Return to site
Return to site

Microsoft Windows Defender

broken image

 

 

 

*Microsoft Windows Defender Download

*Microsoft Windows Defender Advanced Threat Protection

*Microsoft Windows Defender Download 8.1

*Microsoft Windows Defender Antivirus-->

Applies to:Overview

Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using Microsoft Defender ATP together with your antivirus protection.

*If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Microsoft Defender Antivirus automatically goes into disabled mode.

*If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.)

*If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have EDR in block mode (currently in preview) enabled, then whenever a malicious artifact is detected, Microsoft Defender ATP takes action to block and remediate the artifact.

*Nov 27, 2019.

*If you need to use two-factor authentication to access your business network and resources but don’t want to carry a second device, then this is the solution for you! The Defender Soft Token for Windows Phone when used in conjunction with Defender enables you to use your Windows Phone device as a token to enable two-factor authentication to your corporate.Antivirus and Microsoft Defender ATP

Microsoft Defender Advanced Threat Protection (ATP) delivers preventative protection, post-breach detection, automated investigation, and response. Sep 07, 2020.

The following table summarizes what happens with Microsoft Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender ATP.Windows versionAntimalware protection offered byOrganization enrolled in Microsoft Defender ATPMicrosoft Defender Antivirus stateWindows 10A third-party product that is not offered or developed by MicrosoftYesPassive modeWindows 10A third-party product that is not offered or developed by MicrosoftNoAutomatic disabled modeWindows 10Microsoft Defender AntivirusYesActive modeWindows 10Microsoft Defender AntivirusNoActive modeWindows Server 2016 or 2019A third-party product that is not offered or developed by MicrosoftYesActive mode[1]Windows Server 2016 or 2019A third-party product that is not offered or developed by MicrosoftNoActive mode[1]Windows Server 2016 or 2019Microsoft Defender AntivirusYesActive modeWindows Server 2016 or 2019Microsoft Defender AntivirusNoActive mode

(1) On Windows Server 2016 or 2019, Microsoft Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product. If you install a third-party antivirus product, you should consider uninstalling Microsoft Defender Antivirus on Windows Server 2016 or 2019 to prevent problems caused by having multiple antivirus products installed on a machine.

If you are Using Windows Server, version 1803 and Windows 2019, you can enable passive mode by setting this registry key:

*Path: HKLMSOFTWAREPoliciesMicrosoftWindows Advanced Threat Protection

*Name: ForceDefenderPassiveMode

*Type: REG_DWORD

*Value: 1Microsoft Windows Defender Download

See Microsoft Defender Antivirus on Windows Server 2016 and 2019 for key differences and management options for Windows Server installations.

Important

Microsoft Defender Antivirus is only available on endpoints running Windows 10, Windows Server 2016, and Windows Server 2019.

In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as System Center Endpoint Protection, which is managed through Microsoft Endpoint Configuration Manager.

Windows Defender is also offered for consumer devices on Windows 8.1 and Windows Server 2012, although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations).Functionality and features available in each state

The following table summarizes the functionality and features that are available in each state:StateReal-time protection and cloud-delivered protectionLimited periodic scanning availabilityFile scanning and detection informationThreat remediationSecurity intelligence updatesActive mode YesNoYesYesYesPassive modeNoNoYesNoYesEDR in block mode enabledNoNoYesYesYesAutomatic disabled modeNoYesNoNoNo

*In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).

*In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service.

*When EDR in block mode (currently in private preview) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items.

*In Automatic disabled mode, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated.Keep the following points in mind

If you are enrolled in Microsoft Defender ATP and you are using a third party antimalware product then passive mode is enabled because the service requires common information sharing from the Microsoft Defender Antivirus service in order to properly monitor your devices and network for intrusion attempts and attacks.

When Microsoft Defender Antivirus is automatic disabled, it can automatically re-enable if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable limited periodic scanning, which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app.

In passive mode, you can still manage updates for Microsoft Defender Antivirus; however, you can't move Microsoft Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.

If you uninstall the other product, and choose to use Microsoft Defender Antivirus to provide protection to your endpoints, Microsoft Defender Antivirus will automatically return to its normal active mode.

Warning

You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the wscsvc, SecurityHealthService, MsSense, Sense, WinDefend, or MsMpEng services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the Windows Security app.Related topics-->

Applies to:

There are two types of updates related to keeping Microsoft Defender Antivirus up to date:

*Security intelligence updates

*Product updates

Important

Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques.This also applies to devices where Microsoft Defender Antivirus is running in passive mode.

Note

You can use the below URL to find out what are the current versions:https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=infoSecurity intelligence updates

Microsoft Defender Antivirus uses cloud-delivered protection (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection.

The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the security intelligence updates occur on a scheduled cadence (configurable via policy). See the Utilize Microsoft cloud-provided protection in Microsoft Defender Antivirus topic for more details about enabling and configuring cloud-provided protection.

Engine updates are included with the security intelligence updates and are released on a monthly cadence.Product updatesMicrosoft Windows Defender Advanced Threat Protection

Microsoft Defender Antivirus requires monthly updates (KB4052623) (known as 'platform updates'), and will receive major feature updates alongside Windows 10 releases.

You can manage the distribution of updates through Windows Server Update Service (WSUS), with Microsoft Endpoint Configuration Manager, or in the normal manner that you deploy Microsoft and Windows updates to endpoints in your network.For more information, see Manage the sources for Microsoft Defender Antivirus protection updates.

Note

We release these monthly updates in phases. This results in multiple packages showing up in your WSUS server.Monthly platform and engine versions

For information how to update or how to install the platform update, please see Update for Windows Defender antimalware platform.

All our updates contain:

*performance improvements

*serviceability improvements

*integration improvements (Cloud, MTP) August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5)

 Security intelligence update version: 1.323.9.0 Released: August 27, 2020 Platform: 4.18.2008.9 Engine: 1.1.17400.5 Support phase: Security and Critical UpdatesWhat's new

*Add more telemetry events

*Improved scan event telemetry

*Improved behavior monitoring for memory scans

*Improved macro streams scanning

*Added 'AMRunningMode' to Get-MpComputerStatus Powershell CmdLetKnown Issues

No known issues July-2020 (Platform: 4.18.2007.8 | Engine: 1.1.17300.4)

 Security intelligence update version: 1.321.30.0 Released: July 28, 2020 Platform: 4.18.2007.8 Engine: 1.1.17300.4 Support phase: Security and Critical UpdatesWhat's new

*Improved telemetry for BITS

*Improved Authenticode code signing certificate validationKnown Issues

No known issues June-2020 (Platform: 4.18.2006.10 | Engine: 1.1.17200.2)

 Security intelligence update version: 1.319.20.0 Released: June 22, 2020 Platform: 4.18.2006.10 Engine: 1.1.17200.2 Support phase: Security and Critical UpdatesWhat's new

*Possibility to specify the location of the support logs

*Skipping aggressive catchup scan in Passive mode.

*Allow Defender to update on metered connections

*Fixed performance tuning when caching is disabled

*Fixed registry query

*Fixed scantime randomization in ADMXKnown Issues

No known issues May-2020 (Platform: 4.18.2005.4 | Engine: 1.1.17100.2)

 Security intelligence update version: 1.317.20.0 Released: May 26, 2020 Platform: 4.18.2005.4 Engine: 1.1.17100.2 Support phase: Technical upgrade Support (Only)What's new

*Improved logging for scan events

*Improved user mode crash handling.

*Added event tracing for Tamper protection

*Fixed AMSI Sample submission

*Fixed AMSI Cloud blocking

*Fixed Security update install logKnown Issues

No known issues April-2020 (Platform: 4.18.2004.6 | Engine: 1.1.17000.2)

 Security intelligence update version: 1.315.12.0 Released: April 30, 2020 Platform: 4.18.2004.6 Engine: 1.1.17000.2 Support phase: Technical upgrade Support (Only)What's new

*WDfilter improvements

*Add more actionable event data to ASR detection events

*Fixed version information in diagnostic data and WMI

*Fixed incorrect platform version in UI after platform update

*Dynamic URL intel for Fileless threat protection

*UEFI scan capability

*Extend logging for updatesKnown Issues

No known issues March-2020 (Platform: 4.18.2003.8 | Engine: 1.1.16900.2)

 Security intelligence update version: 1.313.8.0 Released: March 24, 2020 Platform: 4.18.2003.8 Engine: 1.1.16900.4 Support phase: Technical upgrade Support (Only)What's new

*CPU Throttling option added to MpCmdRun

*Improve diagnostic capability

*reduce Security intelligence timeout (5min)

*Extend AMSI engine internal log capability

*Improve notification for process blockingKnown Issues

[Fixed] Microsoft Defender Antivirus is skipping files when running a scan.Microsoft Windows Defender Download 8.1 February-2020 (Platform: - | Engine: 1.1.16800.2)

Security intelligence update version: 1.311.4.0Released: February 25, 2020Platform/Client: -Engine: 1.1.16800.2Support phase: N/AWhat's newKnown Issues

No known issues January-2020 (Platform: 4.18.2001.10 | Engine: 1.1.16700.2)

Security intelligence update version: 1.309.32.0Released: January 30, 2020Platform/Client: 4.18.2001.10Engine: 1.1.16700.2Support phase: Technical upgrade Support (Only)What's new

*Fixed BSOD on WS2016 with Exchange

*Support platform updates when TMP is redirected to network path

*Platform and engine versions are added to WDSI

*extend Emergency signature update to passive mode

*Fix 4.18.1911.3 hangKnown Issues

[Fixed] devices utilizing modern standby mode may experience a hang with the Windows Defender filter driver that results in a gap of protection. Affected machines appear to the customer as having not updated to the latest antimalware platform.

Important

This updates is needed by RS1 devices running lower version of the platform to support SHA2. This update has reboot flag for systems that are experiencing the hang issue. the This update is re-released in April 2020 and will not be superseded by newer updates to keep future availability.

Important

This update is categorized as an 'update' due to its reboot requirement and will only be offered with a Windows Update November-2019 (Platform: 4.18.1911.3 | Engine: 1.1.16600.7)

Security intelligence update version: 1.307.13.0Released: December 7, 2019Platform: 4.18.1911.3Engine: 1.1.17000.7Support phase: No supportWhat's new

*Fixed MpCmdRun tracing level

*Fixed WDFilter version info

*Improve notifications (PUA)

*add MRT logs to support filesKnown Issues

When this update is installed, the device needs the jump package 4.10.2001.10 to be able to update to the latest platform version.Microsoft Defender Antivirus platform support

As stated above, platform and engine updates are provided on a monthly cadence.Customers must stay current with the latest platform update to be fully supported. Our support structure is now dynamic, evolving into two phases depending on the availability of the latest platform version:

*

Security and Critical Updates servicing phase - When running the latest platform version, you will be eligible to receive both Security and Critical updates to the anti-malware platform.

*

Technical Support (Only) phase - After a new platform version is released, support for older versions (N-2) will reduce to technical support only. Platform versions older than N-2 will no longer be supported.*

* Technical support will continue to be provided for upgrades from the Windows 10 release version (see Platform version included with Windows 10 releases) to the latest platform version.

During the technical support (only) phase, commercially reasonable support incidents will be provided through Microsoft Customer Service & Support and Microsoft’s managed support offerings (such as Premier Support). If a support incident requires escalation to development for further guidance, requires a non-security update, or requires a security update, customers will be asked to upgrade to the latest platform version or an intermediate update (*).Platform version included with Windows 10 releases

The below table provides the Microsoft Defender Antivirus platform and engine versions that are shipped with the latest Windows 10 releases:Windows 10 releasePlatform versionEngine versionSupport phase1909 (19H2)4.18.1902.51.1.16700.3Technical upgrade Support (Only)1903 (19H1)4.18.1902.51.1.15600.4Technical upgrade Support (Only)1809 (RS5)4.18.1807.180751.1.15000.2Technical upgrade Support (Only)1803 (RS4)4.13.17134.11.1.14600.4Technical upgrade Support (Only)1709 (RS3)4.12.16299.151.1.14104.0Technical upgrade Support (Only)1703 (RS2)4.11.15603.21.1.13504.0Technical upgrade Support (Only)1607 (RS1)4.10.14393.36831.1.12805.0Technical upgrade Support (Only)

Windows 10 release info: Windows lifecycle fact sheet.Microsoft Windows Defender AntivirusIn this sectionArticleDescriptionManage how protection updates are downloaded and appliedProtection updates can be delivered through a number of sources.Manage when protection updates should be downloaded and appliedYou can schedule when protection updates should be downloaded.Manage updates for endpoints that are out of dateIf an endpoint misses an update or scheduled scan, you can force an update or scan at the next log on.Manage event-based forced updatesYou can set protection updates to be downloaded at startup or after certain cloud-delivered protection events.Manage updates for mobile devices and virtual machines (VMs)You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines.

 

 

 

 

broken image
Previous
Next
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save