Microsoft Defender Anti-Malware/Platform Update Kit for Windows 11 (Updated: October 15th, 2021)

Discussion in 'Windows 11' started by steven4554, Jul 3, 2021.

  1. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,148
    1,866
    60
    #1 steven4554, Jul 3, 2021
    Last edited: Oct 15, 2021 at 04:01
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,148
    1,866
    60
    #2 steven4554, Jul 9, 2021
    Last edited: Jul 15, 2021
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,148
    1,866
    60
    #3 steven4554, Jul 20, 2021
    Last edited: Aug 13, 2021
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,148
    1,866
    60
    #4 steven4554, Aug 29, 2021
    Last edited: Sep 1, 2021
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,148
    1,866
    60
    #5 steven4554, Sep 1, 2021
    Last edited: Sep 8, 2021
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,148
    1,866
    60
    #6 steven4554, Sep 15, 2021
    Last edited: Sep 16, 2021
    (OP)
    Microsoft Defender Verification Tool v1.6
    Created by @BAU
    Updated by @BAU @steven4554

    Source Code
    Code:
    @(set `" <#=")& echo off & title Defender Update Kit Verification Tool v1.6
    set "0=%~f0"&set 1=%*& powershell -nop -c iex ([io.file]::ReadAllText($env:0)) &exit/b || #>)
    
    $messages = @{
      WARN_DEFENDER_CABS_MISSING  = " Place this script in the same folder as Defender Update cabs "
      WARN_DIGITAL_SIGNATURES_ERR = " ERR! "
      WARN_DIGITAL_SIGNATURES_OK  = " OK! "
    }
    
    cd -Lit(split-path $env:0)
    $x86   = gci defender-dism-x86*.cab   | sort creationtime | select-object -last 1
    $x64   = gci defender-dism-x64*.cab   | sort creationtime | select-object -last 1
    $arm64 = gci defender-dism-arm64*.cab | sort creationtime | select-object -last 1
    
    if ($null -eq $x86 -and $null -eq $x64 -and $null -eq $arm64) {
      write-host -fore black -back yellow $messages.WARN_DEFENDER_CABS_MISSING; choice /c EX1T; exit 1
    }
    
    $root = "defender-dism";  ri $root -recurse -force -ea 0|out-null; ni $root -item directory -force -ea 0|out-null
    if ($x86) {ni "$root\x86"   -item directory -force -ea 0|out-null; expand -R $x86.Name -F:* "$root\x86"}
    if ($x64) {ni "$root\x64"   -item directory -force -ea 0|out-null; expand -R $x64.Name -F:* "$root\x64"}
    if ($arm64) {ni "$root\arm64" -item directory -force -ea 0|out-null; expand -R $arm64.Name -F:* "$root\arm64"}
    
    $ext = '.exe .dll .mui .sys .ax .ocx .cpl .scr .msu .msi .Msix .msixbundle .appx .appxbundle .cab .cat .cdxml .ps1xml .psd1 .psm1'
    $filter = $ext.Split(); $err = @()
    gci $root\*.* -file -recurse | foreach-object {       
      if ($filter -contains $_.Extension) {
       $sig = Get-AuthenticodeSignature $_
       if ($sig.status -eq 0) {
         $sig.SignerCertificate| add-member Thumbprint $sig.SignerCertificate.Subject.Split('=')[1].Trim(', O').Trim(', OU') -force
         write-output $sig
       }
       else { $err += "Invalid   "+$_.FullName+"`nModified  "+$_.LastWriteTime+"  Size  "+$_.Length+"`n" }
      }
    }
    write-host
    if ($err.length -eq 0 -and ($x86 -or $x64 -or $arm64)) {
      write-host -fore yellow -back darkgreen $messages.WARN_DIGITAL_SIGNATURES_OK
    } else {
      write-output $err; write-host -fore yellow -back darkred $messages.WARN_DIGITAL_SIGNATURES_ERR
    }
    write-host
    choice /c EX1T
    #,# AveYo and steven4554
    
    Save as defender_update_kit_verify.bat in the same folder as Defender Update Kit cabs
    It will extract cabs in a defender-dism folder, then run Get-AuthenticodeSignature powershell cmdlet on all sensitive files.

    Changelog:
    v1.6 - BAU improved Output Speed
    v1.5 - BAU has switched to the file extensions to be included that have a Digital Signature. Also this version has enhanced output.
    v1.4 - Added two file extension exclusions to correct and fix Digital Signature Errors.
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. BAU

    BAU MDL Expert

    Feb 10, 2009
    1,106
    2,726
    60
    Updated my posts as well - with a twist!
    filter switched to inclusion instead of exclusion so it should be futureproof + enhanced output - show signer name instead of useless Thumbprint
    I prefer using instead the generic Verify Digital Signatures from right click - Send to for any files/folders
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,148
    1,866
    60

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. KleineZiege

    KleineZiege MDL Addicted

    Dec 11, 2018
    660
    347
    30
    #9 KleineZiege, Sep 22, 2021
    Last edited: Sep 22, 2021
    New Platform Update [ 4.18.2109.2-0 ]

    1 error is displayed to me

    <defender>1.1.2109.4</defender>
    <engine>1.1.18600.3</engine>
    <platform>4.18.2109.2</platform>
    <signatures>1.349.1197.0</signatures>

    Edit:

    new win 11 created with uup-converter-wimlib-72u
    no problems, only new defination is downloaded.
    1.349.1201.0

    my definition for the package was
    1.349.1197.0

    would still be nice if they could eliminate this error, I do not like red and error ( fun fits yes everything, thank you very much, since they have conjured up something great

    I am surprised that the new engine version: 1.1.18600.3 does not appear in the created image.
    would i have to integrate extra files for this ?

    Edit:
    have found it which file responsible for the engine.
    just stupid that I have deleted the old vmware, and in the new set up it does not load the new engine 1.1.18600.3 :(
     

    Attached Files:

  10. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,148
    1,866
    60
    #10 steven4554, Sep 22, 2021
    Last edited: Sep 22, 2021
    (OP)
    Thanks for making me aware about the new platform update, this will be in this Friday's x64 cab. I don't mind people making their own personal defender cabs, but I would like to ask that you do not provide download links as they haven't been verified as safe or free from tampering. Also the reason why virus definition is showing error, is the mpengine.dll file has been tampered with. There is no new engine update yet, as MS hasn't released the next version of virus definitions which will be 1.351.0.0.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,148
    1,866
    60
    #11 steven4554, Sep 23, 2021
    Last edited: Sep 23, 2021
    (OP)
    Deleted.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. steven4554

    steven4554 MDL Expert

    Jul 12, 2009
    1,148
    1,866
    60
    #13 steven4554, Oct 5, 2021
    Last edited: Oct 7, 2021
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...