Microsoft Defender Anti-Malware/Platform Update Kit for Windows 10 (Updated: July 9th, 2021)

Discussion in 'Windows 10' started by steven4554, Mar 25, 2021.

  1. steven4554

    steven4554 MDL Expert

    Joined:
    Jul 12, 2009
    Messages:
    1,117
    Likes Received:
    1,786
    Trophy Points:
    60
    #1 steven4554, Mar 25, 2021
    Last edited: Jul 9, 2021 at 06:13
  2. steven4554

    steven4554 MDL Expert

    Joined:
    Jul 12, 2009
    Messages:
    1,117
    Likes Received:
    1,786
    Trophy Points:
    60
    #2 steven4554, Apr 3, 2021
    Last edited: Apr 6, 2021
    (OP)
    Thank you goes to the moderator who stickied this thread, I am grateful. :)
     
  3. drew84

    drew84 MDL Addicted

    Joined:
    Mar 13, 2014
    Messages:
    956
    Likes Received:
    1,490
    Trophy Points:
    30
    ... absolutely
     
  4. BAU

    BAU MDL Addicted

    Joined:
    Feb 10, 2009
    Messages:
    943
    Likes Received:
    2,042
    Trophy Points:
    30
    #4 BAU, Apr 3, 2021
    Last edited: May 11, 2021
    It would be nice if you could mention the original links / sources in OP, how are you authoring these cabs and if it can be automated via a diy script.
    The integration script can be provided right at OP in a code block and/or attached as zip for more transparency.
    And using google drive links is less accessible and more volatile than for example a github, but still better than mediafire & co ;)

    People are naturally circumspect (or at least they should be) when it comes to stuff touching the core defense mechanisms of windows.
    And because I and probably others don't feel like checking each file for having a valid digital signature,
    I present a 3rd-party verify script:
    Code:
    @(set `" <#=")& echo off & title Defender Update Kit Verification Tool v1.2
    set "0=%~f0"&set 1=%*& powershell -nop -c iex ([io.file]::ReadAllText($env:0)) &exit/b || #>)
    
    $messages = @{
      WARN_DEFENDER_CABS_MISSING  = " Place this script in the same folder as Defender Update cabs ";
      WARN_DIGITAL_SIGNATURES_ER  = " Digital Signatures ERROR! ";
      WARN_DIGITAL_SIGNATURES_OK  = " Digital Signatures OK! "
    }
    
    cd -Lit(split-path $env:0)
    $x86   = gci defender-dism-x86*.cab   | sort creationtime | select-object -last 1
    $x64   = gci defender-dism-x64*.cab   | sort creationtime | select-object -last 1
    $arm64 = gci defender-dism-arm64*.cab | sort creationtime | select-object -last 1
    
    if ($null -eq $x86 -and $null -eq $x64 -and $null -eq $arm64) {
      write-host -fore black -back yellow $messages.WARN_DEFENDER_CABS_MISSING; choice /c EX1T; exit 1
    }
    
    $root = "defender-dism";  ri $root -recurse -force -ea 0|out-null; ni $root -item directory -force -ea 0|out-null
    if ($x86) {ni "$root\x86"   -item directory -force -ea 0|out-null; expand -R $x86.Name -F:* "$root\x86"}
    if ($x64) {ni "$root\x64"   -item directory -force -ea 0|out-null; expand -R $x64.Name -F:* "$root\x64"}
    if ($arm) {ni "$root\arm64" -item directory -force -ea 0|out-null; expand -R $arm64.Name -F:* "$root\arm64"}
    
    $invalid = @()
    gci $root\*.* -exclude *.json,*.mof,*.txt,*.xml -file -recurse | foreach-object {
      $sig = Get-AuthenticodeSignature $_
      if ($sig.status -eq 0) {write-output $sig} else {$invalid += $_ | select-object LastWriteTime,Length,FullName}
    }
    write-host
    if ($invalid.length -eq 0) {
      write-host -fore yellow -back darkgreen $messages.WARN_DIGITAL_SIGNATURES_OK
    } else {
      write-host -fore yellow -back darkred $messages.WARN_DIGITAL_SIGNATURES_ER
      write-output $invalid
      write-host -fore yellow -back darkred $messages.WARN_DIGITAL_SIGNATURES_ER
    }
    write-host
    choice /c EX1T
    #,# AveYo and steven4554
    
    Save as defender_update_kit_verify.bat in the same folder as Defender Update Kit cabs
    It will extract cabs in a defender-dism folder, then run Get-AuthenticodeSignature powershell cmdlet on all sensitive files.
    Hope it helps someone.

    [update] 2021.05.12: arm64 support from steven4554; show details for files failing verification
     

    Attached Files:

  5. steven4554

    steven4554 MDL Expert

    Joined:
    Jul 12, 2009
    Messages:
    1,117
    Likes Received:
    1,786
    Trophy Points:
    60
  6. BAU

    BAU MDL Addicted

    Joined:
    Feb 10, 2009
    Messages:
    943
    Likes Received:
    2,042
    Trophy Points:
    30
  7. steven4554

    steven4554 MDL Expert

    Joined:
    Jul 12, 2009
    Messages:
    1,117
    Likes Received:
    1,786
    Trophy Points:
    60
    #7 steven4554, Apr 4, 2021
    Last edited: Apr 4, 2021
    (OP)
    Thanks for the feedback, and for further improving the PowerShell script. I cannot release information regarding how I make the cabinet files, but you can be assured that the files contained inside the cabs have not been touched and come directly from the websites I already stated. But I do listen to feedback, in fact I welcome it good and bad. Anything to help further improve this project is appreciated. :)
     
  8. BAU

    BAU MDL Addicted

    Joined:
    Feb 10, 2009
    Messages:
    943
    Likes Received:
    2,042
    Trophy Points:
    30
  9. Enthousiast

    Enthousiast MDL Tester

    Joined:
    Oct 30, 2009
    Messages:
    35,561
    Likes Received:
    59,622
    Trophy Points:
    450
  10. steven4554

    steven4554 MDL Expert

    Joined:
    Jul 12, 2009
    Messages:
    1,117
    Likes Received:
    1,786
    Trophy Points:
    60
    Not available on MS Catalog yet, if anyone have the direct download links to v4.18.2104.5 it would be appreciated.
     
  11. Enthousiast

    Enthousiast MDL Tester

    Joined:
    Oct 30, 2009
    Messages:
    35,561
    Likes Received:
    59,622
    Trophy Points:
    450
    I re-installed enterprise twice and pro once more and it never showed up again:(
     
  12. steven4554

    steven4554 MDL Expert

    Joined:
    Jul 12, 2009
    Messages:
    1,117
    Likes Received:
    1,786
    Trophy Points:
    60
    #12 steven4554, Apr 17, 2021
    Last edited: Apr 17, 2021
    (OP)
    Sounds like someone at MS pressed the green button too soon. :rolleyes:
     
  13. Enthousiast

    Enthousiast MDL Tester

    Joined:
    Oct 30, 2009
    Messages:
    35,561
    Likes Received:
    59,622
    Trophy Points:
    450
    I am glad i made a screenshot, else nobody would have believed me:D i regret not using wumt to be able to fetch you the ddl:(
     
  14. IXMas

    IXMas MDL Novice

    Joined:
    Mar 7, 2021
    Messages:
    10
    Likes Received:
    3
    Trophy Points:
    0
  15. steven4554

    steven4554 MDL Expert

    Joined:
    Jul 12, 2009
    Messages:
    1,117
    Likes Received:
    1,786
    Trophy Points:
    60
    Thanks, but the cabs on that MS website, are now out of date. Plus, MS only updates once a month now. It wouldn't surprise me when they do stop making cabs altogether.
     
  16. bachett

    bachett MDL Novice

    Joined:
    May 31, 2007
    Messages:
    43
    Likes Received:
    19
    Trophy Points:
    0
  17. IXMas

    IXMas MDL Novice

    Joined:
    Mar 7, 2021
    Messages:
    10
    Likes Received:
    3
    Trophy Points:
    0
  18. IXMas

    IXMas MDL Novice

    Joined:
    Mar 7, 2021
    Messages:
    10
    Likes Received:
    3
    Trophy Points:
    0
    When it is updated, it is always better to look for it on MS sites and not elsewhere
     
  19. IXMas

    IXMas MDL Novice

    Joined:
    Mar 7, 2021
    Messages:
    10
    Likes Received:
    3
    Trophy Points:
    0
    And those are certainly just these two pages
     
  20. IXMas

    IXMas MDL Novice

    Joined:
    Mar 7, 2021
    Messages:
    10
    Likes Received:
    3
    Trophy Points:
    0
    #20 IXMas, Apr 19, 2021
    Last edited: Apr 19, 2021
    MS pages, not packing and repacking