Microsoft Defender Anti-Malware/Platform Update Kit for Windows 10 (Updated: July 22nd, 2021)

Discussion in 'Windows 10' started by steven4554, Mar 25, 2021.

  1. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,122
    1,808
    60
    #1 steven4554, Mar 25, 2021
    Last edited: Jul 22, 2021 at 01:59
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,122
    1,808
    60
    #2 steven4554, Apr 3, 2021
    Last edited: Apr 6, 2021
    (OP)
    Thank you goes to the moderator who stickied this thread, I am grateful. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. drew84

    drew84 MDL Addicted

    Mar 13, 2014
    997
    1,564
    30
    ... absolutely
     
  4. BAU

    BAU MDL Addicted

    Feb 10, 2009
    943
    2,049
    30
    #4 BAU, Apr 3, 2021
    Last edited: May 11, 2021
    It would be nice if you could mention the original links / sources in OP, how are you authoring these cabs and if it can be automated via a diy script.
    The integration script can be provided right at OP in a code block and/or attached as zip for more transparency.
    And using google drive links is less accessible and more volatile than for example a github, but still better than mediafire & co ;)

    People are naturally circumspect (or at least they should be) when it comes to stuff touching the core defense mechanisms of windows.
    And because I and probably others don't feel like checking each file for having a valid digital signature,
    I present a 3rd-party verify script:
    Code:
    @(set `" <#=")& echo off & title Defender Update Kit Verification Tool v1.2
    set "0=%~f0"&set 1=%*& powershell -nop -c iex ([io.file]::ReadAllText($env:0)) &exit/b || #>)
    
    $messages = @{
      WARN_DEFENDER_CABS_MISSING  = " Place this script in the same folder as Defender Update cabs ";
      WARN_DIGITAL_SIGNATURES_ER  = " Digital Signatures ERROR! ";
      WARN_DIGITAL_SIGNATURES_OK  = " Digital Signatures OK! "
    }
    
    cd -Lit(split-path $env:0)
    $x86   = gci defender-dism-x86*.cab   | sort creationtime | select-object -last 1
    $x64   = gci defender-dism-x64*.cab   | sort creationtime | select-object -last 1
    $arm64 = gci defender-dism-arm64*.cab | sort creationtime | select-object -last 1
    
    if ($null -eq $x86 -and $null -eq $x64 -and $null -eq $arm64) {
      write-host -fore black -back yellow $messages.WARN_DEFENDER_CABS_MISSING; choice /c EX1T; exit 1
    }
    
    $root = "defender-dism";  ri $root -recurse -force -ea 0|out-null; ni $root -item directory -force -ea 0|out-null
    if ($x86) {ni "$root\x86"   -item directory -force -ea 0|out-null; expand -R $x86.Name -F:* "$root\x86"}
    if ($x64) {ni "$root\x64"   -item directory -force -ea 0|out-null; expand -R $x64.Name -F:* "$root\x64"}
    if ($arm) {ni "$root\arm64" -item directory -force -ea 0|out-null; expand -R $arm64.Name -F:* "$root\arm64"}
    
    $invalid = @()
    gci $root\*.* -exclude *.json,*.mof,*.txt,*.xml -file -recurse | foreach-object {
      $sig = Get-AuthenticodeSignature $_
      if ($sig.status -eq 0) {write-output $sig} else {$invalid += $_ | select-object LastWriteTime,Length,FullName}
    }
    write-host
    if ($invalid.length -eq 0) {
      write-host -fore yellow -back darkgreen $messages.WARN_DIGITAL_SIGNATURES_OK
    } else {
      write-host -fore yellow -back darkred $messages.WARN_DIGITAL_SIGNATURES_ER
      write-output $invalid
      write-host -fore yellow -back darkred $messages.WARN_DIGITAL_SIGNATURES_ER
    }
    write-host
    choice /c EX1T
    #,# AveYo and steven4554
    
    Save as defender_update_kit_verify.bat in the same folder as Defender Update Kit cabs
    It will extract cabs in a defender-dism folder, then run Get-AuthenticodeSignature powershell cmdlet on all sensitive files.
    Hope it helps someone.

    [update] 2021.05.12: arm64 support from steven4554; show details for files failing verification
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,122
    1,808
    60
    #5 steven4554, Apr 3, 2021
    Last edited: Apr 4, 2021
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. BAU

    BAU MDL Addicted

    Feb 10, 2009
    943
    2,049
    30
    #6 BAU, Apr 4, 2021
    Last edited: May 11, 2021

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,122
    1,808
    60
    #7 steven4554, Apr 4, 2021
    Last edited: Apr 4, 2021
    (OP)
    Thanks for the feedback, and for further improving the PowerShell script. I cannot release information regarding how I make the cabinet files, but you can be assured that the files contained inside the cabs have not been touched and come directly from the websites I already stated. But I do listen to feedback, in fact I welcome it good and bad. Anything to help further improve this project is appreciated. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. BAU

    BAU MDL Addicted

    Feb 10, 2009
    943
    2,049
    30
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    35,823
    60,244
    450
    #9 Enthousiast, Apr 16, 2021
    Last edited: Apr 16, 2021
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,122
    1,808
    60
    Not available on MS Catalog yet, if anyone have the direct download links to v4.18.2104.5 it would be appreciated.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    35,823
    60,244
    450
    I re-installed enterprise twice and pro once more and it never showed up again:(
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,122
    1,808
    60
    #12 steven4554, Apr 17, 2021
    Last edited: Apr 17, 2021
    (OP)
    Sounds like someone at MS pressed the green button too soon. :rolleyes:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    35,823
    60,244
    450
    I am glad i made a screenshot, else nobody would have believed me:D i regret not using wumt to be able to fetch you the ddl:(
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. IXMas

    IXMas MDL Novice

    Mar 7, 2021
    10
    4
    0
  15. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,122
    1,808
    60
    Thanks, but the cabs on that MS website, are now out of date. Plus, MS only updates once a month now. It wouldn't surprise me when they do stop making cabs altogether.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. IXMas

    IXMas MDL Novice

    Mar 7, 2021
    10
    4
    0
  17. IXMas

    IXMas MDL Novice

    Mar 7, 2021
    10
    4
    0
    When it is updated, it is always better to look for it on MS sites and not elsewhere
     
  18. IXMas

    IXMas MDL Novice

    Mar 7, 2021
    10
    4
    0
    And those are certainly just these two pages
     
  19. IXMas

    IXMas MDL Novice

    Mar 7, 2021
    10
    4
    0
    #20 IXMas, Apr 19, 2021
    Last edited: Apr 19, 2021
    MS pages, not packing and repacking