Microsoft Extends its ATP Defender Protection to UEFI BIOS With UEFI Scanner

Raevenlord · Jun 19, 2020

Microsoft has announced an extension to the Windows Defender System Guard which will allow it to also verify and guarantee integryity of systems at a UEFI BIOS level. Citing an increase in hardware and firmware-level attacks over the years, the extended protection functionality aims to guarantee protection across the entire hierarchy of a device, from firmware up through to cloud processing.

The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the unique ability to scan inside of the firmware filesystem and perform security assessment. Working in conjunction with your systems' chipset, the UEFI scanner features a three-pronged solution to firmware security: UEFI anti-rootkit, which reaches the firmware through Serial Peripheral Interface (SPI); Full filesystem scanner, which analyzes content inside the firmware; and a Detection engine, which identifies exploits and malicious behaviors.

This new tool aims to increase odds of detection for devices whose boot has already been compromised by rootkits or other kind of malware acting at the firmware level. The idea is to keep your boot flow secure and trustworthy, something that will almost certainly be rendered impossible by a rootkit messing with OS and software protection privileges to keep escalating their control over your machine.

View at TechPowerUp Main Site

stimpy88 · Jun 19, 2020

And how do we get this?

A specific version of Windows 10?

An automatic update for all versions of Windows 10?

A separate download?

And when do we get this?

T3RM1N4L D0GM4 · Jun 19, 2020

Actually, you need Microsoft 365 A5 subscription to enable ATP capabilities and the Microsoft Defender Security Center portal...

Caring1 · Jun 19, 2020

Sure, we'll just give Microsoft full access and control over our systems right down to Bios level. :kookoo:

_Flare · Jun 19, 2020

Start free trial

Microsoft Defender for Endpoint | Microsoft Security

Microsoft Defender for Endpoint helps stop attacks, scales endpoint security resources, and evolves defenses. Learn more about cloud-powered endpoint protection.

www.microsoft.com

laszlo · Jun 19, 2020

just wonder how the scanner can recognize a hacked signed firmware ...

er557 · Jun 19, 2020

i hope it does not detect OC tweaks such as xeon turbo uefi hack, which loads via efi command each boot

Solaris17 · Jun 19, 2020

stimpy88 said:
And how do we get this?

A specific version of Windows 10?

An automatic update for all versions of Windows 10?

A separate download?

And when do we get this?

This is enterprise stuff. You might be able to get past the business requirements but you will pay out the nose for licensing.

Cheeseball · Jun 19, 2020

Hey this actually works with Intune within Azure too. You can monitor company laptops now.

Solaris17 · Jun 19, 2020

Cheeseball said:
Hey this actually works with Intune within Azure too. You can monitor company laptops now.

yes was actually happy to see the panel isn’t terrible either. If we weren’t getting such a deep discount on our current offering I’d be tempted to switch to be honest.

Ashtr1x · Jun 19, 2020

Microshaft can now scan our BIOS firmware ? and we want to keep that garbage ? lol. Nope Win10 is already a piece of crap with bugs always thrown into the wild and release a crappy patch tuesday while enterprise users get a polished and stable options with all customized WaaS garbage - Windows as a Service. M$ is just absuing their monopoly nowadays, made Office as a Service, OS as a service and their game studios is literal trash tier garbage, ruined Gears of War with some political garbage shoe horned for representation and massive departure of art style and still no release on PC, their Halo MCC is full of bugs and garbage issues. No hope for this but they will always have thier stock at top because of monopoly and successful subversion of people thinking M$ does for their best.

mcraygsx · Jun 19, 2020

Caring1 said:
Sure, we'll just give Microsoft full access and control over our systems right down to Bios level.

Very well said and Microsoft has deep roots that are connected to foreign government aka India.

Gmr_Chick · Jun 20, 2020

How come every Microsoft article on here devolves into the usual "Microsoft sucks!" crap? :rolleyes:

zlobby · Jun 20, 2020

Because screw users paying $400 for genuine retail Win 10 Pro licenses, or God forbid - Pro for Workstations...
3 words - fek you M$

Cheeseball · Jun 20, 2020

Solaris17 said:
yes was actually happy to see the panel isn’t terrible either. If we weren’t getting such a deep discount on our current offering I’d be tempted to switch to be honest.

Didn't Microsoft offer your company that "hefty" discount at the beginning of COVID? Our renewal was in February but they extended a bit and hit us with an offer we cannot refuse. :laugh:

Way better than the trash GSuite that Google was attempting to deal to us. We have an internal Outlook add-in (or add-on according to Google) that we need to integrate for all faculty and staff members and they said its not possible to convert because they want us to conform to their "Build cards" thing. Our CIO obviously said no.

lexluthermiester · Jun 20, 2020

T3RM1N4L D0GM4 said:
Actually, you need Microsoft 365 A5 subscription to enable ATP capabilities and the Microsoft Defender Security Center portal...

So not a lot of people are going to have to get it.

GoldenX · Jun 20, 2020

Great, UEFI level botnet.

R-T-B · Jun 20, 2020

GoldenX said:
Great, UEFI level botnet.

We've had those for a while.

I doubt this'll work without firmware integration anyways. It certainly won't be able to REMOVE any threats without help from the firmware vendor, so kinda pointless.

I sort of was one of the UEFI malware pioneers, if people recall. Dealt with a case a year or so ago. I know a thing or two and this is really just publicity horseshit.

laszlo said:
just wonder how the scanner can recognize a hacked signed firmware ...

it's most likely just running signature checks and then saying "oh nos!" and leaving you to figure it out...

GoldenX · Jun 20, 2020

R-T-B said:
We've had those for a while.

I doubt this'll work without firmware integration anyways. It certainly won't be able to REMOVE any threats without help from the firmware vendor, so kinda pointless.

I sort of was one of the UEFI malware pioneers, if people recall. Dealt with a case a year or so ago. I know a thing or two and this is really just publicity horseshit.

it's most likely just running signature checks and then saying "oh nos!" and leaving you to figure it out...

So basically, as useful as Windows Firewall.

Flanker · Jun 20, 2020

Gmr_Chick said:
How come every Microsoft article on here devolves into the usual "Microsoft sucks!" crap?

More like how every article here devolves into the usual "[Company/Organisation/Country] sucks!" crap

R-T-B · Jun 20, 2020

Flanker said:
More like how every article here devolves into the usual "[Company/Organisation/Country] sucks!" crap

Microsoft sucking is practically an internet meme at this point though.

Not always a justified one but certainly a hard to defeat one.

lexluthermiester · Jun 20, 2020

R-T-B said:
I doubt this'll work without firmware integration anyways. It certainly won't be able to REMOVE any threats without help from the firmware vendor, so kinda pointless.

Pretty much this, yes.

Flanker said:
More like how every article here devolves into the usual "[Company/Organisation/Country] sucks!" crap

That happens everywhere. TPU is not the exclusive hotbed of complainers. Have you ever been on Reddit? 'Cause damn...

Easo · Jun 20, 2020

Gmr_Chick said:
How come every Microsoft article on here devolves into the usual "Microsoft sucks!" crap?

Not sure, but it always draws the tinfoil out, like this one below:

Ashtr1x said:
Microshaft can now scan our BIOS firmware ? and we want to keep that garbage ? lol. Nope Win10 is already a piece of crap with bugs always thrown into the wild and release a crappy patch tuesday while enterprise users get a polished and stable options with all customized WaaS garbage - Windows as a Service. M$ is just absuing their monopoly nowadays, made Office as a Service, OS as a service and their game studios is literal trash tier garbage, ruined Gears of War with some political garbage shoe horned for representation and massive departure of art style and still no release on PC, their Halo MCC is full of bugs and garbage issues. No hope for this but they will always have thier stock at top because of monopoly and successful subversion of people thinking M$ does for their best.

I could try to argue, but what is the point?

R-T-B · Jun 20, 2020

If anyone wanted to actually formulate an argument, they could talk about how the UEFI spec is kinda bloated and sucks in that way... but then they'd really have to blame one of the sponsor companies (Intel is one IIRC) not Microsoft.

lexluthermiester said:
That happens everywhere. TPU is not the exclusive hotbed of complainers.

For certain.

zlobby · Jun 20, 2020

And how AGESA and the rest are proprietary blobs. I mean yeah, 'trade secrets' but we can never be sure.

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

Processor	AMD Ryzen 9 5950X
Motherboard	Asus ROG Crosshair VIII Hero WiFi
Cooling	Arctic Liquid Freezer II 420
Memory	32Gb G-Skill Trident Z Neo @3806MHz C14
Video Card(s)	MSI GeForce RTX2070
Storage	Seagate FireCuda 530 1TB
Display(s)	Samsung G9 49" Curved Ultrawide
Case	Cooler Master Cosmos
Audio Device(s)	O2 USB Headphone AMP
Power Supply	Corsair HX850i
Mouse	Logitech G502
Keyboard	Cherry MX
Software	Windows 11

System Name	NERV
Processor	AMD Ryzen 5 2600X
Motherboard	ASROCK B450M Steel Legend
Cooling	Artic Freezer 33 One + 2x Akasa 140mm
Memory	2x8 Crucial Ballistix Sport 2993 MHz
Video Card(s)	KFA2 GeForce RTX 3060 Ti
Storage	Crucial Mx500 500GB + 1TB HDD
Display(s)	Samsung C34H892
Case	CM Masterbox Q300L
Audio Device(s)	ALC892 + Topping D30
Power Supply	Corsair RM650
Mouse	CM Mastermouse Lite S
Keyboard	Logitech G510
Software	Win 10 Pro x64
Benchmark Scores	No bech, only game!

System Name	Lenovo ThinkCentre
Processor	AMD 5650GE
Motherboard	Lenovo
Memory	32 GB DDR4
Display(s)	AOC 24" Freesync 1m.s. 75Hz
Mouse	Lenovo
Keyboard	Lenovo
Software	W11 Pro 64 bit

Processor	Ryzen 5600X
Video Card(s)	RTX 3050
Software	Win11

Microsoft Extends its ATP Defender Protection to UEFI BIOS With UEFI Scanner

Raevenlord

News Editor

stimpy88

T3RM1N4L D0GM4

Caring1

_Flare

Microsoft Defender for Endpoint | Microsoft Security

laszlo

er557

Solaris17

Super Dainty Moderator

Cheeseball

Not a Potato

Solaris17

Super Dainty Moderator

Ashtr1x

mcraygsx

Gmr_Chick

zlobby

Cheeseball

Not a Potato

lexluthermiester

GoldenX

R-T-B

GoldenX

Flanker

R-T-B

lexluthermiester

Easo

R-T-B

zlobby

System Name	2nd AMD puppy
Processor	FX-8350 vishera
Motherboard	Gigabyte GA-970A-UD3
Cooling	Cooler Master Hyper TX2
Memory	16 Gb DDR3:8GB Kingston HyperX Beast + 8Gb G.Skill Sniper(by courtesy of tabascosauz &TPU)
Video Card(s)	Sapphire RX 580 Nitro+;1450/2000 Mhz
Storage	SSD :840 pro 128 Gb;Iridium pro 240Gb ; HDD 2xWD-1Tb
Display(s)	Benq XL2730Z 144 Hz freesync
Case	NZXT 820 PHANTOM
Audio Device(s)	Audigy SE with Logitech Z-5500
Power Supply	Riotoro Enigma G2 850W
Mouse	Razer copperhead / Gamdias zeus (by courtesy of sneekypeet & TPU)
Keyboard	MS Sidewinder x4
Software	win10 64bit ltsc
Benchmark Scores	irrelevant for me

System Name	future xeon II
Processor	DUAL SOCKET xeon e5 2686 v3 , 36c/72t, hacked all cores @3.5ghz, TDP limit hacked
Motherboard	asrock rack ep2c612 ws
Cooling	case fans,liquid corsair h100iv2 x2
Memory	96 gb ddr4 2133mhz gskill+corsair
Video Card(s)	2x 1080 sc acx3 SLI, @STOCK
Storage	Hp ex950 2tb nvme+ adata xpg sx8200 pro 1tb nvme+ sata ssd's+ spinners
Display(s)	philips 40" bdm4065uc 4k @60
Case	silverstone temjin tj07-b
Audio Device(s)	sb Z
Power Supply	corsair hx1200i
Mouse	corsair m95 16 buttons
Keyboard	microsoft internet keyboard pro
Software	windows 10 x64 1903 ,enterprise
Benchmark Scores	fire strike ultra- 10k time spy- 15k cpu z- 400/15000

System Name	Rocinante
Processor	I9 14900KS
Motherboard	MSI MPG Z790I Edge WiFi Gaming
Cooling	be quiet! Pure Loop 240mm
Memory	64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s)	MSI SUPRIM Liquid X 4090
Storage	1x 500GB 980 Pro \| 1x 1TB 980 Pro \| 1x 8TB Corsair MP400
Display(s)	Odyssey OLED G9 (G95SC)
Case	LANCOOL 205M MESH Snow
Audio Device(s)	Moondrop S8's on schitt Modi+ & Valhalla 2
Power Supply	ASUS ROG Loki SFX-L 1000W
Mouse	Lamzu Atlantis mini (White)
Keyboard	Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD	Quest 3
Software	openSUSE Tumbleweed
Benchmark Scores	I dont have time for that.

System Name	Titan
Processor	AMD Ryzen™ 7 7950X3D
Motherboard	ASUS ROG Strix X670E-I Gaming WiFi
Cooling	ID-COOLING SE-207-XT Slim Snow
Memory	TEAMGROUP T-Force Delta RGB 2x16GB DDR5-6000 CL30
Video Card(s)	ASRock Radeon RX 7900 XTX 24 GB GDDR6 (MBA)
Storage	2TB Samsung 990 Pro NVMe
Display(s)	AOpen Fire Legend 24" (25XV2Q), Dough Spectrum One 27" (Glossy), LG C4 42" (OLED42C4PUA)
Case	ASUS Prime AP201 33L White
Audio Device(s)	Kanto Audio YU2 and SUB8 Desktop Speakers and Subwoofer, Cloud Alpha Wireless
Power Supply	Corsair SF1000L
Mouse	Logitech Pro Superlight (White), G303 Shroud Edition
Keyboard	Wooting 60HE / NuPhy Air75 v2
VR HMD	Occulus Quest 2 128GB
Software	Windows 11 Pro 64-bit 23H2 Build 22631.3447

Processor	Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard	Asus Maximus IX Code
Cooling	Corsair Hydro H115i Platinum
Memory	48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s)	nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage	Intel 760p 2280 2TB
Display(s)	MSI Optix MPG27CQ Black 27" 1ms 144hz
Case	Thermaltake View 71
Power Supply	EVGA SuperNova 1000 Platinum2
Mouse	Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software	Windows 10 Enterprise 1803
Benchmark Scores	Yes I am Intel fanboy that is my benchmark score.

System Name	The Captain (2.0)
Processor	Ryzen 7 7700X
Motherboard	Gigabyte X670E AORUS Master
Cooling	280mm Arctic Liquid Freezer II, 4x Be Quiet! 140mm Silent Wings 4 (1x exhaust 3x intake)
Memory	32GB (2x16) G.Skill Trident Z5 Neo (6000Mhz)
Video Card(s)	MSI GeForce RTX 3070 SUPRIM X
Storage	1x Crucial MX500 500GB SSD; 1x Crucial MX500 500GB M.2 SSD; 1x WD Blue HDD, 1x Crucial P5 Plus
Display(s)	Aorus CV27F 27" 1080p 165Hz
Case	Phanteks Evolv X (Anthracite Gray)
Power Supply	Corsair RMx (2021) 1000W 80-Plus Gold
Mouse	Varies based on mood/task; is currently Razer Basilisk V3 Pro or Razer Cobra Pro
Keyboard	Varies based on mood; currently Razer Blackwidow V4 75% and Hyper X Alloy 65

System Name	Ciel
Processor	AMD Ryzen R5 5600X
Motherboard	Asus Tuf Gaming B550 Plus
Cooling	ID-Cooling 224-XT Basic
Memory	2x 16GB Kingston Fury 3600MHz@3933MHz
Video Card(s)	Gainward Ghost 3060 Ti 8GB + Sapphire Pulse RX 6600 8GB
Storage	NVMe Kingston KC3000 2TB + NVMe Toshiba KBG40ZNT256G + HDD WD 4TB
Display(s)	AOC Q27G3XMN + Samsung S22F350
Case	Cougar MX410 Mesh-G
Audio Device(s)	Kingston HyperX Cloud Stinger Core 7.1 Wireless PC
Power Supply	Aerocool KCAS-500W
Mouse	EVGA X15
Keyboard	VSG Alnilam
Software	Windows 11

System Name	Pioneer
Processor	Ryzen R9 7950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64 / Windows 11 Enterprise IoT 2024

Processor	Intel Core i5 8400
Motherboard	Gigabyte Z370N-Wifi
Cooling	Silverstone AR05
Memory	Micron Crucial 16GB DDR4-2400
Video Card(s)	Gigabyte GTX1080 G1 Gaming 8G
Storage	Micron Crucial MX300 275GB
Display(s)	Dell U2415
Case	Silverstone RVZ02B
Power Supply	Silverstone SSR-SX550
Keyboard	Ducky One Red Switch
Software	Windows 10 Pro 1909

System Name	Personal \\ Work - HP EliteBook 840 G6
Processor	7700X \\ i7-8565U
Motherboard	Asrock X670E PG Lightning
Cooling	Noctua DH-15
Memory	G.SKILL Trident Z5 RGB Black 32GB 6000MHz CL36 \\ 16GB DDR4-2400
Video Card(s)	ASUS RoG Strix 1070 Ti \\ Intel UHD Graphics 620
Storage	2x KC3000 2TB, Samsung 970 EVO 512GB \\ OEM 256GB NVMe SSD
Display(s)	BenQ XL2411Z \\ FullHD + 2x HP Z24i external screens via docking station
Case	Fractal Design Define Arc Midi R2 with window
Audio Device(s)	Realtek ALC1150 with Logitech Z533
Power Supply	Corsair AX860i
Mouse	Logitech G502
Keyboard	Corsair K55 RGB PRO
Software	Windows 11 \\ Windows 10