Company logoHelp Center
Visit www.threatlocker.com

Disable Tamper Protection

2 min. readlast update: 09.03.2024

Overview

Tamper Protection is a system that prevents malicious actors, end users, and other security software from attempting to modify, stop, or delete ThreatLocker files and services, as well as making it more difficult for administrators. Offboarding or troubleshooting may require Tamper Protection to be disabled temporarily. 

Disabling Tamper Protection for a Single Computer

  1. Navigate to the Computers page in the ThreatLocker Portal
  2. Click on a computer name to open the 'View/Edit Computer' side panel
  3. Navigate to the Maintenance tab 
  4. Select 'Disable Tamper Protection' from the 'Maintenance Type' dropdown
  5. Start the maintenance mode with the 'Schedule Maintenance' button at the bottom of the side panel. 
  6. Select the Save button. 

 

 

 

 

Disabling Tamper Protection for Multiple Machines Simultaneously 

  1. Navigate to the Computers page in the ThreatLocker Portal
  2. Select the check box beside all machines for which you are attempting to disable Tamper Protection
  3. Select the 'Schedule Maintenance' button to prompt the 'Schedule Maintenance' popup to appear
  4. Specify the start/end date, if desired, choose 'Disable Tamper Protection' from the 'Mode Options' dropdown, and choose whether the user can end the schedule from the computer
  5. Click 'Start Maintenance' to disable protection

 

Re-enabling Tamper Protection

The red end button confirms Tamper Protection Disabled maintenance mode is currently scheduled. This can be found in the maintenance history when viewing a machine. Clicking this icon will end the maintenance mode. A red 'Tamper Protection Disabled' tag will be displayed for the machine as well. 

 

You can enable the option 'Allow the user to end the schedule from the Computer' to create a tray popup on the machine. This indicates that the maintenance mode is active on the machine and gives technicians access to re-enable protection on the machine. 

Re-enabling Tamper Protection for Multiple Machines Simultaneously

  1. Navigate to the Computers page in the ThreatLocker Portal
  2. Select the check box beside all machines for which you are attempting to re-enable protection on.  
  3. Click the 'Secure Mode' button. This will also end any other maintenance modes, including Installation, Learning, or Monitor mode. 

Was this article helpful?