@wdormann @GossiTheDog @deepthoughts10 Tamper Protection usually implements anti-debugging so you won't be able to attach a debugger even to the low-priv UI process of the AV. This is not normally a security boundary so there are of course bypasses, what you just showed basically goes back to having a UAC bypass + admin account.