Microsoft Defender virus protection system

Discussion in 'Windows 7' started by ThomasMann, Jan 13, 2021.

  1. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,770
    295
    60
    From heise, Germany:

    "Attackers are currently actively exploiting a critical malicious code vulnerability (CVE-2021-1647) in the Microsoft Defender virus protection system. To what extent this will take place is currently not known. The error can be found in the malware protection engine. Microsoft states that version 1.1.17700.4 is fixed. The update will be installed automatically."

    How can Simplex users install this update in Win7?

    Thanks!
     
  2. shhnedo

    shhnedo MDL Expert

    Mar 20, 2011
    1,662
    2,217
    60
    I imagine the same way everyone else does - through windows update...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. George King

    George King MDL Expert

    Aug 5, 2009
    1,846
    2,132
    60
    It can be done, here is example from my still unreleased tool Windows 6.1 Kitchen

    Code:
    if exist "%IMAGE%\ProgramData\Microsoft\Windows Defender" (
        echo         KB915597 - Windows Defender Definition
        if exist "%IMAGE%\ProgramData\Microsoft\Windows Defender" (
            if exist "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" (
                takeown /F "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" /A >nul 2>nul
                icacls "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" /grant Administrators:F >nul 2>nul
                rd /q /s "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" >nul 2>nul
            )
        )
      
        md "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates"
        md "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates"
        md "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup"
      
        "%~dp0apps\7z\%PROCESSOR_ARCHITECTURE%\7z.exe" x "%~dp0updates\mpas-fe-%ARCH%.exe" -o"%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates" >nul
        if exist "%IMAGE%\Windows\System32\MpSigStub.exe" (
            takeown /F "%IMAGE%\Windows\System32\MpSigStub.exe" /A >nul 2>nul
            icacls "%IMAGE%\Windows\System32\MpSigStub.exe" /grant Administrators:F >nul 2>nul
            del /q /s "%IMAGE%\Windows\System32\MpSigStub.exe" >nul
        )
        move /y "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\MpSigStub.exe" "%IMAGE%\Windows\System32\MpSigStub.exe" >nul
        icacls "%IMAGE%\Windows\System32\MpSigStub.exe" /setowner "NT SERVICE\TrustedInstaller" >nul
        icacls "%IMAGE%\Windows\System32\MpSigStub.exe" /grant:r Administrators:RX >nul
        icacls "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" /setowner "NT SERVICE\TrustedInstaller" >nul
        icacls "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" /grant:r Administrators:RX >nul
      
        attrib +h "%IMAGE%\ProgramData" >nul
    )
    
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. erpsterm35

    erpsterm35 MDL Expert

    May 27, 2013
    1,857
    1,714
    60
    you should have posted or asked that question here instead

    edit - because it's an MS defender engine update, it is not part of the simplix pack