Solved.
Kudos0

Do all Paid for Norton Security Products Detect, Remove & Block the VirTool:Win32DefenderTamperingRestore Infection?

Quick Question?  Do Norton Security Products by any chance stop, detect & or remove the following stubborn & Stealth Malware or Trojan Infection?  VirTool:Win32DefenderTamperingRestore

This happens to be a very stealth & stubborn Infection that somehow got onto my Windows 10 Home 64-Bit Computer at some time & has only been able to be detected & removed for limited days at a time using Microsoft Safety Scanner & its Quick Scan.  It keeps getting & finding its way back onto my Computer over & over again without me much knowing that it is doing so except possibly some really quick Command Prompt Windows that show up speedily & blink occasionally after Windows Startup & only at rare unexplained times.  It has not been stopped, detected or removed with 3 other well branded security products including Webroot, Trend Micro, and VIPRE Advanced Security.  Sad that is to say about those Weak Security Products that are unable to stop, find or remove this recurring Infection.

Therefore, I was wondering if I choose to Purchase, Download & Install A Norton Security Product on my Computer, if it will have the technologies & capabilities of Detecting, Removing & Blocking it from getting back on my Computer once & for all as for Microsoft Safety Scanner is & has only been a temporary fix for this stealth & stubborn Infection that keeps finding its way back onto my Computer & past all 3 of those other Security Products undetected?

Corwin

Accepted Solution
Kudos2 Stats

Re: Do all Paid for Norton Security Products Detect, Remove & Block the VirTool:Win32DefenderTamperingRestore Infection?

CFDempsey:

... Windows Defender is not the main Antivirus Protection for my Computer ..Right now I am using & testing out a full 30-Day Free Trial of Trend Micro Antivirus Plus & am then going to also do the same with BitDefender Internet Security 2020 to see how I like it & its protection & Features before Buying.  I also can get Norton Premium Security free for my Computer with my High Speed Internet Subscription through Xfinity which I may do or consider...

Hi CFDempsey:

Generally speaking, when a third-party antivirus program like Bitdefender, Norton, etc. is installed on a Win 8.x or Win 10 computer it will deactivate Windows Defender's real-time protection; if that third-party antivirus is uninstalled then Windows Defender will be automatically re-activated to ensure your computer remains protected.  I don't know for certain, but it's possible that the Tamper Protection feature of Windows Defender is disabled (i.e., HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features is reset to 0) each time you install a different antivirus program, causing the Microsoft Security Scanner (or your re-enabled Windows Defender antivirus) to throw another Win32/DefenderTamperingRestore detection and turn Windows Defender Tamper Protection back on.  If you want a definitive answer before testing your free Comcast/Xfinity Norton Security Online antivirus you might have to ask Norton Customer Support via Live Chat at https://www.norton.com/chat.

This is slightly off-topic, but every time you finish testing a different antivirus product and uninstall it from your system please ensure you remove the last traces of the program with the manufacturer's removal tool.  ESET maintains a list of download links for removal tools for popular antivirus programs like Bitdefender, Trend Micro, Webroot, etc. at http://kb.eset.com/kb146/. When antivirus programs are uninstalled from the Control Panel (Programs | Programs and Features) they can leave behind several orphaned files and registry entries that can conflict with your "new" antivirus program and cause all sorts of glitches and unusual behaviour, so it's always best to run the manufacturer's removal tool to wipe the last remnants of your previous antivirus off your computer.
----------
32-bit Vista Home Premium SP2 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365

Replies

Kudos2 Stats

Re: Do all Paid for Norton Security Products Detect, Remove & Block the VirTool:Win32DefenderTamperingRestore Infection?

Hi CFDempsey:

The Microsoft Security Intelligence description for VirTool:Win32/DefenderTamperingRestore is very vague and only states:

This detection is for suboptimal configurations that may prevent Windows Defender Antivirus from functioning properly.

If you see this detection, a suboptimal configuration was detected, and Windows Defender Antivirus will auto-heal by automatically resetting to more secure configurations.

Has the built-in Windows Defender always been your only antivirus that runs in real-time protection mode, or do you normally use another third-party antivirus like Webroot SecureAnywhere, etc?  The ghacks.net article Windows 10 1903: Windows Defender Antivirus Gets Tamper Protection describes a new feature introduced in Win 10 Version 1903, and my best guess is that the Microsoft Security Scanner noticed that Tamper Protection was turned off in your registry settings for Windows Defender and turned it back on (i.e., HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features was changed from 0 to 1).

Most antivirus / anti-malware software like Norton, Malwarebytes, etc. have a tamper protection feature that is supposed to prevent malware infections from deleting important program files and disabling your real-time protection, but the comments in the 08-Aug-2019 MS Answers thread Win32/DefenderTamperingRestore Caught by Windows Defender indicate this could be a "false positive" detection on some systems where Windows Defender is not the main antivirus (i.e., the setting was disabled when a third-party antivirus was installed and automatically turned off Windows Defender), or the user simply didn't enable the new tamper protection feature in Windows Defender when Win 10 was upgraded to Version 1903.
----------
32-bit Vista Home Premium SP2 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365

Kudos0

Re: Do all Paid for Norton Security Products Detect, Remove & Block the VirTool:Win32DefenderTamperingRestore Infection?

No, the built-in Windows Defender has (Not) always been my only antivirus that runs in real-time protection mode.  Windows Defender is not the main Antivirus Protection for my Computer & will never be because in my opinion, it is too weak on its security & protection & is too easy for Viruses, Malware, Hackers etc. to sneak & break right through terrible that is to say!  I always have & will always choose a Paid Subscription for one of the many Security Product choices out there on our Market.  Right now I am using & testing out a full 30-Day Free Trial of Trend Micro Antivirus Plus & am then going to also do the same with BitDefender Internet Security 2020 to see how I like it & its protection & Features before Buying.  I also can get Norton Premium Security free for my Computer with my High Speed Internet Subscription through Xfinity which I may do or consider.

Great write back to me on this question & possible recurring Infection that I have been seeing & experiencing when I choose to run a Quick Scan using the Microsoft Safety Scanner Tool.  You explained allot here to me & I appreciate that.

Accepted Solution
Kudos2 Stats

Re: Do all Paid for Norton Security Products Detect, Remove & Block the VirTool:Win32DefenderTamperingRestore Infection?

CFDempsey:

... Windows Defender is not the main Antivirus Protection for my Computer ..Right now I am using & testing out a full 30-Day Free Trial of Trend Micro Antivirus Plus & am then going to also do the same with BitDefender Internet Security 2020 to see how I like it & its protection & Features before Buying.  I also can get Norton Premium Security free for my Computer with my High Speed Internet Subscription through Xfinity which I may do or consider...

Hi CFDempsey:

Generally speaking, when a third-party antivirus program like Bitdefender, Norton, etc. is installed on a Win 8.x or Win 10 computer it will deactivate Windows Defender's real-time protection; if that third-party antivirus is uninstalled then Windows Defender will be automatically re-activated to ensure your computer remains protected.  I don't know for certain, but it's possible that the Tamper Protection feature of Windows Defender is disabled (i.e., HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features is reset to 0) each time you install a different antivirus program, causing the Microsoft Security Scanner (or your re-enabled Windows Defender antivirus) to throw another Win32/DefenderTamperingRestore detection and turn Windows Defender Tamper Protection back on.  If you want a definitive answer before testing your free Comcast/Xfinity Norton Security Online antivirus you might have to ask Norton Customer Support via Live Chat at https://www.norton.com/chat.

This is slightly off-topic, but every time you finish testing a different antivirus product and uninstall it from your system please ensure you remove the last traces of the program with the manufacturer's removal tool.  ESET maintains a list of download links for removal tools for popular antivirus programs like Bitdefender, Trend Micro, Webroot, etc. at http://kb.eset.com/kb146/. When antivirus programs are uninstalled from the Control Panel (Programs | Programs and Features) they can leave behind several orphaned files and registry entries that can conflict with your "new" antivirus program and cause all sorts of glitches and unusual behaviour, so it's always best to run the manufacturer's removal tool to wipe the last remnants of your previous antivirus off your computer.
----------
32-bit Vista Home Premium SP2 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365

Kudos0

Re: Do all Paid for Norton Security Products Detect, Remove & Block the VirTool:Win32DefenderTamperingRestore Infection?

Yes, for sure I would in fact use the manufacturer's removal tool especially the newest automatic Antivirus Removal Tool from ESET that now claims quote: "The ESET AV Remover tool will remove almost any antivirus software previously installed on your system.  I personally use a program called REVO Uninstaller Free whenever I want to uninstall a Program or previously installed Security Software from my Computer.  This next time around, I will go ahead & run the newest automatic ESET AV Remover tool even after I still uninstall Security Software Programs using REVO Uninstaller Free.  Good point on that Norton Fighter25.  Thank-you.

Kudos0

Re: Do all Paid for Norton Security Products Detect, Remove & Block the VirTool:Win32DefenderTamperingRestore Infection?

Hi CFDempsey:

One final suggestion.  If you ever suspect that you have malware or a lower-risk PUP (a potentially unwanted program like a browser hijacker, toolbar or adware) on your system that was not detected by your antivirus, run a second-opinion Threat Scan with the free Malwarebytes scanner (available at https://www.malwarebytes.com/mwb-download/).  The current Malwarebytes Free v3.8.3-1.0.625 is compatible with Win 7 SP1 and higher; a legacy Malwarebytes v3.5.1-1.0.365 for Win XP and Vista is available <here>.  My post in BevStra's thread MyWay Search includes a few hints on how to install and configure Malwarebytes Free before your first scan.
----------
32-bit Vista Home Premium SP2 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365

This thread is closed from further comment. Please visit the forum to start a new thread.