Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2107.4) Now available for all on MS Catalog Website. Direct Download Links have been removed, as this version of the platform update is out of date and could pose a security risk.
Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2108.5) Only available for Insiders, Not available on MS Catalog website. Direct Download Links have been removed, as this version of the platform update is out of date and could pose a security risk.
Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2108.7) Now available for all on MS Catalog Website. Direct Download Links have been removed, as this version of the platform update is out of date and could pose a security risk.
Microsoft Defender Verification Tool v2.1 Created by @AveYo Maintained by @AveYo @steven4554 Source Code Code: @(set `" <#=")& echo off & title Defender Update Kit Verification Tool v2.1 set "0=%~f0"&set 1=%*& powershell -nop -c iex ([io.file]::ReadAllText($env:0)) &exit/b || #>) $messages = @{ WARN_DEFENDER_CABS_BETA_NOT_SUPPORTED = " Please delete the word beta or rc from the defender cab file, before using this tool. For Example defender-dism-x64.cab " WARN_DIGITAL_SIGNATURES_ERR = " ERR! " WARN_DIGITAL_SIGNATURES_OK = " OK! " } cd -Lit(split-path $env:0) $x86 = gci defender-dism-x86*.cab | sort creationtime | select-object -last 1 $x64 = gci defender-dism-x64*.cab | sort creationtime | select-object -last 1 $arm64 = gci defender-dism-arm64*.cab | sort creationtime | select-object -last 1 if ($beta -eq $x86 -and $beta -eq $x64 -and $beta -eq $arm64) { write-host -fore black -back yellow $messages.WARN_DEFENDER_CABS_BETA_NOT_SUPPORTED; choice /c EX1T; exit 1 } $root = "defender-dism"; ri $root -recurse -force -ea 0|out-null; ni $root -item directory -force -ea 0|out-null if ($x86) {ni "$root\x86" -item directory -force -ea 0|out-null; expand -R $x86.Name -F:* "$root\x86"} if ($x64) {ni "$root\x64" -item directory -force -ea 0|out-null; expand -R $x64.Name -F:* "$root\x64"} if ($arm64) {ni "$root\arm64" -item directory -force -ea 0|out-null; expand -R $arm64.Name -F:* "$root\arm64"} $ext = '.exe .dll .mui .sys .ax .ocx .cpl .scr .msu .msi .Msix .msixbundle .appx .appxbundle .cab .cat .cdxml .ps1xml .psd1 .psm1' $filter = $ext.Split(); $err = @() gci $root\*.* -file -recurse | foreach-object { if ($filter -contains $_.Extension) { $sig = Get-AuthenticodeSignature $_ if ($sig.status -eq 0) { $sig.SignerCertificate| add-member Thumbprint $sig.SignerCertificate.Subject.Split('=')[1].Trim(', O').Trim(', OU') -force write-output $sig } else { $err += "Invalid "+$_.FullName+"`nModified "+$_.LastWriteTime+" Size "+$_.Length+"`n" } } } write-host if ($err.length -eq 0 -and ($x86 -or $x64 -or $arm64)) { write-host -fore yellow -back darkgreen $messages.WARN_DIGITAL_SIGNATURES_OK } else { write-output $err; write-host -fore yellow -back darkred $messages.WARN_DIGITAL_SIGNATURES_ERR } write-host choice /c EX1T #,# AveYo and steven4554 Save as defender_update_kit_verify.bat in the same folder as Defender cabs It will extract cabs in a defender-dism folder, then run Get-AuthenticodeSignature powershell cmdlet on all sensitive files. Please delete the word beta or rc from the defender cab file before using this tool, for example: defender-dism-x64.cab Changelog: v2.1 - steven4554 removes the Beta and RC scripts as they are no longer needed. Downloads on Mega removed. v2.0.1 - steven4554 creates a RC defender verification tool and relocates files too Mega. v2.0 - steven4554 splits verification scripts into two separate scripts, as reported that a member was having trouble verifying the files inside as the script failed to detect a cab in the same folder as the script. v1.6.1 - steven4554 added ability to verify files inside Beta defender cab files in x64, x86 and arm64. v1.6 - AveYo improved Output Speed v1.5 - AveYo has switched to the file extensions to be included that have a Digital Signature. Also this version has enhanced output. v1.4 - Added two file extension exclusions to correct and fix Digital Signature Errors.
Updated my posts as well - with a twist! filter switched to inclusion instead of exclusion so it should be futureproof + enhanced output - show signer name instead of useless Thumbprint I prefer using instead the generic Verify Digital Signatures from right click - Send to for any files/folders
Windows Defender Integration Tool v2.7f and 2.7.1f Tool created by MS Modded/Updated by @AveYo and @abbodi1406 https://forums.mydigitallife.net/th...ed-january-5th-2023.83758/page-6#post-1771640
New Platform Update [ 4.18.2109.2-0 ] 1 error is displayed to me <defender>1.1.2109.4</defender> <engine>1.1.18600.3</engine> <platform>4.18.2109.2</platform> <signatures>1.349.1197.0</signatures> Edit: new win 11 created with uup-converter-wimlib-72u no problems, only new defination is downloaded. 1.349.1201.0 my definition for the package was 1.349.1197.0 would still be nice if they could eliminate this error, I do not like red and error ( fun fits yes everything, thank you very much, since they have conjured up something great I am surprised that the new engine version: 1.1.18600.3 does not appear in the created image. would i have to integrate extra files for this ? Edit: have found it which file responsible for the engine. just stupid that I have deleted the old vmware, and in the new set up it does not load the new engine 1.1.18600.3
Thanks for making me aware about the new platform update, this will be in this Friday's x64 cab. I don't mind people making their own personal defender cabs, but I would like to ask that you do not provide download links as they haven't been verified as safe or free from tampering. Also the reason why virus definition is showing error, is the mpengine.dll file has been tampered with. There is no new engine update yet, as MS hasn't released the next version of virus definitions which will be 1.351.0.0.
Thanks, and is available for all on MS Catalog website. Direct Download Links have been removed, as this version of the platform update is out of date and could pose a security risk.
Pardon me for a possibly dumb question, but has someone successfully tested this on Windows 11? I have used Windows Defender Integration Tool v2.4 (also tried the original MS version) to integrate the latest cab (also tried the latest cab on the original MS website) to integrate to a vanilla Windows 11 ISO, no other changes to the image. After installing (tried many times in a VM) and initial OOBE (again, tested on vanilla 11 ISO without any unattended.xml), Windows still installs & uses the old platform version present in 'Program Files\Windows Defender'. Checking the registry, I see that 'HKLM\SOFTWARE\Microsoft\Windows Defender\InstallLocation' is still 'C:\Program Files\Windows Defender\' (and not ProgramData) and, most importantly, BlockedLocation key is created, with value 'C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0' (corresponding to the version in cab). So it seems that the platform update is noticed and explicitly blocked. The signatures/engine, on the other hand, seems to be installed without problems.
OK, figured it out, the DefenderUpdateWinImage is wrong & obsolete, even the modified 2.4 version. It overrides newer versions of MpAsDesc.dll(.mui) files with stock versions from Program Files. This must be something from old versions that did not contain their own versions of those files? Commenting these blocks: # MpAsDesc.dll, # Language mui file(mpasdesc.dll.mui). # x86 mui files for amd64. makes the update to install correctly (then again, you might just as well extract the files and just copy them). This has been broken for a while...