https://github.com/osquery/osquery logo
Join Slack
Powered by
hey gang! I am trying to enable Windows Defender T...
# fleet
b
hey gang! I am trying to enable Windows Defender Tamper Protection on a Windows device with Fleet MDM enabled. The setting is perpetually greyed out with a message saying 
This setting is managed by your administrator
, however I do not have any configuration in place at the moment to manage this setting. That being said, I have written the following XML configuration file and applied it to the machine. However the machine policy status gives me an error 500, indicating that I have not written the XML correctly. Problem is I've implemented it based on the Fleet XML templates here: https://github.com/fleetdm/fleet-gitops/blob/860dcf2609e2b25a6d6becf8006a7118a19cd615/lib/windows-screenlock.xml This is all based on this documentation from Microsoft: https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#configurationtamperprotection
XML:
Copy code
<Replace>
  <Item>
    <Meta>
      <Format xmlns="syncml:metinf">int</Format>
    </Meta>
    <Target>
      <LocURI>./Device/Vendor/MSFT/Defender/Configuration/TamperProtection</LocURI>
    </Target>
    <Data>1</Data>
  </Item>
</Replace>
r
@Billy H We're testing this and will get back to you with more information. According to the Microsoft docs, the 
<Format>
for this node should be 
chr
, rather than 
int
, but we would like to test this ourselves before giving a definitive solution, because it's possible that other parts of this node need to be changed.
b
Thanks @Rebecca Cowart!!
r
@Billy H It appears as though Fleet MDM enrollment automatically turns off Tamper Protection and locks it to be managed by your administrator. I will inquire further with our engineering team and see if this is a bug or intended behavior!
b
Thanks for the update rebecca!
r
@Billy H Thank you for bringing this to our attention. We've filed a bug for it!
b
excellent, thanks rebecca!
17 Views
Open in Slack
PreviousNext
Powered by