In a blog post, Microsoft describes the UEFI scanner has a tool that can scan firmware filesystems while performing security checks. Now part of Microsoft Defender ATP, the scanner will be a built-in part of Windows 10. “Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutions made persistence and detection evasion on the operating system more difficult. Attackers compromise the boot flow to achieve low-level malware behavior that’s hard to detect, posing a significant risk to an organization’s security posture.” Microsoft points out the tool was created with help from partner chipset manufacturers. It is designed to build upon existing endpoint protection tools on Microsoft Defender ATP.
Boosting Capabilities
The service already has Windows Defender System Security guard to protect Windows 10 through secure boot features. This tool helps users to avoid firmware attacks. By combining the UEFI scanner with System Guard, Microsoft says Defender ATP can add even more secure boot protection. Some of the fundamental components of the new scanner include:
“UEFI anti-rootkit, which reaches the firmware through Serial Peripheral Interface (SPI) Full filesystem scanner, which analyzes content inside the firmware Detection engine, which identifies exploits and malicious behaviors”
When issues are found, Microsoft Defender ATP will surface them in Windows Security. Users can locate these notifications through the Settings app, Windows Security, and then Protection history. Furthermore, alerts will also be added to Microsoft Defender Security Center.