Friday, June 19th 2020

Microsoft Extends its ATP Defender Protection to UEFI BIOS With UEFI Scanner

Microsoft has announced an extension to the Windows Defender System Guard which will allow it to also verify and guarantee integryity of systems at a UEFI BIOS level. Citing an increase in hardware and firmware-level attacks over the years, the extended protection functionality aims to guarantee protection across the entire hierarchy of a device, from firmware up through to cloud processing.

The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the unique ability to scan inside of the firmware filesystem and perform security assessment. Working in conjunction with your systems' chipset, the UEFI scanner features a three-pronged solution to firmware security: UEFI anti-rootkit, which reaches the firmware through Serial Peripheral Interface (SPI); Full filesystem scanner, which analyzes content inside the firmware; and a Detection engine, which identifies exploits and malicious behaviors.
This new tool aims to increase odds of detection for devices whose boot has already been compromised by rootkits or other kind of malware acting at the firmware level. The idea is to keep your boot flow secure and trustworthy, something that will almost certainly be rendered impossible by a rootkit messing with OS and software protection privileges to keep escalating their control over your machine.
Source: Microsoft
Add your own comment

25 Comments on Microsoft Extends its ATP Defender Protection to UEFI BIOS With UEFI Scanner

#1
stimpy88
And how do we get this?

A specific version of Windows 10?

An automatic update for all versions of Windows 10?

A separate download?

And when do we get this?
Posted on Reply
#2
T3RM1N4L D0GM4
Actually, you need Microsoft 365 A5 subscription to enable ATP capabilities and the Microsoft Defender Security Center portal...
Posted on Reply
#3
Caring1
Sure, we'll just give Microsoft full access and control over our systems right down to Bios level. :kookoo:
Posted on Reply
#5
laszlo
just wonder how the scanner can recognize a hacked signed firmware ...
Posted on Reply
#6
er557
i hope it does not detect OC tweaks such as xeon turbo uefi hack, which loads via efi command each boot
Posted on Reply
#7
Solaris17
Super Dainty Moderator
stimpy88And how do we get this?

A specific version of Windows 10?

An automatic update for all versions of Windows 10?

A separate download?

And when do we get this?
This is enterprise stuff. You might be able to get past the business requirements but you will pay out the nose for licensing.
Posted on Reply
#8
Cheeseball
Not a Potato
Hey this actually works with Intune within Azure too. You can monitor company laptops now.
Posted on Reply
#9
Solaris17
Super Dainty Moderator
CheeseballHey this actually works with Intune within Azure too. You can monitor company laptops now.
yes was actually happy to see the panel isn’t terrible either. If we weren’t getting such a deep discount on our current offering I’d be tempted to switch to be honest.
Posted on Reply
#10
Ashtr1x
Microshaft can now scan our BIOS firmware ? and we want to keep that garbage ? lol. Nope Win10 is already a piece of crap with bugs always thrown into the wild and release a crappy patch tuesday while enterprise users get a polished and stable options with all customized WaaS garbage - Windows as a Service. M$ is just absuing their monopoly nowadays, made Office as a Service, OS as a service and their game studios is literal trash tier garbage, ruined Gears of War with some political garbage shoe horned for representation and massive departure of art style and still no release on PC, their Halo MCC is full of bugs and garbage issues. No hope for this but they will always have thier stock at top because of monopoly and successful subversion of people thinking M$ does for their best.
Posted on Reply
#11
mcraygsx
Caring1Sure, we'll just give Microsoft full access and control over our systems right down to Bios level. :kookoo:
Very well said and Microsoft has deep roots that are connected to foreign government aka India.
Posted on Reply
#12
Gmr_Chick
How come every Microsoft article on here devolves into the usual "Microsoft sucks!" crap? :rolleyes:
Posted on Reply
#13
zlobby
Because screw users paying $400 for genuine retail Win 10 Pro licenses, or God forbid - Pro for Workstations...
3 words - fek you M$
Posted on Reply
#14
Cheeseball
Not a Potato
Solaris17yes was actually happy to see the panel isn’t terrible either. If we weren’t getting such a deep discount on our current offering I’d be tempted to switch to be honest.
Didn't Microsoft offer your company that "hefty" discount at the beginning of COVID? Our renewal was in February but they extended a bit and hit us with an offer we cannot refuse. :laugh: Way better than the trash GSuite that Google was attempting to deal to us. We have an internal Outlook add-in (or add-on according to Google) that we need to integrate for all faculty and staff members and they said its not possible to convert because they want us to conform to their "Build cards" thing. Our CIO obviously said no.
Posted on Reply
#15
lexluthermiester
T3RM1N4L D0GM4Actually, you need Microsoft 365 A5 subscription to enable ATP capabilities and the Microsoft Defender Security Center portal...
So not a lot of people are going to have to get it.
Posted on Reply
#16
GoldenX
Great, UEFI level botnet.
Posted on Reply
#17
R-T-B
GoldenXGreat, UEFI level botnet.
We've had those for a while.

I doubt this'll work without firmware integration anyways. It certainly won't be able to REMOVE any threats without help from the firmware vendor, so kinda pointless.

I sort of was one of the UEFI malware pioneers, if people recall. Dealt with a case a year or so ago. I know a thing or two and this is really just publicity horseshit.
laszlojust wonder how the scanner can recognize a hacked signed firmware ...
it's most likely just running signature checks and then saying "oh nos!" and leaving you to figure it out...
Posted on Reply
#18
GoldenX
R-T-BWe've had those for a while.

I doubt this'll work without firmware integration anyways. It certainly won't be able to REMOVE any threats without help from the firmware vendor, so kinda pointless.

I sort of was one of the UEFI malware pioneers, if people recall. Dealt with a case a year or so ago. I know a thing or two and this is really just publicity horseshit.



it's most likely just running signature checks and then saying "oh nos!" and leaving you to figure it out...
So basically, as useful as Windows Firewall.
Posted on Reply
#19
Flanker
Gmr_ChickHow come every Microsoft article on here devolves into the usual "Microsoft sucks!" crap? :rolleyes:
More like how every article here devolves into the usual "[Company/Organisation/Country] sucks!" crap
Posted on Reply
#20
R-T-B
FlankerMore like how every article here devolves into the usual "[Company/Organisation/Country] sucks!" crap
Microsoft sucking is practically an internet meme at this point though.

Not always a justified one but certainly a hard to defeat one.
Posted on Reply
#21
lexluthermiester
R-T-BI doubt this'll work without firmware integration anyways. It certainly won't be able to REMOVE any threats without help from the firmware vendor, so kinda pointless.
Pretty much this, yes.
FlankerMore like how every article here devolves into the usual "[Company/Organisation/Country] sucks!" crap
That happens everywhere. TPU is not the exclusive hotbed of complainers. Have you ever been on Reddit? 'Cause damn...
Posted on Reply
#22
Easo
Gmr_ChickHow come every Microsoft article on here devolves into the usual "Microsoft sucks!" crap? :rolleyes:
Not sure, but it always draws the tinfoil out, like this one below:
Ashtr1xMicroshaft can now scan our BIOS firmware ? and we want to keep that garbage ? lol. Nope Win10 is already a piece of crap with bugs always thrown into the wild and release a crappy patch tuesday while enterprise users get a polished and stable options with all customized WaaS garbage - Windows as a Service. M$ is just absuing their monopoly nowadays, made Office as a Service, OS as a service and their game studios is literal trash tier garbage, ruined Gears of War with some political garbage shoe horned for representation and massive departure of art style and still no release on PC, their Halo MCC is full of bugs and garbage issues. No hope for this but they will always have thier stock at top because of monopoly and successful subversion of people thinking M$ does for their best.
I could try to argue, but what is the point?
Posted on Reply
#23
R-T-B
If anyone wanted to actually formulate an argument, they could talk about how the UEFI spec is kinda bloated and sucks in that way... but then they'd really have to blame one of the sponsor companies (Intel is one IIRC) not Microsoft.
lexluthermiesterThat happens everywhere. TPU is not the exclusive hotbed of complainers.
For certain.
Posted on Reply
#24
zlobby
And how AGESA and the rest are proprietary blobs. I mean yeah, 'trade secrets' but we can never be sure.
Posted on Reply
#25
R-T-B
zlobbyAnd how AGESA and the rest are proprietary blobs. I mean yeah, 'trade secrets' but we can never be sure.
None of them are really that mystic to figure out if you use the right tools. They are just uefi modules, which is actually a fairly open spec.

The ME binary and psp binaries are pretty opaque though.
Posted on Reply
Add your own comment
Dec 22nd, 2024 07:31 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts