Microsoft Defender Anti-Malware/Platform Update Kit for Windows 11 (Updated: March 27th, 2024)

Discussion in 'Windows 11' started by steven4554, Jul 3, 2021.

?

Should I drop the arm64 defender cabs for both Windows 10 and 11?

Poll closed Oct 7, 2023.
  1. Yes

    32 vote(s)
    43.8%
  2. No

    12 vote(s)
    16.4%
  3. Maybe/Don't Know

    29 vote(s)
    39.7%
  1. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,422
    2,598
    60
    I will be releasing defender cabs from today and every week on a Friday now. Still be providing cabs on Patch Tuesday as well every month. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. drew84

    drew84 MDL Expert

    Mar 13, 2014
    1,347
    2,302
    60
    4.18.2210.4 was installed with upgrade to 25227
    but can't find any references to it on my machine, consequently can't derive download path... apologies
    if anyone has access to the sha1 of the .exe, please up
     
  3. jeffreywe

    jeffreywe MDL Novice

    Nov 13, 2010
    17
    1
    0
    #105 jeffreywe, Oct 31, 2022
    Last edited: Nov 5, 2022
    How to prevent the "Block App" override by web? thanks!
    View attachment 61377

    Enabling PUA protection:
    powershell Set-MpPreference -PUAProtection Enabled.

    reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v SmartScreenPuaEnabled /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v SmartScreenForTrustedDownloadsEnabled /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v SmartScreenEnabled /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v PreventSmartScreenPromptOverrideForFiles /t REG_DWORD /d 1 /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_SZ /d "-" /f
    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_SZ /d "-" /f

    System information:

    12th Gen Intel(R) Core(TM) i5-12500 3.00 GHz
    Windows 11 Pro
    Version 21H2
    OS build 22000.1165
    Engine: 1.1.19700.3
    Platform: 4.18.2210.4
    Version: 1.377.1067.0

    Upgrade to 22623.875, the problem is solved.
     

    Attached Files:

  4. xCyBx

    xCyBx MDL Senior Member

    Aug 6, 2018
    315
    598
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Stripakulina

    Stripakulina MDL Member

    Jul 19, 2009
    203
    509
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. xCyBx

    xCyBx MDL Senior Member

    Aug 6, 2018
    315
    598
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. DuskGolem

    DuskGolem MDL Junior Member

    Jan 9, 2019
    86
    28
    0
    This does not work as is. I downloaded the x64 and x86 cab files for windows 10, placed the script and cab files in a single folder and ran the script as admin but the script just gives "[E,X,1,T]" after the initial warning prompt without doing anything.
    Untitled.png

    If I remove the following 3 lines from the script,

    Code:
    $x86   = gci defender-dism-beta-x86*.cab   | sort creationtime | select-object -last 1
    $x64   = gci defender-dism-beta-x64*.cab   | sort creationtime | select-object -last 1
    $arm64 = gci defender-dism-beta-arm64*.cab | sort creationtime | select-object -last 1
    the script starts to work as intended. What gives???:confused::confused::confused:
     
  8. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,422
    2,598
    60
    Thanks for the feedback, I think the script is looking for both non-beta and beta defender cabs when launching the script. I will update the script so this doesn't happen and will only look for what's in the same folder as the script.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. RobertX

    RobertX MDL Member

    Dec 6, 2014
    234
    26
    10
    #114 RobertX, Jan 6, 2023
    Last edited: Jan 6, 2023
    Hi, great program!

    Just bumped into a beginner's error when typing this:

    Code:
    DefenderUpdateWinImage.bat -WorkingDirectory "C:\Temp" -Action AddUpdate -ImagePath "install.wim" -Package "defender-dism-x64.cab"
    
    The directory of the program is C:\DefenderUpdateWinImage, the working directory is C:\temp, and both the Defender CAB and install.wim files are in the same directory as DefenderUpdateWinImage..

    The error I got was:

    Code:
    iex : At line:254 char:96
    + ... nor -eq 0) -and ($build -eq 17763) -and ($qfe -ge 2452))  -or  <#RS5: ...
    +                                                                  ~
    You must provide a value expression following the '-or' operator.
    At line:1 char:1
    + iex ([io.file]::ReadAllText($env:0))
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ParserError: (:) [Invoke-Expression], ParseException
        + FullyQualifiedErrorId : ExpectedValueExpression,Microsoft.PowerShell.Commands.InvokeExpressionCommand
    
    Been spending the whole night last night trying to figure out what's happening.

    Thanks!
     
  10. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    16,141
    84,315
    340
    @RobertX
    edit the script, search for ($qfe -ge 2452)) -or and delete " -or"

    @steven4554
    is it possible to attach v2.6 for reference? :)
     
  11. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,422
    2,598
    60
    I have released a Beta v2.7.1, as for v2.6 I no longer have that file unfortunately.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. RobertX

    RobertX MDL Member

    Dec 6, 2014
    234
    26
    10
    Shoot, new problem...

    Code:
    Updating security intelligence and antimalware engine.
    Updating platform.
    Failed to add the Defender update.
    Cannot find path 'C:\Temp\os\ProgramData\Microsoft\Windows Defender\Platform\MpAsDesc.dll' because it does not exist.
    at Add-Update, <No file>: line 400
    at DefenderUpdateWinImage, <No file>: line 567
    at <ScriptBlock>, <No file>: line 1
    at <ScriptBlock>, <No file>: line 596
    at <ScriptBlock>, <No file>: line 1
    Discarding the changes and returning the OS image to its original state.
    Copy-Item : Cannot find path 'C:\Temp\os\ProgramData\Microsoft\Windows Defender\Platform\MpAsDesc.dll' because it does
    not exist.
    At line:400 char:9
    +         Copy-Item -Path $mpasdescSrc -Destination $mpasdescTarget
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (C:\Temp\os\Prog...rm\MpAsDesc.dll:String) [Copy-Item], ItemNotFoundExce
       ption
        + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.CopyItemCommand
    
    I'm using the definitions on this link: https://forums.mydigitallife.net/th...or-windows-10-updated-january-5th-2023.83310/

    I am trying to integrate the definitions on that link at my Windows 10 Pro image.

    I have tried:
    - moving the install.wim file to the directory of the integrator utility and back into an extracted directory of Windows 10 installation files are kept.
    - using absolute paths when typing out the parameters of the utitliy
    - downloading the same definitions many times and making sure they're for Windows 10

    Can't really see how I can go wrong.

    EDIT: I'm using Windows 11 22H2 to integrate updates to a Windows 10 image. Can that be the problem?
     
  13. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,422
    2,598
    60
    Too be honest, I don't know much about script programming so maybe AveYo or someone else can fix this issue. I am going to remove the script for now so I would recommend using @abbodi1406 Win10UI script, which will integrate the defender cab along with the updates for Windows 10.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    16,141
    84,315
    340
    Hopefully fixed
     

    Attached Files:

  15. gjohnson5

    gjohnson5 MDL Member

    Jul 25, 2013
    132
    54
    10
    Thge error shows
    Cannot find path 'C:\Temp\os\ProgramData\Microsoft\Windows Defender\Platform\MpAsDesc.dll' because it does not exist.

    Copy-Item : Cannot find path 'C:\Temp\os\ProgramData\Microsoft\Windows Defender\Platform\MpAsDesc.dll' because it does
    not exist.

    At line:400 char:9
    + Copy-Item -Path $mpasdescSrc -Destination $mpasdescTarget
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (C:\Temp\os\Prog...rm\MpAsDesc.dll:String) [Copy-Item], ItemNotFoundExce