Microsoft Defender Antivirus is the built-in antivirus solution on Windows 10 PCs. It offers behavior-based, heuristic, and real-time antivirus protection for free. Microsoft has recently included a new component called UEFI scanner in the Microsoft Defender Antivirus. This UEFI scanner scans the firmware filesystem at runtime by interacting directly with the motherboard chipset. To detect security threats, this scanner performs analysis using following solution components:
- UEFI anti-rootkit, which reaches the firmware through Serial Peripheral Interface (SPI)
- Full filesystem scanner, which analyzes content inside the firmware
- Detection engine, which identifies exploits and malicious behaviors
You can learn about how Microsoft built this new UEFI scanner from the source link below.
The new UEFI scanner adds to a rich set of Microsoft technologies that integrate to deliver chip-to-cloud security, from a strong hardware root of trust to cloud-powered security solutions at the OS level.