, meaning actions to uninstall the agent will be logged, as will the deletion/renaming/modification of Defender for Endpoint files and the creation of new files under Defender for Endpoint installation locations.
Supported macOS versions are Monterey (12), Big Sur (11), and Catalina (10.15+), and version 101.70.19 or above of Microsoft Defender for Endpoint is needed. It is also highly recommended that System Integrity Protection (SIP) be enabled. The latter is part of macOS and usually only disabled by developers in order to tinker with low-level code. Unsurprisingly, Apple's documentation on the subject is festooned with dire warnings regarding its disabling. The functionality has been a while coming as far as the Microsoft world is concerned – with the preview out in May – and closes off another route by which organizations can be attacked.
Microsoft releases macOS Tamper Protection
A boon for administrators having to deal with Apple hardware while also keeping everything secure
www.theregister.com