Microsoft has added to its Windows 10 Fall Creators Update operating system released in October 2017 a new security function called Windows Defender System Guard.
Windows Defender System Guard was designed to "create the condition that system integrity cannot be compromised," according to the company, and to protect against attacks even from the boot level (rootkits or bootkits).
The new "defense system" includes functions that protect, maintain and verify the integrity of the Windows system at startup as it is said to use local as well as remote confirmation.
Microsoft first released the Secure Boot feature from Windows 8 against boot-level attacks. Secure Boot is a feature of the Unified Extensible Firmware Interface (UEFI). Secure Boot added an extra protection which is hardware-based and prevents any malicious code from trying to run before the Windows bootloader.
Secure Boot briefly interrupts the first attack on a Windows computer during startup while other Windows functions are loading.
Windows Defender Guard System also protects this phase of the boot process:
This is where Windows Defender System Guard protection ensures that only signed and secure files and drivers can start on the device.
At the end of the Windows startup process, System Guard will launch the system antimalware, which will detect all third-party drivers. Finally, Windows Defender System Guard will ensure that your system starts safely and integrity-free and that it is not compromised before the rest of the system's defense functions begin.
Microsoft recently revealed that all devices running Windows 10 will have a feature that confirms the running time of Windows Defender System Guard from the next Windows 10 update (Spring Creators Update or April Update).
In the Windows 10 Fall Creators update, we reorganized all system integrity features in Windows Defender System Guard. This move allowed us to add significant innovations to the security of the platform.
The Windows Defender System Guard runtime confirmation, which will be integrated into the basic Windows operating system, will be delivered soon to all versions of Windows.
Confirmation of runtime can help in the following scenarios (among others) according to Microsoft:
- Detection of kernel, rootkits and exploits.
- It will provide signals to antivirus vendors that will help in detection.
- It will help banking applications or trading platforms.
- Improving access policies based on device security.
- Protection against Anti-cheat games.
Microsoft is reportedly preparing an API that can be used by security software developers, and will "certify the status of the device at any time."
The next Windows 10 update will include the first phase of Windows Defender System Guard runtime certification according to Microsoft.
With the next update of Windows 10, we will probably see more innovations.
- AV-TEST Windows 10: The Best Antivirus with Surprises
- CFA enable the ransomware protection of Windows 10
