The new feature can be enabled from within the Windows Security app under a new toggle simply called 'Tamper Protection'.
The feature stops malware from changing core settings such as real-time protection, a feature that Microsoft says "should rarely, if ever, be disabled".
There are numerous examples of malware attempting to evade detection by neutralizing a computer's security guard, such as the DoubleAgent malware that exploited a Windows developer feature to turn off Avast, AVG, Avira, Bitdefender, Trend Micro, Comodo, ESET, F-Secure, Kaspersky, Malwarebytes, McAfee, Panda, and Norton.
The Defender ATP tamper protection also stops malware from disabling Microsoft's cloud-based malware detection and preventing services that help block zero-day malware, as well as a feature to detect dodgy files from the internet. And malware will not be able to delete security intelligence updates once the setting has been enabled.
While Microsoft Defender ATP is an enterprise product, tamper protection will be available to Windows home users and it will be enabled by default.
Enterprise customers meanwhile will need to opt in to tamper protection, and admins can manage the feature through the Intune management console. To prevent malware and malicious insiders from disabling the setting, end users in the enterprise will not be able to change the setting.