Man, the Microsoft Defender team takes no prisoners! As you would expect from the folks that handle security for the company’s products, they quietly develop and roll out exceptional new features.
Features like this UEFI scanner, which is coming to Microsoft Defender Advanced Threat Protection.
Microsoft’s security application has picked up this new security layer that can now detect malware injected in firmware, and protect devices running Windows 10.
The software titan unveiled this expansion of the protection capabilities of Microsoft Defender ATP to the firmware level, highlighting how the new UEFI scanner interacts with the motherboard chipset by reading the firmware file system at runtime:
“The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the unique ability to scan inside of the firmware filesystem and perform security assessment. It integrates insights from our partner chipset manufacturers and further expands the comprehensive endpoint protection provided by Microsoft Defender ATP.”
This new addition will help enterprise users detect and respond to these new kind of security threats.
And in terms of capabilities, the UEFI scanner uses a number of new solution components including a UEFI anti-rootkit, full filesystem scanner, and detecting engine. These combine to perform dynamic analysis for threat detection, so no malware passes through and resides at firmware-level on a system.
Moreover, security operations teams at an organization can hunt for these threats with the help of the advanced hunting capabilities in Microsoft Defender ATP.
Overall, a welcome improvement for companies using Microsoft Defender ATP, and should definitely beef up the company’s efforts to protect its enterprise customers.
It’s a natural evolution of the security improvements for the solution, with the software titan promising that more such updates are on their way.