Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Scythe Mugen 5 Rev.C CPU Cooler review
be quiet Pure Loop 2 FX 280mm LCS review
HP FX900 1 TB NVMe Review
Scythe FUMA2 Rev.B CPU Cooler review
SK Hynix Platinum P41 2TB M.2 NVMe SSD Review
Corsair K70 RGB PRO Mini Wireless review
MSI MPG A1000G - 1000W PSU Review
Goodram IRDM PRO M.2 SSD 2 TB NVMe SSD Review
Samsung T7 Shield Portable 1TB USB SSD review
DeepCool LS720 (LCS) review

New Downloads
AMD Radeon Software Adrenalin 22.8.1 driver download
Prime95 download version 30.8 build 16
Memtest86 9.5 download
Intel ARC graphics Driver Download Version: 30.0.101.1743
GeForce 516.94 WHQL driver download
Display Driver Uninstaller Download version 18.0.5.4
FurMark Download v1.31
Intel HD graphics Driver Download Version: 31.0.101.3222
AMD Radeon Software Adrenalin 22.7.1 driver download
GeForce 516.93 WHQL Studio driver download


New Forum Topics
NVIDIA GeForce 516.94 WHQL driver download & Discussion Slow SSD write speed JPR estimates Intel GPU unit losses at $3.5 billion, suggests selling it New DLSS DLL 2.3.9 shows little to no ghosting?! Any difference between PC vs UHD/HD/SD in resolution setting ? AMD Software: Adrenalin Edition 22.8.1- Driver download and discussion Games stutter problem [3rd-Party Driver] Amernime Zone Radeon Release Nemesis 22.6.1 WHQL DriverPack (22.7.1 pending ...) Info Zone - gEngines, Ray Tracing, DLSS, DLAA, TSR, FSR, XeSS, DLDSR etc. Samsung Galaxy Z Flip4 and Galaxy Z Fold4: Starting at 1800 USD




Guru3D.com » News » UEFI scanner brings Microsoft Defender ATP protection to a new level

UEFI scanner brings Microsoft Defender ATP protection to a new level

by Hilbert Hagedoorn on: 06/18/2020 08:12 AM | source: | 16 comment(s)
UEFI scanner brings Microsoft Defender ATP protection to a new level

Let's face it, UEFI, in your BIOS is a little operating system on its own, completely unprotected. Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) is extending its protection capabilities to the firmware level with a new Unified Extensible Firmware Interface (UEFI) scanner.

The Unified Extensible Firmware Interface (UEFI) is a replacement for legacy BIOS. If the chipset is configured correctly (UEFI & chipset configuration itself) and secure boot is enabled, the firmware is reasonably secure. To perform a hardware-based attack, attackers exploit a vulnerable firmware or a misconfigured machine to deploy a rootkit, which allows attackers to gain foothold on the machine.

Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutions made persistence and detection evasion on the operating system more difficult. Attackers compromise the boot flow to achieve low-level malware behavior that’s hard to detect, posing a significant risk to an organization’s security posture.

Windows Defender System Guard helps defend against firmware attacks by providing guarantees for secure boot through hardware-backed security features like hypervisor-level attestation and Secure Launch, also known as Dynamic Root of Trust (DRTM), which are enabled by default in Secured-core PCs. The new UEFI scan engine in Microsoft Defender ATP expands on these protections by making firmware scanning broadly available. 

 

 

The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the unique ability to scan inside of the firmware filesystem and perform security assessment. It integrates insights from our partner chipset manufacturers and further expands the comprehensive endpoint protection provided by Microsoft Defender ATP.

The new UEFI scanner reads the firmware file system at runtime by interacting with the motherboard chipset. To detect threats, it performs dynamic analysis using multiple new solution components that include:

  • UEFI anti-rootkit, which reaches the firmware through Serial Peripheral Interface (SPI)
  • Full filesystem scanner, which analyzes content inside the firmware
  • Detection engine, which identifies exploits and malicious behaviors

Firmware scanning is orchestrated by runtime events like suspicious driver load and through periodic system scans. Detections are reported in Windows Security, under Protection history. 

Microsoft Defender ATP customers will also see these detections raised as alerts in Microsoft Defender Security Center, empowering security operations teams to investigate and respond to firmware attacks and suspicious activities at the firmware level in their environments. 

To detect unknown threats in SPI flash, signals from the UEFI scanner are analyzed to identify anomalies and where they have been executed. Anomalies are reported to the Microsoft Defender Security Center for investigation. Thanks, Watcher for the news submit.



UEFI scanner brings Microsoft Defender ATP protection to a new level




« AMD Ryzen ZEN3 architecture not delayed, still to be released in 2020 says AMD · UEFI scanner brings Microsoft Defender ATP protection to a new level · ViewSonic Launches New Line of 4K Premium Wireless Presentation Displays »

4 pages 1 2 3 4


asturur
Senior Member



Posts: 1220
Joined: 2010-05-12

#5800825 Posted on: 06/18/2020 09:37 AM
Remember me, why did we need UEFI? what was wrong with old BIOS + USB upgrades only?

Apart this, i really do not know if i like the idea of windows with its history of bugs and security flaw having access to my firmware.
I would love the idea that while i go near to the metal, the upper layer of software is hosted, but cannot really touch or look anything apart from what the UEFI wants to expose.

Similarly how applications cannot really delete system files and code in the browser cannot really delete applications.

sverek
Senior Member



Posts: 6073
Joined: 2011-01-02

#5800826 Posted on: 06/18/2020 09:40 AM
When Windows Update fails, it will bring your hardware with it :D

Noisiv
Senior Member



Posts: 8187
Joined: 2010-11-16

#5800874 Posted on: 06/18/2020 01:35 PM
Good Luck!

https://wikileaks.org/ciav7p1/

mbk1969
Senior Member



Posts: 12621
Joined: 2013-01-17

#5800876 Posted on: 06/18/2020 01:39 PM
Remember me, why did we need UEFI? what was wrong with old BIOS + USB upgrades only?


16 bit code, 1MB memory space to execute, bootable drives only lower than 2.1 TB.

Now we have 64 bit code both in UEFI BIOS and in OS, we have UEFI shell (not used that widely but I am sure some do use it), we have unified BIOS modules (hence the UBU Tool), we have USB upgrades plus upgrades right in BIOS from NTFS partitions.

I_Eat_You_Alive
Senior Member



Posts: 108
Joined: 2019-06-08

#5800892 Posted on: 06/18/2020 02:42 PM
I like the idea behind this. But not if Microsoft is implementing it. They can barely get normal bog standard updates working each month. If someone like BitDefender, ESET, or Kaspersky integrated this into their software suites I would feel far more at ease with it. I personally do not use secure boot as I want the option of hitting DEL during startup and get into the BIOS to do what ever I need to do and if something goes wrong in the OS it makes it infinitely easier to correct it. The whole idea of having to load into windows to then reboot and get into to the BIOS is just ludicrous to me. I rarely ever turn on UEFI as I just do not trust the man behind the curtain (yes all modern boards are fully UEFI under the hood but it tones down what it can get it's grubby little hands into); the real world difference between a legacy boot and a UEFI boot on modern SSD machines is about 5-6 seconds, fine by me. Once you are in windows you cannot tell the difference between legacy and UEFI anyway as it switches over to side-channel addressing anyway to the BIOS. I take that reduction in security at face value. I personally use BitDefender on all of my internet facing devices as it works best for me and what I do. I would be interested to see this added to their security suites.

4 pages 1 2 3 4


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022