Microsoft Defender Anti-Malware/Platform Update Kit for Windows 10

Discussion in 'Windows 10' started by steven4554, Mar 25, 2021.

  1. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,079
    1,671
    60
    #1 steven4554, Mar 25, 2021
    Last edited: Apr 14, 2021 at 15:43
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,079
    1,671
    60
    #2 steven4554, Apr 3, 2021
    Last edited: Apr 6, 2021
    (OP)
    Thank you goes to the moderator who stickied this thread, I am grateful. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. drew84

    drew84 MDL Addicted

    Mar 13, 2014
    881
    1,345
    30
    ... absolutely
     
  4. BAU

    BAU MDL Addicted

    Feb 10, 2009
    906
    1,877
    30
    It would be nice if you could mention the original links / sources in OP, how are you authoring these cabs and if it can be automated via a diy script.
    The integration script can be provided right at OP in a code block and/or attached as zip for more transparency.
    And using google drive links is less accessible and more volatile than for example a github, but still better than mediafire & co ;)

    People are naturally circumspect (or at least they should be) when it comes to stuff touching the core defense mechanisms of windows.
    And because I and probably others don't feel like checking each file for having a valid digital signature,
    I present a 3rd-party verify script:
    Code:
    @(echo off% <#%) & title Defender Update Kit Verify
    set "0=%~f0"&set 1=%*&powershell -nop -c iex ([io.file]::ReadAllText($env:0)) &exit/b ||#>)[1]
    
    $notfound = " Place this script in the same folder as Defender Update Kit cabs "
    
    cd -Lit(split-path $env:0)
    $x86 = gci defender-dism-x86*.cab | sort creationtime | select-object -last 1
    $x64 = gci defender-dism-x64*.cab | sort creationtime | select-object -last 1
    if ($null -eq $x86 -and $null -eq $x64) {write-host $notfound -fore black -back yellow; choice /c EX1T; exit 1}
    
    ri 'defender-dism' -recurse -force -ea 0|out-null
    ni 'defender-dism','defender-dism\x86','defender-dism\x64' -item directory -force -ea 0|out-null
    if ($x86) {expand -R $x86 -F:* 'defender-dism\x86'}
    if ($x64) {expand -R $x64 -F:* 'defender-dism\x64'}
    
    $invalid = @()
    gci defender-dism\*.* -exclude *.json,*.mof,*.txt,*.xml -file -recurse | foreach-object {
      $sig = Get-AuthenticodeSignature $_; if ($sig.status -ne 0) {$invalid += $_} else {write-output $sig} <# ($sig|fl) #>
    }
    
    write-host
    if ($invalid.length -eq 0) {write-host -fore white -back green " Verified! "}
    else {write-host -fore white -back red " Invalid Digital Signature(s) found: "; write-output $invalid}
    choice /c EX1T
    
    #^_^ AveYo
    Save as defender_update_kit_verify.bat in the same folder as Defender Update Kit cabs
    It will extract cabs in a defender-dism folder, then run Get-AuthenticodeSignature powershell cmdlet on all sensitive files.
    Hope it helps someone.
     

    Attached Files:

  5. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,079
    1,671
    60
    #5 steven4554, Apr 3, 2021
    Last edited: Apr 4, 2021
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. BAU

    BAU MDL Addicted

    Feb 10, 2009
    906
    1,877
    30
  7. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,079
    1,671
    60
    #7 steven4554, Apr 4, 2021
    Last edited: Apr 4, 2021
    (OP)
    Thanks for the feedback, and for further improving the PowerShell script. I cannot release information regarding how I make the cabinet files, but you can be assured that the files contained inside the cabs have not been touched and come directly from the websites I already stated. But I do listen to feedback, in fact I welcome it good and bad. Anything to help further improve this project is appreciated. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...