Defender ATP is extending its Protection Capabilities to the Firmware level with a new UEFI scanner

  • Thread starter ForgottenSeer 85179
  • Start date
F

ForgottenSeer 85179

Thread author
Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) is extending its protection capabilities to the firmware level with a new Unified Extensible Firmware Interface (UEFI) scanner.

Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutions made persistence and detection evasion on the operating system more difficult. Attackers compromise the boot flow to achieve low-level malware behavior that’s hard to detect, posing a significant risk to an organization’s security posture.

Windows Defender System Guard helps defend against firmware attacks by providing guarantees for secure boot through hardware-backed security features like hypervisor-level attestation and Secure Launch, also known as Dynamic Root of Trust (DRTM), which are enabled by default in Secured-core PCs. The new UEFI scan engine in Microsoft Defender ATP expands on these protections by making firmware scanning broadly available.

The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the unique ability to scan inside of the firmware filesystem and perform security assessment. It integrates insights from our partner chipset manufacturers and further expands the comprehensive endpoint protection provided by Microsoft Defender ATP.

Read more (and detailed) on source
 
Last edited by a moderator:

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
WD already has a seperate tool named Microsoft Defender offline scan which can scan and detect malwares in UEFI before computer startup I I think.
But does this article mean that, WD after this update, will be able to do so by itself without any additional tools?
Firmware scanning is orchestrated by runtime events like suspicious driver load and through periodic system scans. Detections are reported in Windows Security, under Protection history.
Bitdefender, Kaspersky, ESET, Norton Power Eraser, etc can detect UEFI malwares I believe. (ESET can only detect, can't remove). But Microsoft's integration should be even better.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Does this feature require ATP subscription ?
I think it doesn't. Windows Defender is going to have this feature as well.
The UEFI scanner is a new component of the built-in antivirus solution on Windows 10
There's also a Windows Security screenshot in the article.
But looks like it'll just detect only not remove. There's no mention of deleting malwares in UEFI in the article, only scanning and detect.
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
The new Microsoft Defender Advanced Threat Protection (ATP) Web Content Filtering feature will be provided for free to all enterprise customers without the need for an additional partner license.

Web Content Filtering is part of Microsoft Defender ATP's Web protection capabilities and it allows security admins to design and deploy custom web usage policies across their entire organizations, making it simple to track and control access to websites based on their content category.

The feature is available on all major web browsers, with blocks performed by Network Protection (on Chrome and Firefox) and SmartScreen (on Edge).

Following feedback from customers during the public preview announced in late January, Microsoft has decided to offer web content filtering "as part of Microsoft Defender ATP without any additional partner licensing."

"Now you get the benefits of web content filtering without the need for additional agents, hardware, and costs," Microsoft today announced in a blog post.

 

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Will this be possible to deploy on a home / pro license ?

For more information

And how to enable this feature?

You have to do this it's not easy and this is trial...
 

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
For more information



You have to do this it's not easy and this is trial...
Oh so it's included an an ATP license but requires one to have this feature .
If ATP wasn't this expansive I would actually might replace it with my exiting solution but current offering isn't in my budget realm :(
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Microsoft today announced that Advanced Threat Protection (ATP) for Azure Storage now also allows customers to protect data stored in Azure Files file shares and Azure Data Lake Storage Gen2 API data stores.

ATP for Azure Storage is designed as an additional security intelligence layer to help detect malware uploaded to cloud storage accounts, access from suspicious sources (including but not limited to TOR exit nodes), and potentially harmful data exfiltration activities.

"Today we’re excited to announce the preview of extending advanced threat protection for Azure Storage to support Azure Files and Azure Data Lake Storage Gen2 API, helping our customers to protect their data stored in file shares and data stores designed for enterprise big data analytics," Azure Security Center Product Manager Hasan Abo-Shally said.

 

brigantes

Level 1
Jun 22, 2020
40
Oh so it's included an an ATP license but requires one to have this feature .
If ATP wasn't this expansive I would actually might replace it with my exiting solution but current offering isn't in my budget realm :(

Microsoft Defender ATP is not available to consumers, even if they are willing to pay. It is sold only to enterprises with volume license agreements.
 

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
Microsoft Defender ATP is not available to consumers, even if they are willing to pay. It is sold only to enterprises with volume license agreements.
Yeah I thought you didn't need ATP for this feature XD

But the pricing is insane compared with other Enterprise security offerings anyway.
 
  • Like
Reactions: [correlate]

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Microsoft is working on a new Office 365 Advanced Threat Protection (ATP) feature which will make it easy to determine your security policies settings' effectiveness when compared to recommended settings.

The new feature, named Configuration Analyzer, "will be a place for you to compare your policies settings against the Recommended settings for EOP and Office 365 ATP security," according to Microsoft.

"Config Analyzer will measure your current policy settings against either the Standard or the Strict recommendations."

Rolling out next month

Office 365 security administrators will also be able to use the new tool to access a setting changes history area that will make it easy to evaluate how policy changes affected their environment.

At the moment, Office 365 comes with two levels of recommended settings, Standard and Strict, for Exchange Online Protection (EOP) and Office 365 ATP security.

The two security levels are designed to provide different anti-spam, anti-malware, and anti-phishing configurations for blocking malicious emails from reaching the users' mailboxes, depending on each customer's needs and environment.

Microsoft has been working on the Office 365 recommended security profiles since November 2019 and has estimated that rollout will start during Q3 2020.

The Configuration Analyzer feature, newly introduced on the Microsoft 365 roadmap, is set for an August 2020 worldwide roll-out.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top