Microsoft Defender ATP gets new UEFI scanner

Rabia Noureen

Microsoft Defender Advanced Threat Protection, Microsoft’s preventive technology designed to help enterprise users detect and respond to security threats, is getting a new UEFI scanner to protect against hardware attacks. In a blog post today, Microsoft announced that it’s expanding the protection capabilities of Microsoft Defender ATP to the firmware level by introducing a new Unified Extensible Firmware Interface (UEFI) scanner.

The new UEFI scanner basically interacts with the motherboard chipset by reading the firmware file system at runtime. “The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the unique ability to scan inside of the firmware filesystem and perform security assessment. It integrates insights from our partner chipset manufacturers and further expands the comprehensive endpoint protection provided by Microsoft Defender ATP,” explained the Microsoft Defender ATP Team.

According to Microsoft, the UEFI scanner uses various new solution components including the UEFI anti-rootkit, full filesystem scanner, and detection engine in order to perform dynamic analysis for threat detection. Microsoft Defender ATP customers will get the threat detection alerts in the Microsoft Defender Security Center, and they can then analyze them to respond to suspicious activities at the firmware level in their organizational environments. Moreover, your security operations teams can hunt for these threats with the help of the advanced hunting capabilities in Microsoft Defender ATP.

Overall, this is a welcoming change for companies using Windows Defender ATP, and it should beef up Microsoft’s efforts to protect its enterprise customers. “With its UEFI scanner, Microsoft Defender ATP gets even richer visibility into threats at the firmware level, where attackers have been increasingly focusing their efforts on,” said the Microsoft Defender ATP Team today. “Security operations teams can use this new level of visibility, along with the rich set of detection and response capabilities in Microsoft Defender ATP, to investigate and contain such advanced attacks.”