- Tamper Protection can be enabled per-group in the EDR Console > Sensors > Edit Group Settings > Advanced. Modify the Tamper Protection Level to Protection, Detection or Disable.
- No performance impact on the endpoints.
- In Protect mode the following files are protected:
* Starting/stopping the CB Windows sensor services
* Modifying the C:\Windows\CarbonBlack files; Users have no access
* Modifying C:\Windows\system32\drivers\cbk7.sys and cbstream.sys
* Modifying C:\Program Files (x86)\CarbonBlack\CbEDRAMSI.dll
* Modifying C:\Program Files\CarbonBlack\CbEDRAMSI.dll
* Modifying CarbonBlack registry keys