Why not leaving that to W10UI, with the lttle info you gave we have to guess what you are doing, there was no mounting so we can assume it is a live installation. I would not run this in an UUP folder but i guess it could be done that way. This is a bit of an usual setup for using W10UI Usual setup: Code: ====================== W10UI v10.53 ======================= [1] Target (x64): "E:\W10UI\19045_Work_x64_US" [2] Updates: "E:\W10UI\19045_Updates_x64_US_Test" [3] DISM: "Windows NT 10.0 ADK" [4] Enable .NET 3.5: NO [5] Cleanup System Image: YES [6] Reset Image Base: YES [7] Update WinRE.wim: NO [8] install.wim selected indexes: 1 / [K] Keep indexes: Selected [M] Mount Directory: "c:\W10UImount_31314" [E] Extraction Directory: "c:\W10UItemp_10907" ============================================================ Change a menu option, press 0 to start the process, or 9 to exit: Code: ============================================================ Running W10UI v10.53 ============================================================ ============================================================ Configured Options... ============================================================ Cleanup ResetBase SkipEdge SkipWebView UseWimlib ============================================================ Extracting .cab files from .msu files... ============================================================ 1/1: windows10.0-kb5062649-x64_LCU_6159.1.16.msu ============================================================ Extracting files from update containers (cab/wim)... *** This will require some disk space, please be patient *** ============================================================ 1/5: defender-dism-x64.cab 2/5: windows10.0-kb5007401-x64_Critical_DU_for_NET35.cab 3/5: windows10.0-kb5011048-x64_NDP481_Base_9166.1.cab [NetFx] 4/5: Windows10.0-KB5056578-x64-NDP481_CU_9310.1.cab [NetFx] 5/5: Windows10.0-KB5062649-x64.cab [Combined] 6/7: Windows10.0-KB5062649-x64_inout.cab [LCU] 7/7: Windows10.0-KB5063261-x64_inout.cab [SSU] ============================================================ Mounting sources\install.wim - index 1/2 ============================================================ Deployment Image Servicing and Management tool Version: 10.0.26100.5720 Mounting image [==========================100.0%==========================] The operation completed successfully. ============================================================ Checking Updates... ============================================================ ============================================================ Installing servicing stack update... ============================================================ Deployment Image Servicing and Management tool Version: 10.0.26100.5720 Image Version: 10.0.19041.1 Processing 1 of 1 - Adding package Package_for_ServicingStack_6151~31bf3856ad364e35~amd64~~19041.6151.1.3 [==========================100.0%==========================] The operation completed successfully. ============================================================ Installing updates... ============================================================ Deployment Image Servicing and Management tool Version: 10.0.26100.5720 Image Version: 10.0.19041.1 Processing 1 of 3 - Adding package Package_for_KB5011048~31bf3856ad364e35~amd64~~10.0.9166.1 [==========================100.0%==========================] Processing 2 of 3 - Adding package Package_for_KB5007401~31bf3856ad364e35~amd64~~19041.1378.1.1 [==========================100.0%==========================] Processing 3 of 3 - Adding package Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9310.1 [==========================100.0%==========================] The operation completed successfully. Deployment Image Servicing and Management tool Version: 10.0.26100.5720 Image Version: 10.0.19041.1 Processing 1 of 1 - Adding package Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.6159.1.16 [==========================100.0%==========================] The operation completed successfully. ============================================================ Resetting OS image base... ============================================================ Deployment Image Servicing and Management tool Version: 10.0.26100.5720 Image Version: 10.0.19041.6159 [===== 10.0% ] [==========================100.0%==========================] The operation completed successfully. Deployment Image Servicing and Management tool Version: 10.0.26100.5720 Image Version: 10.0.19041.6159 [==========================100.0%==========================] The operation completed successfully. ============================================================ Adding Defender update... ============================================================ Platform : 4.18.25060.7 Engine : 1.1.25060.6 Signatures: 1.433.155.0 ============================================================ Unmounting sources\install.wim - index 1/2 ============================================================ Deployment Image Servicing and Management tool Version: 10.0.26100.5720 Image File : E:\W10UI\19045_Work_x64_US\sources\install.wim Image Index : 1 Will do my best to recreate what you did
@Enthousiast No, both times I did it with the install.wim assembly. It wasn't live. I still don't know what happened the first time, but I'll do some more research... Your suggestions are good. I'll follow them. Thank you again. Hugs
Hi, I am trying to understand what this custom cab installs exactly. I understand that there are KB2267602, KB4052523 and KB5007651. I can already integrate the first 2 with NTlite if I just download from the MS links you provided. The last one I can't integrate. This is for Win10 22H2 current updates. I also looked up KB5007651, it states it's platform 10.0.29429.1000 but in the main post I see platform is 4.18.25110.6, which is confusing.
KB5007651 is actually a appx that's contained inside a executable file that updates Windows Security Center in both Windows 10 and 11, which is why it cannot be integrated using NTLite. The SecHealthUI appx file would need to be extracted using 7-zip.
So am I correct in assuming that your custom cab integrates all 3 KBs? For 5007651, I've looked it up on the Microsoft website and it states it only affects Windows 11 though. Is this why there is the platform 10.0.29429.1000 / platform 4.18.25110.6 difference? Extracting it also shows me that it has 3 different appx files, one of which is SecHealthUI. Is SecHealthUI the only important part or are the other two also worth integrating? If your custom cab doesn't contain this update, what was the rationale? I apologize for so many questions, I'm currently trying to create my first custom ISO and would love to know more, I've been researching all the update types.
Thank you so much for the clarification. It has helped me greatly improve my process for preparing my personal ISOs. I truly appreciate it. I feel I understand much more now and have been able to branch out into building both a 10 Pro iso and a 10 Ent IoT LTSC. In my testing I've discovered a few things that have given me more to consider. Specifically for KB4052623 + KB2267602, it seems NTLite is able to integrate both even though they are not .msu cabs. For KB4052623 simply adding the updateplatform.amd64fre_a6f8b224628abeb969df960effcebb485b62189c.exe to the Updates tab in NTLite is allowed. For KB2267602 likewise, adding the mpam-fe.exe file is allowed. Both are integrated successfully. Are you aware of any issues when attempting to integrate them like this as opposed to via your custom cab? I am unsure what reputation or history NTLite has with forum users, but it seems somewhat beneficial at first glance to be able to do this due to KB2267602 being re-issued daily. As for KB5007651, I was under the impression that it also applies to Windows 10, however, I attempted to integrate it the latest and previous version via NTLite and it stated that it was not applicable. I made sure to attempt integrating either both the .exe and the .appx file, as NTLite normally allows both. Am I doing something wrong or it simply is the case that it is not applicable to 10 Pro / 10 IoT LTSC. And finally, this may be out-of-scope but would it be possible to create a custom .cab for integrating KB890830 and KB4023057? I ask because they are both security-adjacent updates that seem to fit with your project, KB890830 being the monthly malicious software removal tool and KB4023057 being the windows update health verification update. For KB4023057 specifically, it tends to reset user preferences and modifications done to windows updates post-install, so having it pre-applied would be great to prevent that. I am aware that they can be integrated via the setupcomplete.cmd but I was hoping to avoid that as I am planning to work on a script injection tool that will be applied directly to the ISO, which will have the option of disabling Windows Update prior to installation, with the option of toggling it back on, and I am hoping to prevent conflicts if KB4023057 will be offered and installed after. For reference, on a fresh install of Windows 10 Pro (using the latest official October 2025 updated iso), KB890830, KB4023057 and KB5001716 are offered via Windows Update, and none of these are available as .msu files that can be integrated. For 10 Enterprise IoT LTSC, only 890830 is offered, so it might be a good idea for it to be integrated into the main custom cab, while having a separate cab for KB4023057. KB5001716 is a special case, as I do not wish this to be integrated as all it does is provide nag screens, executables and background services/processes for upgrading to 11 and I am hoping to somehow prevent this being offered at all, but this is a different avenue of research. For Windows 10 Enterprise IoT LTSC, only KB890830 is offered.
I'm glad that the info I provided has helped you to create a iso, though I'm not a fan of the software your using I can understand that's it's easier to get things done with NTLite. Even I have it installed, but I don't use it much and only use it for experimental purposes. I mainly use UUP to ISO converter and W10UI for creating\integrating offline images these days. As I don't use NTLite much, I cannot comment about it's capabilities such as integration of the KBs that are in cabs. But I would recommend to use the UUP to ISO converter tool to integrate the SecHealthUI appx as NTLite most likely has not got the capability to integrate KB5007651. As for the other MS tools you described, KB890830 and KB4023057 are security related but are not applicable to include in the defender cabs I make every week. Plus KB4023057 has a MSI file and that cannot be integrated as is, but in fairness I will see if I can make it integrate compatible. But no promises on that. As for KB890830, the mrt.exe file can be injected into the offline image using a script, but don't ask me to make one as I've no experience making scripts.
Microsoft.SecHealthUI_1000.29429.1000.0_x64__8wekyb3d8bbwe's AppxManifest specifically calls out: Code: <Dependencies> <TargetDeviceFamily Name="Windows.Universal" MinVersion="10.0.22000.1" MaxVersionTested="10.0.22000.1"/> <PackageDependency Name="Microsoft.VCLibs.140.00" MinVersion="14.0.22929.0" Publisher="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"/> <PackageDependency Name="Microsoft.UI.Xaml.2.8" MinVersion="8.2304.12003.0" Publisher="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"/> </Dependencies> I don't see why NTLite is supposed to get around this limitation enforced by the manifest.
Oh my dog! It never occurred to me to extract the appx! Yet it was so simple, jesus! I feel so stupid, time to go back to computer school haha. So this pretty much proves that KB5007651 is meant for Windows 11 upwards as it calls out OS version 22000.1 that is higher than what Windows 10 can achieve, which currently is 19045.6812. Most likely even if it was installed, it just existed as a package in the OS that didn't actually do anything. However, it might be interesting to test it out by modifying the manifest and lowering the the MinVersion and seeing if it can be backported just for fun. It'll probably destroy something haha but I have time. Either that or it may run just fine heh. @steven4554 which brings me to my previous question, it's still unclear to me if after successfully integrating it into 10 with UUP > ISO converter it actually has normal functionality and is not innert.
Here's the AppxManifest.xml from my live W10 22H2: Code: <Dependencies> <TargetDeviceFamily Name="Windows.Universal" MinVersion="10.0.17083.0" MaxVersionTested="10.0.19041.4239"/> </Dependencies> Looking at random samples of securityhealthsetup.exe (going back several years), they all appear to be targeted for W11. If I had to guess, they rewrote SecHealthUI for W11 only. Probably to support the non-Defender security changes like with VBS, etc.
You can use the MSIX Packaging Tool, which will allow you to edit existing appx/msix files as well as create brand new appx or msix files. Of course editing any of MS files will break their digital signature. You can find the tool in the MS Store.
This is the old, non-UWP GUI. However, it takes the same engine and signature updates as the in the newer OS, internally it is the same, AFAIK.