Microsoft Defender Antivirus gets UEFI protection on Windows 10

If you have a Windows 10 device using UEFI, Microsoft Defender Antivirus will now alert you of attacks and malware on the firmware.

Microsoft Defender Antivirus UEFI scanner
Microsoft Defender Antivirus UEFI scanner

Microsoft is launching a new Unified Extensible Firmware Interface (UEFI) scanner as part of the Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) to bring attack and malware protection to the firmware level.

The UEFI scanner is a new feature that is built into the Microsoft Defender Antivirus for Windows 10, and it’s capable of scanning the firmware filesystem and perform security assessments. Also, it includes insights from chipset manufacturers that further expands the Microsoft Defender ATP protection.

The company explains that the Microsoft Defender ATP UEFI scanner works by interacting with motherboard chipset to read the firmware files at runtime, and to detect threats, the feature performs dynamic analysis using multiple components, including UEFI anti-rootkit that reaches the firmware through Serial Peripheral Interface (SPI). Full filesystem scanner to analyze content inside the firmware, and detection engine, which finds exploits and malicious behaviors.

If an anomaly is detected, then it’ll be reported in the Windows Security app, under the “Virus & threat protection” section, inside the Protection history page. Information that you can use to investigate and respond to firmware attacks and suspicious activities on the firmware.

In the case of Microsoft Defender ATP (enterprise) customers, the detections will appear as alerts in the Microsoft Defender Security Center.

The new UEFI scanner is another component that Microsoft is making broadly available to help with the continued increase of hardware and firmware-level attacks, which usually compromise the boot flow that’s difficult to detect, posing a significant risk to devices and data.

About the author

Mauro Huculak is a Windows expert and the Editor-in-Chief who started Pureinfotech in 2010 as an independent online publication. He is also been a Windows Central contributor for nearly a decade. Mauro has over 12 years of experience writing comprehensive guides and creating professional videos about Windows, software, and related technologies, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 20 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and About.me.