Microsoft Defender Anti-Malware/Platform Update Kit for Windows 10 (Updated: November 26th, 2021)

Discussion in 'Windows 10' started by steven4554, Mar 25, 2021.

  1. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,155
    1,898
    60
    #1 steven4554, Mar 25, 2021
    Last edited: Nov 26, 2021 at 01:58
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,155
    1,898
    60
    #2 steven4554, Apr 3, 2021
    Last edited: Apr 6, 2021
    (OP)
    Thank you goes to the moderator who stickied this thread, I am grateful. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. drew84

    drew84 MDL Expert

    Mar 13, 2014
    1,081
    1,660
    60
    ... absolutely
     
  4. BAU

    BAU MDL Expert

    Feb 10, 2009
    1,228
    3,243
    60
    #4 BAU, Apr 3, 2021
    Last edited: Sep 16, 2021
    It would be nice if you could mention the original links / sources in OP, how are you authoring these cabs and if it can be automated via a diy script.
    The integration script can be provided right at OP in a code block and/or attached as zip for more transparency.
    And using google drive links is less accessible and more volatile than for example a github, but still better than mediafire & co ;)

    People are naturally circumspect (or at least they should be) when it comes to stuff touching the core defense mechanisms of windows.
    And because I and probably others don't feel like checking each file for having a valid digital signature,
    I present a 3rd-party verify script:
    Code:
    @(set `" <#=")& echo off & title Defender Update Kit Verification Tool v1.6
    set "0=%~f0"&set 1=%*& powershell -nop -c iex ([io.file]::ReadAllText($env:0)) &exit/b || #>)
    
    $messages = @{
      WARN_DEFENDER_CABS_MISSING  = " Place this script in the same folder as Defender Update cabs "
      WARN_DIGITAL_SIGNATURES_ERR = " ERR! "
      WARN_DIGITAL_SIGNATURES_OK  = " OK! "
    }
    
    cd -Lit(split-path $env:0)
    $x86   = gci defender-dism-x86*.cab   | sort creationtime | select-object -last 1
    $x64   = gci defender-dism-x64*.cab   | sort creationtime | select-object -last 1
    $arm64 = gci defender-dism-arm64*.cab | sort creationtime | select-object -last 1
    
    if ($null -eq $x86 -and $null -eq $x64 -and $null -eq $arm64) {
      write-host -fore black -back yellow $messages.WARN_DEFENDER_CABS_MISSING; choice /c EX1T; exit 1
    }
    
    $root = "defender-dism";  ri $root -recurse -force -ea 0|out-null; ni $root -item directory -force -ea 0|out-null
    if ($x86) {ni "$root\x86"   -item directory -force -ea 0|out-null; expand -R $x86.Name -F:* "$root\x86"}
    if ($x64) {ni "$root\x64"   -item directory -force -ea 0|out-null; expand -R $x64.Name -F:* "$root\x64"}
    if ($arm64) {ni "$root\arm64" -item directory -force -ea 0|out-null; expand -R $arm64.Name -F:* "$root\arm64"}
    
    $ext = '.exe .dll .mui .sys .ax .ocx .cpl .scr .msu .msi .Msix .msixbundle .appx .appxbundle .cab .cat .cdxml .ps1xml .psd1 .psm1'
    $filter = $ext.Split(); $err = @()
    gci $root\*.* -file -recurse | foreach-object {        
      if ($filter -contains $_.Extension) {
        $sig = Get-AuthenticodeSignature $_
        if ($sig.status -eq 0) {
          $sig.SignerCertificate| add-member Thumbprint $sig.SignerCertificate.Subject.Split('=')[1].Trim(', O').Trim(', OU') -force
          write-output $sig
        }
        else { $err += "Invalid   "+$_.FullName+"`nModified  "+$_.LastWriteTime+"  Size  "+$_.Length+"`n" }
      }
    }
    write-host
    if ($err.length -eq 0 -and ($x86 -or $x64 -or $arm64)) {
      write-host -fore yellow -back darkgreen $messages.WARN_DIGITAL_SIGNATURES_OK
    } else {
      write-output $err; write-host -fore yellow -back darkred $messages.WARN_DIGITAL_SIGNATURES_ERR
    }
    write-host
    choice /c EX1T
    #,# AveYo and steven4554
    
    
    Save as defender_update_kit_verify.bat in the same folder as Defender Update Kit cabs
    It will extract cabs in a defender-dism folder, then run Get-AuthenticodeSignature powershell cmdlet on all sensitive files.
    Hope it helps someone.

    [update]
    2021.08.10: +fix arm64 support from steven4554
    2021.09.15: enhanced output
    2021.09.16: improve output speed
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,155
    1,898
    60
    #5 steven4554, Apr 3, 2021
    Last edited: Apr 4, 2021
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. BAU

    BAU MDL Expert

    Feb 10, 2009
    1,228
    3,243
    60
    #6 BAU, Apr 4, 2021
    Last edited: Sep 16, 2021

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,155
    1,898
    60
    #7 steven4554, Apr 4, 2021
    Last edited: Apr 4, 2021
    (OP)
    Thanks for the feedback, and for further improving the PowerShell script. I cannot release information regarding how I make the cabinet files, but you can be assured that the files contained inside the cabs have not been touched and come directly from the websites I already stated. But I do listen to feedback, in fact I welcome it good and bad. Anything to help further improve this project is appreciated. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. BAU

    BAU MDL Expert

    Feb 10, 2009
    1,228
    3,243
    60
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    38,257
    66,463
    450
    #9 Enthousiast, Apr 16, 2021
    Last edited: Apr 16, 2021
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,155
    1,898
    60
    Not available on MS Catalog yet, if anyone have the direct download links to v4.18.2104.5 it would be appreciated.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    38,257
    66,463
    450
    I re-installed enterprise twice and pro once more and it never showed up again:(
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,155
    1,898
    60
    #12 steven4554, Apr 17, 2021
    Last edited: Apr 17, 2021
    (OP)
    Sounds like someone at MS pressed the green button too soon. :rolleyes:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    38,257
    66,463
    450
    I am glad i made a screenshot, else nobody would have believed me:D i regret not using wumt to be able to fetch you the ddl:(
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. IXMas

    IXMas MDL Member

    Mar 7, 2021
    150
    188
    10
  15. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,155
    1,898
    60
    Thanks, but the cabs on that MS website, are now out of date. Plus, MS only updates once a month now. It wouldn't surprise me when they do stop making cabs altogether.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. IXMas

    IXMas MDL Member

    Mar 7, 2021
    150
    188
    10
  17. IXMas

    IXMas MDL Member

    Mar 7, 2021
    150
    188
    10
    When it is updated, it is always better to look for it on MS sites and not elsewhere
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. IXMas

    IXMas MDL Member

    Mar 7, 2021
    150
    188
    10
    And those are certainly just these two pages
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. IXMas

    IXMas MDL Member

    Mar 7, 2021
    150
    188
    10
    #20 IXMas, Apr 19, 2021
    Last edited: Apr 19, 2021
    MS pages, not packing and repacking
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...