Question How to activate Microsoft Defender for Endpoint?

Status
Not open for further replies.

TheFlash1300

Proper
Mar 15, 2022
277
4
185
0
Hello. I heard that Windows Defender has an option called "Microsoft Defender for Endpoint", which can scan the UEFI for viruses. Can someone tell me how to activate this option, because i want to scan my UEFI for viruses?

I heard that i need to open a menu, called "Configuration Manager", but i can't find such a menu. The supposed option for activating the Endpoint is believed to be in the menu i can't find.

The OS i use is Windows 10.
 

TheFlash1300

Proper
Mar 15, 2022
277
4
185
0
It is not a consumer level tool that comes with a standard Windows 10.

https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint
Threats are no match for your Enterprise.
So, the tool is paid and is available only for companies? In this case, how can i scan my UEFI for viruses, if the tool is not available for me? Are there any other tools that can scan UEFI? If not, would you explain to me how to compare the installed UEFI to the original UEFI, so i can see if there is a difference, potentially caused by a virus?

A better thing to do will be to just find a way to see if the UEFI has a virus. How can i know if it has a virus? Are there any symptoms?
 

USAFRet

Titan
Moderator
Mar 16, 2013
156,058
11,658
176,090
24,257

TheFlash1300

Proper
Mar 15, 2022
277
4
185
0
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide

"Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. "

"Microsoft Defender for Endpoint is available in two plans, Defender for Endpoint Plan 1 and Plan 2. A new Microsoft Defender Vulnerability Management add-on is now available for Plan 2. "

$$$
Yeah, i understood this. But i asked another question that isn't about the Endpint plan:

So, the tool is paid and is available only for companies? In this case, how can i scan my UEFI for viruses, if the tool is not available for me? Are there any other tools that can scan UEFI? If not, would you explain to me how to compare the installed UEFI to the original UEFI, so i can see if there is a difference, potentially caused by a virus?

A better thing to do will be to just find a way to see if the UEFI has a virus. How can i know if it has a virus? Are there any symptoms?
 

USAFRet

Titan
Moderator
Mar 16, 2013
156,058
11,658
176,090
24,257
So, the tool is paid and is available only for companies? In this case, how can i scan my UEFI for viruses, if the tool is not available for me? Are there any other tools that can scan UEFI? If not, would you explain to me how to compare the installed UEFI to the original UEFI, so i can see if there is a difference, potentially caused by a virus?
And why do you have reason to believe your UEFI BIOS has a virus?

You, just like the literal billions of other people, are not a target for such.
 

TheFlash1300

Proper
Mar 15, 2022
277
4
185
0
And why do you have reason to believe your UEFI BIOS has a virus?

You, just like the literal billions of other people, are not a target for such.
I have plenty of good reasons to think the UEFI is infected.

Why aren't general users targeted by such viruses?

Anyway, i really want to find a way to scan the UEFI.
 

USAFRet

Titan
Moderator
Mar 16, 2013
156,058
11,658
176,090
24,257

TheFlash1300

Proper
Mar 15, 2022
277
4
185
0
You have nothing of value.
Not true. I have things of value on my computer.

Also, computer viruses are not intelligent and don't know who they are attacking - they can't choose their target. If there is a file, containing a virus, targetting a person, who has "something of value, and the file is downloaded by me, for example, i will be infected, despite the fact i don't have "something of value".

How can i know i haven't downloaded a file having BIOS viruses? Well, i can't know and be sure.

So reflash your BIOS with a known good copy from the motherboard manufacturer.
Done.
Here is some information about my UEFI:

View: https://imgur.com/a/KYnWPhJ


So, i downloaded the file from here: https://www.acer.com/ac/en/ID/content/support-product/8047?b=1

So, I unzipped the "Rose_SR_V1.09.exe" file, opened it, it loaded, it installed several things, the laptop restarted. Was this everything I had to do in order for the UEFi to be re-flashed, or is there something else I need to do?

Update your BIOS should wipe anything.
Above I explained what I did to re-flash the UEFI. So did I do it correctly?
 

USAFRet

Titan
Moderator
Mar 16, 2013
156,058
11,658
176,090
24,257
Not true. I have things of value on my computer.
"things of value" == design specs of the F-35 anti-radar coating.
Not the home written code for a mod of a mediocre several year old video game.

Also, computer viruses are not intelligent and don't know who they are attacking - they can't choose their target.
Yes they can.


So, you reflashed the BIOS.
Done.
Download another virused up pirated file, do it again.

Or, do that how real security pros do this.
A physically discreet box, on your own LAN, with a known good full drive Image of the whole system, ready to overwrite the whole drive.

So did I do it correctly?
If you knew what you were doing, you wouldn't have to ask.
 
Reactions: drivinfast247

TheFlash1300

Proper
Mar 15, 2022
277
4
185
0
Assuming you obtained the BIOS file from the actual manufacturer, yes.
Not mocking.
Seriously.
I obtained the file from the link I posted above.

But I remember someone told me I have to install the UEFI from an external, bootable drive, a USB drive for example. Is there a difference between using the .exe file I used, and installing UEFI from a bootable USB drive?
 

USAFRet

Titan
Moderator
Mar 16, 2013
156,058
11,658
176,090
24,257
I obtained the file from the link I posted above.

But I remember someone told me I have to install the UEFI from an external, bootable drive, a USB drive for example. Is there a difference between using the .exe file I used, and installing UEFI from a bootable USB drive?
The only way the exe file is less safe is if it were somehow rewritten by this uber UEFI BIOS virus you downloaded and ran.

The way to be really safe is to:
-Remove this hard drive and physically destroy it.
-Melt the rest of the system into a pile of slag. Thermite can work well for this.
-Obtain 2 new identical systems, from different sources. Compare ALL the hardware and firmware between the two, to verify nothing is different or compromised.
-Use your own LAN, not the neighbors
-Don't obtain pirated software. Period.
-There are other, deeper, methods....
 

Wolfshadw

Titan
Moderator
@TheFlash1300

You really don't get it, do you?
If I were a hacker, writing a BIOS virus, the first thing I would do is disable your ability to update the BIOS. I'd make it LOOK like it updated, but that's all for show. Of course, I'd also minimize the footprint in order to make it all but undetectable. I'd piggyback on your normal activities to get whatever I wanted from your system and the ONLY way to stop me would be to build a new system.

-Wolf sends
 

Ralston18

Titan
Moderator
@TheFlash1300

Having read through a few of your threads /posts and the ensuing discussions I have a question:

You appear to be interested, for what ever reasons, in computer viruses, malware, security, infections, etc.. Correct?

I will take the liberty of dumping that all into "Cyber Security".

Have you had the opportunity to read any of the numerous books and tutorials on the subject?

A quick google search revealed quite a list of books and other reference sources. Some broad, some narrowly specific.

I cannot vouch per se for any given book but I believe that others here could make some good recommendations.

Very likely that if you take the time to learn more about the topic in general then many of your concerns and questions will become moot.

And that learning may also help support your "experiments" and other related activities.

Everyone learns differently and one way is "trial and error". That can work but I suggest a more focused and methodical approach.

Take the time and make the effort to improve your current knowledge accordingly. Build a working foundation and go forward from there.

= = = =

Actually, I could use a couple of good "Cyber Security" book recommendations myself.

Just my thoughts from afar on the matter.
 
Reactions: TheFlash1300

TheFlash1300

Proper
Mar 15, 2022
277
4
185
0
The only way the exe file is less safe is if it were somehow rewritten by this uber UEFI BIOS virus you downloaded and ran.

The way to be really safe is to:
-Remove this hard drive and physically destroy it.
-Melt the rest of the system into a pile of slag. Thermite can work well for this.
-Obtain 2 new identical systems, from different sources. Compare ALL the hardware and firmware between the two, to verify nothing is different or compromised.
-Use your own LAN, not the neighbors
-Don't obtain pirated software. Period.
-There are other, deeper, methods....
I got a better idea. How about checking the checksum of my UEFI, instead of buying more laptops?

Is there a way to check the hash function of the file I downloaded, the already installed UEFI, and then to compare the two checksums and see if there is a difference?

Just because I installed the new file, this doesn't mean the UEFI virus is removed, assuming my UEFI is infected.

As far as I know, UEFI/BIOS viruses can survive re-flashing.

@TheFlash1300

You really don't get it, do you?
If I were a hacker, writing a BIOS virus, the first thing I would do is disable your ability to update the BIOS. I'd make it LOOK like it updated, but that's all for show. Of course, I'd also minimize the footprint in order to make it all but undetectable. I'd piggyback on your normal activities to get whatever I wanted from your system and the ONLY way to stop me would be to build a new system.

-Wolf sends
Even if the footprint is minimized, it should still be detectable.

If there is a UEFI virus that does something to the system, system files must be changed, right? The virus must introduce changes to system files. Any changes are counted by 'corruption'. This means the changes should be detected by the "sfc /scannow" option. If the scan always shows there is corruption after repair, then this means the UEFI virus is introducing changes, right?

Also, shouldn't there be suspicious messages in the Event Viewer?

And isn't there a program that can scan the BIOS?
 
Status
Not open for further replies.

ASK THE COMMUNITY