The UEFI scanner is a new feature that is built into the Microsoft Defender Antivirus for Windows 10, and it’s capable of scanning the firmware filesystem and perform security assessments. Also, it includes insights from chipset manufacturers that further expands the Microsoft Defender ATP protection. The company explains that the Microsoft Defender ATP UEFI scanner works by interacting with motherboard chipset to read the firmware files at runtime, and to detect threats, the feature performs dynamic analysis using multiple components, including UEFI anti-rootkit that reaches the firmware through Serial Peripheral Interface (SPI). Full filesystem scanner to analyze content inside the firmware, and detection engine, which finds exploits and malicious behaviors. If an anomaly is detected, then it’ll be reported in the Windows Security app, under the “Virus & threat protection” section, inside the Protection history page. Information that you can use to investigate and respond to firmware attacks and suspicious activities on the firmware. In the case of Microsoft Defender ATP (enterprise) customers, the detections will appear as alerts in the Microsoft Defender Security Center. The new UEFI scanner is another component that Microsoft is making broadly available to help with the continued increase of hardware and firmware-level attacks, which usually compromise the boot flow that’s difficult to detect, posing a significant risk to devices and data. All content on this site is provided with no warranties, express or implied. Use any information at your own risk. Always backup of your device and files before making any changes. Privacy policy info.
