HomeWinBuzzer NewsMicrosoft Defender ATP Gets UEFI Scanner to Protect Against Firmware-Level Attacks

Microsoft Defender ATP Gets UEFI Scanner to Protect Against Firmware-Level Attacks

Microsoft Defender ATP now includes a Unified Extensible Firmware Interface (UEFI) scanner for Windows 10 users.


wants to combat firmware and hardware cyber attacks more efficiently. To reach its goal, the company has revealed a Unified Extensible Firmware Interface (UEFI) scanner on Microsoft Defender ATP.

In a blog post, Microsoft describes the UEFI scanner has a tool that can scan firmware filesystems while performing security checks. Now part of Microsoft Defender ATP, the scanner will be a built-in part of .

“Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutions made persistence and detection evasion on the operating system more difficult. Attackers compromise the boot flow to achieve low-level malware behavior that's hard to detect, posing a significant risk to an organization's security posture.”

Microsoft points out the tool was created with help from partner chipset manufacturers. It is designed to build upon existing endpoint protection tools on Microsoft Defender ATP.

Boosting Capabilities

The service already has Windows Defender System Security guard to protect Windows 10 through secure boot features. This tool helps users to avoid firmware attacks. By combining the UEFI scanner with System Guard, Microsoft says Defender ATP can add even more secure boot protection.

Some of the fundamental components of the new scanner include:

  • “UEFI anti-rootkit, which reaches the firmware through Serial Peripheral Interface (SPI)
  • Full filesystem scanner, which analyzes content inside the firmware
  • Detection engine, which identifies exploits and malicious behaviors”

When issues are found, Microsoft Defender ATP will surface them in . Users can locate these notifications through the Settings app, Windows Security, and then Protection history. Furthermore, alerts will also be added to Microsoft Defender Security Center.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News