Microsoft Defender Anti-Malware/Platform Update Kit for Windows 11 (Updated: February 3rd, 2023)

Discussion in 'Windows 11' started by steven4554, Jul 3, 2021.

  1. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,310
    2,382
    60
    I will be releasing defender cabs from today and every week on a Friday now. Still be providing cabs on Patch Tuesday as well every month. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. drew84

    drew84 MDL Expert

    Mar 13, 2014
    1,215
    1,999
    60
    4.18.2210.4 was installed with upgrade to 25227
    but can't find any references to it on my machine, consequently can't derive download path... apologies
    if anyone has access to the sha1 of the .exe, please up
     
  3. jeffreywe

    jeffreywe MDL Novice

    Nov 13, 2010
    11
    1
    0
    #105 jeffreywe, Oct 31, 2022
    Last edited: Nov 5, 2022
    How to prevent the "Block App" override by web? thanks!
    View attachment 61377

    Enabling PUA protection:
    powershell Set-MpPreference -PUAProtection Enabled.

    reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v SmartScreenPuaEnabled /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v SmartScreenForTrustedDownloadsEnabled /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v SmartScreenEnabled /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v PreventSmartScreenPromptOverrideForFiles /t REG_DWORD /d 1 /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_SZ /d "-" /f
    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_SZ /d "-" /f

    System information:

    12th Gen Intel(R) Core(TM) i5-12500 3.00 GHz
    Windows 11 Pro
    Version 21H2
    OS build 22000.1165
    Engine: 1.1.19700.3
    Platform: 4.18.2210.4
    Version: 1.377.1067.0

    Upgrade to 22623.875, the problem is solved.
     

    Attached Files:

  4. xCyBx

    xCyBx MDL Senior Member

    Aug 6, 2018
    255
    418
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Stripakulina

    Stripakulina MDL Member

    Jul 19, 2009
    195
    499
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. xCyBx

    xCyBx MDL Senior Member

    Aug 6, 2018
    255
    418
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. DarkKnight1995

    DarkKnight1995 MDL Novice

    Jan 9, 2019
    43
    16
    0
    This does not work as is. I downloaded the x64 and x86 cab files for windows 10, placed the script and cab files in a single folder and ran the script as admin but the script just gives "[E,X,1,T]" after the initial warning prompt without doing anything.
    Untitled.png

    If I remove the following 3 lines from the script,

    Code:
    $x86   = gci defender-dism-beta-x86*.cab   | sort creationtime | select-object -last 1
    $x64   = gci defender-dism-beta-x64*.cab   | sort creationtime | select-object -last 1
    $arm64 = gci defender-dism-beta-arm64*.cab | sort creationtime | select-object -last 1
    the script starts to work as intended. What gives???:confused::confused::confused:
     
  8. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,310
    2,382
    60
    Thanks for the feedback, I think the script is looking for both non-beta and beta defender cabs when launching the script. I will update the script so this doesn't happen and will only look for what's in the same folder as the script.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. RobertX

    RobertX MDL Member

    Dec 6, 2014
    147
    20
    10
    #114 RobertX, Jan 6, 2023
    Last edited: Jan 6, 2023
    Hi, great program!

    Just bumped into a beginner's error when typing this:

    Code:
    DefenderUpdateWinImage.bat -WorkingDirectory "C:\Temp" -Action AddUpdate -ImagePath "install.wim" -Package "defender-dism-x64.cab"
    
    The directory of the program is C:\DefenderUpdateWinImage, the working directory is C:\temp, and both the Defender CAB and install.wim files are in the same directory as DefenderUpdateWinImage..

    The error I got was:

    Code:
    iex : At line:254 char:96
    + ... nor -eq 0) -and ($build -eq 17763) -and ($qfe -ge 2452))  -or  <#RS5: ...
    +                                                                  ~
    You must provide a value expression following the '-or' operator.
    At line:1 char:1
    + iex ([io.file]::ReadAllText($env:0))
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ParserError: (:) [Invoke-Expression], ParseException
        + FullyQualifiedErrorId : ExpectedValueExpression,Microsoft.PowerShell.Commands.InvokeExpressionCommand
    
    Been spending the whole night last night trying to figure out what's happening.

    Thanks!
     
  10. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    14,365
    73,919
    340
    @RobertX
    edit the script, search for ($qfe -ge 2452)) -or and delete " -or"

    @steven4554
    is it possible to attach v2.6 for reference? :)
     
  11. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,310
    2,382
    60
    I have released a Beta v2.7.1, as for v2.6 I no longer have that file unfortunately.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. RobertX

    RobertX MDL Member

    Dec 6, 2014
    147
    20
    10
    Shoot, new problem...

    Code:
    Updating security intelligence and antimalware engine.
    Updating platform.
    Failed to add the Defender update.
    Cannot find path 'C:\Temp\os\ProgramData\Microsoft\Windows Defender\Platform\MpAsDesc.dll' because it does not exist.
    at Add-Update, <No file>: line 400
    at DefenderUpdateWinImage, <No file>: line 567
    at <ScriptBlock>, <No file>: line 1
    at <ScriptBlock>, <No file>: line 596
    at <ScriptBlock>, <No file>: line 1
    Discarding the changes and returning the OS image to its original state.
    Copy-Item : Cannot find path 'C:\Temp\os\ProgramData\Microsoft\Windows Defender\Platform\MpAsDesc.dll' because it does
    not exist.
    At line:400 char:9
    +         Copy-Item -Path $mpasdescSrc -Destination $mpasdescTarget
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (C:\Temp\os\Prog...rm\MpAsDesc.dll:String) [Copy-Item], ItemNotFoundExce
       ption
        + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.CopyItemCommand
    
    I'm using the definitions on this link: https://forums.mydigitallife.net/th...or-windows-10-updated-january-5th-2023.83310/

    I am trying to integrate the definitions on that link at my Windows 10 Pro image.

    I have tried:
    - moving the install.wim file to the directory of the integrator utility and back into an extracted directory of Windows 10 installation files are kept.
    - using absolute paths when typing out the parameters of the utitliy
    - downloading the same definitions many times and making sure they're for Windows 10

    Can't really see how I can go wrong.

    EDIT: I'm using Windows 11 22H2 to integrate updates to a Windows 10 image. Can that be the problem?
     
  13. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,310
    2,382
    60
    Too be honest, I don't know much about script programming so maybe AveYo or someone else can fix this issue. I am going to remove the script for now so I would recommend using @abbodi1406 Win10UI script, which will integrate the defender cab along with the updates for Windows 10.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    14,365
    73,919
    340
    Hopefully fixed
     

    Attached Files:

  15. gjohnson5

    gjohnson5 MDL Junior Member

    Jul 25, 2013
    50
    25
    0
    Thge error shows
    Cannot find path 'C:\Temp\os\ProgramData\Microsoft\Windows Defender\Platform\MpAsDesc.dll' because it does not exist.

    Copy-Item : Cannot find path 'C:\Temp\os\ProgramData\Microsoft\Windows Defender\Platform\MpAsDesc.dll' because it does
    not exist.

    At line:400 char:9
    + Copy-Item -Path $mpasdescSrc -Destination $mpasdescTarget
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (C:\Temp\os\Prog...rm\MpAsDesc.dll:String) [Copy-Item], ItemNotFoundExce