Редактиране

Споделяне чрез


What's new in Microsoft Defender for Endpoint on Windows

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.

This page covers the Microsoft Defender for Endpoint EDR MsSense.exe versions. You can also check the file information section in the monthly cumulative rollup updates in the following articles:

For the latest updates to Microsoft Defender for Endpoint all up, see What's new in Defender for Endpoint.

For the latest updates to Microsoft Defender for Endpoint Next-Generation Protection/Microsoft Defender Antivirus, see Microsoft Defender Antivirus security intelligence and product updates.

All updates contain:

  • Performance improvements
  • Serviceability improvements
  • Integration improvements (Cloud, Microsoft Defender XDR)

July-2024 (Release version: 10.8760)

OS KB
Windows 11 24H2 KB5041865
Windows 11 23H2
Windows 11 22H
KB5041587
Windows 11 21H2 KB5043067
Windows 10 22H2 KB5041582
Windows Server 2022 KB5042881
Windows Server 2019 KB5043050
Windows Server 2016
Windows Server 2012 R2
KB5005292

What's new

Data Loss Prevention (DLP)

  • Scoped classification (Know Your Data policy): Scope classification and activity events across workloads.
  • Device group discovery and scoping: Scope Endpoint DLP custom policy based on the device or device group.
  • OCR URL Caching: Performance improvement for already classified images by having client side caching.

May-2024 (Release version: 10.8750)

OS KB Release version
Windows Server 2012 R2, 2016 KB5005292 10.8750

What's new

Configuration Management

  • Fixed an issue that caused empty policies to appear in the UI.
  • Configured Windows Defender Application Control(WDAC) policies to block undesired applications from running on the device.

Feb-2024 (Release version: 10.8735.26020.1009)

OS KB Release version
Windows Server 2012 R2, 2016 KB5005292 10.8735.26020.1009

What's new

  • Endpoint Detection and Response

    • Enabled support for IPV6 connections in Live Response connection commands.
    • Fixed an issue in Downlevel Unified Agent that caused ServerRoles not to be populated.
  • Threat Vulnerability Management

    • An issue related to the agent's monitoring of deleted registry keys no longer occurs.
    • Added a new capability to enable/disable registry monitoring through configuration settings.
  • Network Detection and Response (NDR) Performance Enhancements

    • Introduced performance enhancements to minimize the CPU and memory footprint of the agent.
    • Enhanced the accuracy of network detections.
  • Data Loss Prevention (DLP)

    • Introduced multiple performance and stability fixes.
  • Security Configuration Management

    • Policies that include special characters are now supported.

Dec-2023 (Release version: 10.8672.25926.1019)

OS KB Release version
Windows Server 2012 R2, 2016 KB5005292 10.8672.25926.1019

What's new

  • Supports Expanded User Contain capabilities

Sept-2023 (Release version: 10.8560.25364.1036)

OS KB Release version
Windows Server 2012 R2, 2016 KB5005292 10.8560.25364.1036

What's new

  • Supports User Contain availability

May-2023 (Release version: 10.8295.22621.1023)

OS KB Release version
Windows Server 2012 R2, 2016 KB5005292 10.8295.22621.1023

What's new

  • Supports new security settings management capabilities

Jan/Feb-2023 (Release version: 10.8295.22621.1019)

OS KB Release version
Windows Server 2012 R2, 2016 KB5005292 10.8295.22621.1019

What's new

  • Improved command and control security, quality fixes

Dec-2022 (Release version: 10.8210.22621.1016)

OS KB Release version
Windows Server 2012 R2, 2016 KB5005292 10.8210.22621.1016

What's new

  • Bug fixes and stability improvements

Aug-2022 (Release version: 10.8210.*)

OS KB Release version
Windows Server 2012 R2, 2016 KB5005292 10.8210.22621.1011
Windows 11 21H2 (Cobalt)
(Windows 11 SV 21H2)
KB5016691 10.8210.22000.918
Server 2022 (Iron) KB5016693 10.8210.20348.946
Windows 10 20H2/21H1/21H2
Windows Server 20H2 (Vibranium)
KB5016688 10.8210.19041.1949
Windows Server 2019 (RS5) KB5016690 10.8210.17763.3346

What's new

  • Added a fix to resolve a missing intermediate certificate issue with the use of "TelemetryProxyServer" on Windows Server 2012 R2 running the unified agent.
  • Enhanced Endpoint DLP with ability to protect password protected and encrypted files and not label files.
  • Enhanced Endpoint DLP with support for context data in audit telemetry (short evidence).
  • Improved Microsoft Defender for Endpoint client authentication support for VDI devices.
  • Enhanced Microsoft Defender for Endpoint's ability to identify and intercept ransomware and advanced attacks.
  • The Contain feature now supports more desktop and server versions to perform contain actions and block discovered devices when such devices are contained.
  • Expanded the troubleshooting mode feature to more desktop and server versions. For a complete list of supported OS versions and more information about prerequisites, see Get started with troubleshooting mode in Microsoft Defender for Endpoint.
  • Live Response improvements include reduced session creation latency when using proxies, an undo remediation manual command, support for OneDrive shares in FindFile action, and improved isolation and stability.
  • Security Management for Microsoft Defender for Endpoint now provides the ability to sync the device configuration on demand instead of waiting for a specific cadence.

Note

Update package KB5005292 is on a gradual rollout schedule through Windows Update. Towards the end of this schedule, the package will be published completely, including to the update catalog for manual download. For the current release, this will be in the second half of October. If you want to test the package sooner, you can use gradual rollout controls for platform updates to select the Preview channel.

See also:

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.