Microsoft Defender for Business Gets Uefi Malware Detection Capability

Spread the love

The business variant of Microsoft Defender can now also detect uefi malware. Defender Advanced Threat Protection changes the System Guard feature for this. As a result, firmware attacks can be prevented by, among other things, guaranteeing secure boots.

Microsoft is implementing the changes in Defender Advanced Threat Protection, the paid enterprise variant of Windows 10’s standard security software. It will include a scanner that can detect rootkits and other malware in the Unified Extensible Firmware Interface.

Microsoft does this by adding hardware-backed security, among other things. This is done, among other things, via runtime attestation, which has been in Defender since 2018, and Dynamic Root of Trust. For this, users must have certain hardware such as a Secured Core system.

In addition, Defender ATP scans the entire file system, including files within the uefi firmware. The scanner also checks the firmware via the Serial Peripheral Interface. The new scanner periodically checks for suspicious actions in the firmware, but also gives notifications if, for example, an unexpected driver is loaded.

Microsoft says it has seen more and more sophisticated hacks in recent years where the malware is loaded at the firmware level. Such malware is persistent and thus remains on the system after a reboot or even a reset, and is often more difficult for security software to find.

You might also like