Defender ATP is extending its Protection Capabilities to the Firmware level with a new UEFI scanner

[ForgottenSeer 85179]

Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) is extending its protection capabilities to the firmware level with a new Unified Extensible Firmware Interface (UEFI) scanner.

Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutions made persistence and detection evasion on the operating system more difficult. Attackers compromise the boot flow to achieve low-level malware behavior that’s hard to detect, posing a significant risk to an organization’s security posture.

Windows Defender System Guard helps defend against firmware attacks by providing guarantees for secure boot through hardware-backed security features like hypervisor-level attestation and Secure Launch, also known as Dynamic Root of Trust (DRTM), which are enabled by default in Secured-core PCs. The new UEFI scan engine in Microsoft Defender ATP expands on these protections by making firmware scanning broadly available.

The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the unique ability to scan inside of the firmware filesystem and perform security assessment. It integrates insights from our partner chipset manufacturers and further expands the comprehensive endpoint protection provided by Microsoft Defender ATP.

Read more (and detailed) on source

UEFI scanner brings Microsoft Defender ATP protection to a new level | Microsoft Security Blog

The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the ability to scan inside of the firmware filesystem and perform security assessment.

www.microsoft.com

 

[SeriousHoax]

WD already has a seperate tool named Microsoft Defender offline scan which can scan and detect malwares in UEFI before computer startup I I think.
But does this article mean that, WD after this update, will be able to do so by itself without any additional tools?

Firmware scanning is orchestrated by runtime events like suspicious driver load and through periodic system scans. Detections are reported in Windows Security, under Protection history.

Bitdefender, Kaspersky, ESET, Norton Power Eraser, etc can detect UEFI malwares I believe. (ESET can only detect, can't remove). But Microsoft's integration should be even better.

 

[CyberTech]

A Closer Look at the UEFI Scanner Coming to the Windows 10 Antivirus

https://news.softpedia.com/news/a-closer-look-at-the-uefi-scanner-coming-to-the-windows-10-antivirus-530289.shtml

 

[Vitali Ortzi]

Does this feature require ATP subscription ?

 

[Ink]

Does this feature require ATP subscription ?

Most likely, it's a new feature for ATP customers, and ATP is targeted at Enterprise.

 

[Vitali Ortzi]

Most likely, it's a new feature for ATP customers, and ATP is targeted at Enterprise.

What a shame .
All the useful and interesting features are in ATP.
Why is ATP is so expansive more expansive then a many endpoint products.

 

[Ink]

Might be of some use, via CSP

Microsoft Defender For Endpoint Standalone is Now Available! (Formerly MD ATP)

Note: Microsoft Defender Advanced Threat Protection (MD ATP) Is Now Defender For Endpoint Update: As of August 2021, MDE P1 is also available bundled in Microsoft 365 E3/A3. Only two years overdue, Microsoft Defender for Endpoint standalone is now available! Since announcing Microsoft Defender...

www.infusedinnovations.com

 

[SeriousHoax]

Does this feature require ATP subscription ?

I think it doesn't. Windows Defender is going to have this feature as well.

The UEFI scanner is a new component of the built-in antivirus solution on Windows 10

There's also a Windows Security screenshot in the article.
But looks like it'll just detect only not remove. There's no mention of deleting malwares in UEFI in the article, only scanning and detect.

 

[CyberTech]

The new Microsoft Defender Advanced Threat Protection (ATP) Web Content Filtering feature will be provided for free to all enterprise customers without the need for an additional partner license.

Web Content Filtering is part of Microsoft Defender ATP's Web protection capabilities and it allows security admins to design and deploy custom web usage policies across their entire organizations, making it simple to track and control access to websites based on their content category.

The feature is available on all major web browsers, with blocks performed by Network Protection (on Chrome and Firefox) and SmartScreen (on Edge).

Following feedback from customers during the public preview announced in late January, Microsoft has decided to offer web content filtering "as part of Microsoft Defender ATP without any additional partner licensing."

"Now you get the benefits of web content filtering without the need for additional agents, hardware, and costs," Microsoft today announced in a blog post.

Microsoft Defender ATP web content filtering is now free

The new Microsoft Defender Advanced Threat Protection (ATP) Web Content Filtering feature will be provided for free to all enterprise customers without the need for an additional partner license.

www.bleepingcomputer.com

 

[Vitali Ortzi]

Microsoft Defender ATP web content filtering is now free

The new Microsoft Defender Advanced Threat Protection (ATP) Web Content Filtering feature will be provided for free to all enterprise customers without the need for an additional partner license.

www.bleepingcomputer.com

Will this be possible to deploy on a home / pro license ?
And how to enable this feature?

 

[CyberTech]

Will this be possible to deploy on a home / pro license ?

For more information

Minimum requirements for Microsoft Defender for Endpoint - Microsoft Defender for Endpoint

Understand the licensing requirements and requirements for onboarding devices to the service

docs.microsoft.com

And how to enable this feature?

You have to do this it's not easy and this is trial...

Microsoft Defender for Endpoint | Microsoft Security

Microsoft Defender for Endpoint helps stop attacks, scales endpoint security resources, and evolves defenses. Learn more about cloud-powered endpoint protection.

www.microsoft.com

 

[Vitali Ortzi]

For more information

Minimum requirements for Microsoft Defender for Endpoint - Microsoft Defender for Endpoint

Understand the licensing requirements and requirements for onboarding devices to the service

docs.microsoft.com

You have to do this it's not easy and this is trial...

Microsoft Defender for Endpoint | Microsoft Security

Microsoft Defender for Endpoint helps stop attacks, scales endpoint security resources, and evolves defenses. Learn more about cloud-powered endpoint protection.

www.microsoft.com

Oh so it's included an an ATP license but requires one to have this feature .
If ATP wasn't this expansive I would actually might replace it with my exiting solution but current offering isn't in my budget realm

 

[CyberTech]

Microsoft today announced that Advanced Threat Protection (ATP) for Azure Storage now also allows customers to protect data stored in Azure Files file shares and Azure Data Lake Storage Gen2 API data stores.

ATP for Azure Storage is designed as an additional security intelligence layer to help detect malware uploaded to cloud storage accounts, access from suspicious sources (including but not limited to TOR exit nodes), and potentially harmful data exfiltration activities.

"Today we’re excited to announce the preview of extending advanced threat protection for Azure Storage to support Azure Files and Azure Data Lake Storage Gen2 API, helping our customers to protect their data stored in file shares and data stores designed for enterprise big data analytics," Azure Security Center Product Manager Hasan Abo-Shally said.

Microsoft extends security for Azure Storage file shares, data lakes

Microsoft today announced that advanced threat protection for Azure Storage now also allows customers to protect data stored in Azure Files file shares and Azure Data Lake Storage Gen2 API data stores.

www.bleepingcomputer.com

 

[brigantes]

Oh so it's included an an ATP license but requires one to have this feature .
If ATP wasn't this expansive I would actually might replace it with my exiting solution but current offering isn't in my budget realm

Microsoft Defender ATP is not available to consumers, even if they are willing to pay. It is sold only to enterprises with volume license agreements.

 

[Vitali Ortzi]

Microsoft Defender ATP is not available to consumers, even if they are willing to pay. It is sold only to enterprises with volume license agreements.

Yeah I thought you didn't need ATP for this feature XD

But the pricing is insane compared with other Enterprise security offerings anyway.

 

[CyberTech]

Microsoft is working on a new Office 365 Advanced Threat Protection (ATP) feature which will make it easy to determine your security policies settings' effectiveness when compared to recommended settings.

The new feature, named Configuration Analyzer, "will be a place for you to compare your policies settings against the Recommended settings for EOP and Office 365 ATP security," according to Microsoft.

"Config Analyzer will measure your current policy settings against either the Standard or the Strict recommendations."

Rolling out next month

Office 365 security administrators will also be able to use the new tool to access a setting changes history area that will make it easy to evaluate how policy changes affected their environment.

At the moment, Office 365 comes with two levels of recommended settings, Standard and Strict, for Exchange Online Protection (EOP) and Office 365 ATP security.

The two security levels are designed to provide different anti-spam, anti-malware, and anti-phishing configurations for blocking malicious emails from reaching the users' mailboxes, depending on each customer's needs and environment.

Microsoft has been working on the Office 365 recommended security profiles since November 2019 and has estimated that rollout will start during Q3 2020.

The Configuration Analyzer feature, newly introduced on the Microsoft 365 roadmap, is set for an August 2020 worldwide roll-out.

Office 365 adds new security configuration analysis feature

Microsoft is working on a new Office 365 Advanced Threat Protection (ATP) feature which will make it easy to determine your security policies settings' effectiveness when compared to recommended settings.

www.bleepingcomputer.com