Microsoft Defender virus protection system

ThomasMann · Jan 13, 2021

From heise, Germany:

"Attackers are currently actively exploiting a critical malicious code vulnerability (CVE-2021-1647) in the Microsoft Defender virus protection system. To what extent this will take place is currently not known. The error can be found in the malware protection engine. Microsoft states that version 1.1.17700.4 is fixed. The update will be installed automatically."

How can Simplex users install this update in Win7?

Thanks!

shhnedo · Jan 14, 2021

I imagine the same way everyone else does - through windows update...

George King · Jan 14, 2021

It can be done, here is example from my still unreleased tool Windows 6.1 Kitchen

Code:

if exist "%IMAGE%\ProgramData\Microsoft\Windows Defender" (
    echo         KB915597 - Windows Defender Definition
    if exist "%IMAGE%\ProgramData\Microsoft\Windows Defender" (
        if exist "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" (
            takeown /F "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" /A >nul 2>nul
            icacls "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" /grant Administrators:F >nul 2>nul
            rd /q /s "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" >nul 2>nul
        )
    )
  
    md "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates"
    md "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates"
    md "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup"
  
    "%~dp0apps\7z\%PROCESSOR_ARCHITECTURE%\7z.exe" x "%~dp0updates\mpas-fe-%ARCH%.exe" -o"%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates" >nul
    if exist "%IMAGE%\Windows\System32\MpSigStub.exe" (
        takeown /F "%IMAGE%\Windows\System32\MpSigStub.exe" /A >nul 2>nul
        icacls "%IMAGE%\Windows\System32\MpSigStub.exe" /grant Administrators:F >nul 2>nul
        del /q /s "%IMAGE%\Windows\System32\MpSigStub.exe" >nul
    )
    move /y "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\MpSigStub.exe" "%IMAGE%\Windows\System32\MpSigStub.exe" >nul
    icacls "%IMAGE%\Windows\System32\MpSigStub.exe" /setowner "NT SERVICE\TrustedInstaller" >nul
    icacls "%IMAGE%\Windows\System32\MpSigStub.exe" /grant:r Administrators:RX >nul
    icacls "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" /setowner "NT SERVICE\TrustedInstaller" >nul
    icacls "%IMAGE%\ProgramData\Microsoft\Windows Defender\Definition Updates" /grant:r Administrators:RX >nul
  
    attrib +h "%IMAGE%\ProgramData" >nul
)

ThomasMann · Jan 14, 2021

You need to login to view this posts content.

erpsterm35 · Feb 20, 2021

ThomasMann said: ↑

I probably should have asked: Will this update be included in the January simplex update?
Click to expand...

you should have posted or asked that question here instead

edit - because it's an MS defender engine update, it is not part of the simplix pack

Microsoft Defender virus protection system

ThomasMann MDL Expert

shhnedo MDL Addicted

George King MDL Addicted

ThomasMann MDL Expert

erpsterm35 MDL Expert