公开(公告)号：US11368361B2

公开(公告)日：2022-06-21

申请号：US16893901

申请日：2020-06-05

申请人： MICROSOFT TECHNOLOGY LICENSING, LLC

发明人： Matthew Ronald Shadbolt ,  Michael Joseph Healy ,  Shweta Jha ,  Gokhan Ozhan ,  Adrian Mihail Marinescu ,  Alemeshet Yismaw Alemu ,  Karthik Selvaraj ,  Milind Amrutrao Pawar ,  Vladimir Soroka ,  Hayk Hovsepyan ,  Chaohong Ou ,  Patanjal Digant Vyas ,  David Torosyan

IPC分类号： H04L41/0803 ,  H04L9/08 ,  H04L9/40

摘要： A system and method for providing stringent tamper resistant protection against changes to key system security features. The tamper protection is configured such that any changes to the policy can only occur from a configuration manager console, thereby preventing local device admin users or other malicious actors from altering the setting. Thus, tamper protection locks the selected service and prevents security settings from being changed through third-party apps and methods. When a system administrator enables the feature for an enterprise's workstations, only administrators will be able to change the service settings across a company's computers. The tamper protection policy is digitally signed in the backend before being deployed to endpoints, and the endpoint verifies the validity and intent of the policy, establishing that it is a signed package that only security operations personnel with the necessary administrator rights can control.