Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware

Microsoft continually updates security intelligence in antimalware products to cover the latest threats and to constantly tweak detection logic, enhancing the ability of Microsoft Defender Antivirus and other Microsoft antimalware solutions to accurately identify threats. This security intelligence works directly with cloud-based protection to deliver fast and powerful AI-enhanced, next-generation protection.

Microsoft security intelligence updates include software that incorporates material from third parties. Third-party notices and information

Automatic updates

To help ensure your antimalware solution detects the latest threats, get updates automatically as part of Windows Update. If you are having problems with Windows Update, use the troubleshooter.

If you don’t already use Microsoft Defender Antivirus, learn how to turn it on.

Trigger an update

A manually triggered update immediately downloads and applies the latest security intelligence. This process might also address problems with automatic updates. Microsoft Defender Antivirus and other Microsoft antimalware solutions provide a way to manually trigger an update.

In Windows 10, select Check for updates in the Windows Security Virus & threat protection screen to check for the latest updates.

Enterprise administrators can also push updates to devices in their network. To clear the current cache and trigger an update, use a batch script that runs the following commands as an administrator:

Manually download the update

You can manually download the latest update.

Latest security intelligence update

The latest security intelligence update is:

• Version: 1.335.1108.0
• Engine Version: 1.1.18000.5
• Platform Version: 4.18.2103.7
• Released: 4/18/2021 3:32:09 AM
• Documentation: Release notes

You need to download different security intelligence files for different products and platforms. Select the version that matches your Windows operating system or the environment where you will apply the update.

Note: Starting on Monday October 21, 2019, the Security intelligence update packages will be SHA2 signed.
Please make sure you have the necessary update installed to support SHA2 signing, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

Antimalware solution	Definition version
Microsoft Defender Antivirus for Windows 10 and Windows 8.1	32-bit | 64-bit | ARM
Microsoft Security Essentials	32-bit | 64-bit
Windows Defender in Windows 7 and Windows Vista	32-bit | 64-bit
Microsoft Diagnostics and Recovery Toolset (DaRT)	32-bit | 64-bit
System Center 2012 Configuration Manager	32-bit | 64-bit
System Center 2012 Endpoint Protection	32-bit | 64-bit
Windows Intune	32-bit | 64-bit

The links point to an executable file named mpam-fe.exe , mpam-feX64.exe , or mpas-fe.exe (used by older antispyware solutions). Simply launch the file to manually install the latest security intelligence.

End of life for Microsoft Forefront Client Security was on July 14, 2015. Customers are encouraged to migrate to System Center Endpoint Protection. For more information, visit the Microsoft support lifecycle website.

Network Inspection System updates

The following products leverage Network Inspection System (NIS) updates:

• Microsoft Security Essentials
• Forefront Endpoint Protection
• System Center 2012 Endpoint Protection

These updates are designed to protect you from network threats, including exploits as they are transmitted. Check the version of the Antimalware Client component on your security software and download the right version of the NIS updates for your platform.

Important: Windows security updates and antivirus software

Overview

Microsoft has identified a compatibility issue with Microsoft’s Windows security updates released in January 2018 and a small number of antivirus software products.

The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent these stop errors, Microsoft is currently only offering the January and February 2018 Windows security updates to devices that are running antivirus software that is from antivirus software vendors who have confirmed that their antivirus software is compatible by setting a required registry key.

April 10, 2018 Status Update

We are lifting the AV compatibility check for Windows security updates for supported Windows 7 SP1 and Windows 8.1 devices via Windows Update. We continue to require that AV software be compatible, and in cases where there are known issues of AV driver compatibility, we will block those devices from updates to avoid any issues. We recommend customers check with their AV provider on compatibility of their installed AV software product.

March 13, 2018 Status Update

Our recent work with our anti-virus (AV) partners on compatibility with Windows updates has now reached a sustained level of broad ecosystem compatibility. Based on our analysis of available data, we are now lifting the AV compatibility check for the March 2018 Windows security updates for supported Windows 10 devices via Windows Update. We continue to require that AV software is compatible and in cases where there are known issues of AV driver compatibility, we will block those devices from updates to avoid any issues. We recommend customers check with their AV provider on compatibility of their installed AV software product.

More information

Windows Defender Antivirus, System Center Endpoint Protection, and Microsoft Security Essentials are compatible with the 2018 Windows security updates and have set the required registry key.

Windows 10, Windows 8.1, Windows Server 2012 R2 and Windows Server 2016 Customers

Microsoft recommends all customers protect their devices by running a compatible and supported antivirus program. Customers can take advantage of built-in antivirus protection, Windows Defender Antivirus, for Windows 8.1 and Windows 10 devices or a compatible third-party antivirus application.

Windows 7 SP1 and Windows Server 2008 R2 SP1 Customers

In a default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1, customers will not have an antivirus application installed by default. In these situations, Microsoft recommends installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party anti-virus application.

Customers without Antivirus

In cases where customers can’t install or run antivirus software, Microsoft recommends manually setting the registry key as described below in order to receive the latest Windows security updates.

Setting the Registry Key

Caution Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the «Changing keys and values» help topic in Registry Editor (Regedit.exe) or view the «Add and delete information in the registry» and «Edit registry data» help topics in Regedt32.exe.

Note: Customers running Windows 8.1 and earlier versions will not receive the January 2018 Windows security updates (or any subsequent Windows security updates) and will not be protected from security vulnerabilities unless and until their antivirus software vendor sets the following registry key:

Key=»HKEY_LOCAL_MACHINE» Subkey=»SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat» Value=»cadca5fe-87d3-4b96-b7fb-a231484277cc» Type=»REG_DWORD”

Frequently asked questions

Q1: Why are some antivirus solutions incompatible with the January — March, 2018, security updates?

A1: During testing, we discovered that some third-party applications have been making unsupported calls into Windows kernel memory that cause stop errors (also known as bluescreen errors) to occur.

Microsoft has assembled the following resources to help potentially impacted customers:

Q2: What is Microsoft doing to help mitigate issues caused by these unsupported applications?

A2: To help protect our customers from «blue screen» errors and unknown scenarios, Microsoft is requiring all antivirus software vendors to attest to the compatibility of their applications by setting a Windows registry key.

Q3: How long will Microsoft require setting a registry key to receive the Windows security updates?

A3: As of April 10, 2018, we are lifting the AV compatibility check for Windows security updates for supported Windows 7 SP1 and Windows 8.1 devices via Windows Update. As of March 13, 2018 Microsoft is lifting the AV compatibility check for the March 2018 Windows security updates for supported Windows 10 devices via Windows Update. We continue to require that AV software is compatible and in cases where there are known issues of AV driver compatibility, we may block those devices from receiving Windows updates to avoid any issues.

Q4: I have a compatible antivirus application but I’m not being offered the Windows security updates. What do I do?

A4: In some cases, it may take time for Windows security updates to be delivered to systems, particularly for devices that have been turned off or not connected to the Internet (offline). After they are turned on again, these systems should receive updates from their antivirus software providers. Customers who still experience problems 24 hours after ensuring that their devices have proper Internet connectivity should contact their antivirus software vendor for additional troubleshooting steps.

Q5: My antivirus software is not compatible. What should I do?

A5: Microsoft has been working closely with antivirus software partners to help all customers receive the 2018 Windows security updates as soon as possible. See the status update sections ealier in this article for more information. If you are not being offered this month’s security update, Microsoft recommends that you contact your antivirus software provider.

Q6: I have a compatible antivirus software application, but I still experienced a bluescreen. What should I do?

A6: Microsoft has assembled the following resources to help potentially affected customers:

Microsoft Windows Best Practices and Patch Guides

Updates for systems with Windows operating system and its products are called Service Packs, patches and security patches. These updates provide a fairly quick and prescribed solution or workaround for a problem. However, these updates should only be performed when needed, regardless of their nature, that is, only if they are capable of resolving a problem that bothers a customer. The update must also be evaluated before installation. In short, it is not absolutely necessary to install updates immediately.

Best practices for Windows patches

April 2021 Update:

We now recommend using this tool for your error. Additionally, this tool fixes common computer errors, protects you against file loss, malware, hardware failures and optimizes your PC for maximum performance. You can fix your PC problems quickly and prevent others from happening with this software:

• Step 1 : Download PC Repair & Optimizer Tool (Windows 10, 8, 7, XP, Vista – Microsoft Gold Certified).
• Step 2 : Click “Start Scan” to find Windows registry issues that could be causing PC problems.
• Step 3 : Click “Repair All” to fix all issues.

Security patches minimize security risks and other vulnerabilities. These patches are similar to the patches. Microsoft mainly offers several ways to get security patches for its products. These are the ones:

1. Windows Update : Uses ActiveX technology to check the latest security protection and the best drivers and software installed on a PC. Once completed, displays a list of proposed components that require updating.
2. Current safety bulletins : Everything from one source to find relevant security patches. It allows you to search by product or date.
3. Product-specific download pages for security patches : Provides security patches for specific products. For example Internet Explorer (IE) and Office Updates. The security patches on the IE download page differ from Windows Update in that the IE download page does not allow you to identify patches already installed such as Windows Update.
4. Microsoft Download Center (MDC) : Search by product name, product category or operating system.
5. Email Notification Subscription: Notifies a user of the latest proactive email security fixes. Security patches must be installed to comply with these best practices.

Otherwise, Windows 8 and Windows Server 2012 use a different patch method than previous versions.

The three types of updates for these operating systems include

1. Global Standalone Patch: The patch is designed to cover critical operating system issues and is usually released in different languages. It is thoroughly tested before being published.
2. Limited update: Contains patches that are generated following a critical customer support incident and must therefore be made available within a specified time.
3. Monthly Rollup: strives to maintain the Windows 8/2012 operating system family each month through monthly rollups.

Patch Guide for Windows 8.1 and Windows Server 2012 R2

1] Install all available rollups since the last milestone, i.e. from Windows 8 to Windows 8.1 or from Windows Server 2012 to Windows Server 2012 R2

2] Use Windows Update or Windows Server Update Services. You evaluate which patches are currently installed, what patches are available, check which patches are replaced, and provide a list of currently available patches.

3] Critical updates should be tested and installed as quickly as possible with high priority.

4] Important updates should be tested and installed as soon as possible.

5] Recommended and optional updates can be reviewed, tested and installed as required.

When should Windows security patches

1. Request exact match only: Apply the security patch only if you are sure that the update solves the problem you encountered.
2. Apply admin patches to install build areas: The post mentions that admin patches are different from client patches and are generally located at a different location from client-side patches.

Therefore, it is important that not only customers are then updated with security patches, but also the areas created by the customer for new customers. Most security updates published are for client-side issues (often browsers). They can be complete or remotely relevant for a server installation. You should try to get both the admin patch and the client patch, as the client patch retroactively updates the client database and the admin patch probably updates your client’s build area on the server.

Microsoft’s blog lists best practices for deploying Microsoft service packs and security patches and provides useful links. You will find more information in this article on TechNet.