Microsoft Defender Antivirus security intelligence and product updates

Applies to:

Platforms

  • Windows

Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. Update your antivirus protection, even if Microsoft Defender Antivirus is running in passive mode. This article includes information about the two types of updates for keeping Microsoft Defender Antivirus current:

This article also includes:

Tip

To see the most current engine, platform, and signature date, visit the Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware

Security intelligence updates

Microsoft Defender Antivirus uses cloud-delivered protection (also called the Microsoft Advanced Protection Service, or MAPS) and periodically downloads dynamic security intelligence updates to provide more protection. These dynamic updates don't take the place of regular security intelligence updates via security intelligence update KB2267602.

Note

Updates are released under the following KBs:

  • Microsoft Defender Antivirus: KB2267602
  • System Center Endpoint Protection: KB2461484

Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see Use Microsoft cloud-provided protection in Microsoft Defender Antivirus.

For a list of recent security intelligence updates, see Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware.

Engine updates are included with security intelligence updates and are released on a monthly cadence.

Product updates

Microsoft Defender Antivirus requires monthly updates (KB4052623) known as platform updates.

You can manage the distribution of updates through one of the following methods:

For more information, see Manage the sources for Microsoft Defender Antivirus protection updates.

Important points about product updates

Monthly platform and engine versions

All our updates contain

  • Performance improvements
  • Serviceability improvements
  • Integration improvements (Cloud, Microsoft Defender XDR)

January-2024 (Platform: 4.18.24010.12 | Engine: 1.1.24010.10)

  • Security intelligence update version: 1.405.702.0
  • Release date: February 27, 2024
  • Platform: 4.18.24010.12
  • Engine: 1.1.24010.10
  • Support phase: Security and Critical Updates

What's new

  • Microsoft Defender Antivirus now caches the Mark of the Web (MoTW) Alternative Data Stream (ADS) for better performance while scanning.
  • Fixed an issue that occurred in attack surface reduction in warn mode when removing scan results from the real-time protection cache.
  • Performance improvement added for OneNote.exe.
  • Cloud-based entries are regularly removed from the persistent user mode cache in Windows Defender to prevent a uncommon issue where a user could still add a certificate, based on an Indicator of compromise (IoC), to the cache after a file with that certificate had already been added via cloud signature.
  • The Sense onboarding event is now sent in passive mode for operating systems with the old Sense client.
  • Improved performance for logs created/accessed by powershell.
  • Improved performance for folders included in Controlled folder access(CFA) when accessing network files.
  • Fixed a deadlock that occurred at shutdown for Data Loss Prevention (DLP) enabled devices.
  • Fixed an issue to remove a vulnerability in the Microsoft Defender Core service.
  • Fixed an onboarding issue in the Unified Agent installation script install.ps1.
  • Fixed a memory leak that impacted some devices that received platform update 4.18.24010.7

November-2023 (Platform: 4.18.23110.3 | Engine: 1.1.23110.2)

  • Security intelligence update version: 1.403.7.0
  • Release date: December 5, 2023 (Platform) / December 6, 2023 (Engine)
  • Platform: 4.18.23110.3
  • Engine: 1.1.23110.2
  • Support phase: Security and Critical Updates

What's new

Known issues

  • None

October-2023 (Platform: 4.18.23100.2009 | Engine: 1.1.23100.2009)

  • Security intelligence update version: 1.401.3.0
  • Release date: November 3, 2023 (Engine) / November 6, 2023 (Platform)
  • Platform: 4.18.23100.2009
  • Engine: 1.1.23100.2009
  • Support phase: Security and Critical Updates

What's new

Known issues

  • None

Previous version updates: Technical upgrade support only

After a new package version is released, support for the previous two versions is reduced to technical support only. For more information about previous versions, see Microsoft Defender Antivirus updates: Previous versions for technical upgrade support.

Microsoft Defender Antivirus platform support

Platform and engine updates are provided on a monthly cadence. To be fully supported, keep current with the latest platform updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest platform version:

  • Security and Critical Updates servicing phase - When running the latest platform version, you're eligible to receive both Security and Critical updates to the anti-malware platform.

  • Technical Support (Only) phase - After a new platform version is released, support for older versions (N-2) reduce to technical support only. Platform versions older than N-2 are no longer supported. Technical support continues to be provided for upgrades from the Windows 10 release version (see Platform version included with Windows 10 releases) to the latest platform version.

During the technical support (only) phase, commercially reasonable support incidents are provided through Microsoft Customer Service & Support and Microsoft's managed support offerings (such as Premier Support). If a support incident requires escalation to development for further guidance, requires a nonsecurity update, or requires a security update, customers are asked to upgrade to the latest platform version or an intermediate update (*).

Note

If you are manually deploying Microsoft Defender Antivirus Platform Update, or if you are using a script or a non-Microsoft management product to deploy Microsoft Defender Antivirus Platform Update, make sure that version 4.18.2001.10 is installed from the Microsoft Update Catalog before the latest version of Platform Update (N-2) is installed.

How to roll back an update

In the unfortunate event that you encounter issues after a platform update, you can roll back to the previous or the inbox version of the Microsoft Defender platform.

  • To roll back to the previous version, run the following command:

    "%programdata%\Microsoft\Windows Defender\Platform\<version>\MpCmdRun.exe" -RevertPlatform

  • To roll back this update to the version shipped with the Operating System ("%ProgramFiles%\Windows Defender")

    "%programdata%\Microsoft\Windows Defender\Platform\<version>\MpCmdRun.exe" -ResetPlatform

Platform version included with Windows 10 releases

The below table provides the Microsoft Defender Antivirus platform and engine versions that are shipped with the latest Windows 10 releases:

Windows 10 release Platform version Engine version Support phase
2004 (20H1/20H2) 4.18.1909.6 1.1.17000.2 Technical upgrade support (only)
1909 (19H2) 4.18.1902.5 1.1.16700.3 Technical upgrade support (only)
1903 (19H1) 4.18.1902.5 1.1.15600.4 Technical upgrade support (only)
1809 (RS5) 4.18.1807.5 1.1.15000.2 Technical upgrade support (only)
1803 (RS4) 4.13.17134.1 1.1.14600.4 Technical upgrade support (only)
1709 (RS3) 4.12.16299.15 1.1.14104.0 Technical upgrade support (only)
1703 (RS2) 4.11.15603.2 1.1.13504.0 Technical upgrade support (only)
1607 (RS1) 4.10.14393.3683 1.1.12805.0 Technical upgrade support (only)

For Windows 10 release information, see the Windows lifecycle fact sheet.

Note

Windows Server 2016 ships with the same Platform version as RS1 and falls under the same support phase: Technical upgrade support (only)
Windows Server 2019 ships with the same Platform version as RS5 and falls under the same support phase: Technical upgrade support (only)

Updates for Deployment Image Servicing and Management (DISM)

To avoid a gap in protection, keep your OS installation images up to date with the latest antivirus and antimalware updates. Updates are available for:

  • Windows 10 and 11 (Enterprise, Pro, and Home editions)
  • Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2
  • WIM and VHD(x) files

Updates are released for x86, x64, and ARM64 Windows architecture.

For more information, see Microsoft Defender update for Windows operating system installation images.

20230809.1

  • Defender package version: 20230809.1
  • Security intelligence version: 1.395.68.0
  • Engine version: 1.1.23070.1005
  • Platform version: 4.18.23070.1004

Fixes

  • None

20230604.1

  • Defender package version: 20230604.1
  • Security intelligence version: 1.391.476.0
  • Engine version: 1.1.23050.3
  • Platform version: 4.18.23050.3

Fixes

  • None

20230503.1

  • Defender package version: 20230503.1
  • Security intelligence version: 1.389.44.0
  • Engine version: 1.1.20300.3
  • Platform version: 4.18.2304.8

Fixes

  • None

Additional information

  • None

20230330.2

  • Defender package version: 20230330.2
  • Security intelligence version: 1.385.1537.0
  • Engine version: 1.1.20100.6
  • Platform version: 4.18.2302.7

Fixes

  • None

Additional information

  • None

20230308.1

  • Defender package version: 20230308.1
  • Security intelligence version: 1.383.1321.0
  • Engine version: 1.1.20000.2
  • Platform version: 4.18.2301.6

Fixes

  • None

Additional information

  • None

20230215.1

  • Defender package version: 20230215.1
  • Security intelligence version: 1.383.51.0
  • Engine version: 1.1.20000.2
  • Platform version: 4.18.2301.6

Fixes

  • None

Additional information

  • None

20230118.1

  • Defender package version: 20230118.1
  • Security intelligence version: 1.381.2404.0
  • Engine version: 1.1.19900.2
  • Platform version: 4.18.2211.5

Fixes

  • None

Additional information

  • None

20221209.1

  • Defender package version: 20221209.1
  • Security intelligence version: 1.381.144.0
  • Engine version: 1.1.19900.2
  • Platform version: 4.18.2211.5

Fixes

  • None

Additional information

  • None

20221102.3

  • Defender package version: 20221102.3
  • Security intelligence version: 1.377.1180.0
  • Engine version: 1.1.19700.3
  • Platform version: 4.18.2210.4

Fixes

  • None

Additional information

  • None

20221014.1

  • Package version: 20221014.1
  • Platform version: 4.18.2209.7
  • Engine version: 1.1.19700.3
  • Signature version: 1.373.208.0

Fixes

  • None

Additional information

  • None

20220929.1

  • Package version: 20220929.1
  • Platform version: 4.18.2207.7
  • Engine version: 1.1.19600.3
  • Signature version: 1.373.1243.0

Fixes

  • None

Additional information

  • None

20220925.2

  • Package version: 20220925.2
  • Platform version: 4.18.2207.7
  • Engine version: 1.1.19600.3
  • Signature version: 1.373.1371.0

Fixes

  • None

Additional information

  • None

20220901.4

  • Package version: 20220901.4
  • Platform version: 4.18.2205.7
  • Engine version: 1.1.19500.2
  • Signature version: 1.373.1371.0

Fixes

  • None

Additional information

  • None

20220802.1

  • Package version: 20220802.1
  • Platform version: 4.18.2205.7
  • Engine version: 1.1.19400.3
  • Signature version: 1.371.1205.0

Fixes

  • None

Additional information

  • None

20220629.5

  • Package version: 20220629.5
  • Platform version: 4.18.2205.7
  • Engine version: 1.1.19300.2
  • Signature version: 1.369.220.0

Fixes

  • None

Additional information

  • None

20220603.3

  • Package version: 20220603.3
  • Platform version: 4.18.2203.5
  • Engine version: 1.1.19200.6
  • Signature version: 1.367.1009.0

Fixes

  • None

Additional information

  • None

20220506.6

  • Package version: 20220506.6
  • Platform version: 4.18.2203.5
  • Engine version: 1.1.19200.5
  • Signature version: 1.363.1436.0

Fixes

  • None

Additional information

  • None

20220321.1

  • Package version: 20220321.1
  • Platform version: 4.18.2202.4
  • Engine version: 1.1.19000.8
  • Signature version: 1.351.337.0

Fixes

  • None

Additional information

  • None

20220305.1

  • Package version: 20220305.1
  • Platform version: 4.18.2201.10
  • Engine version: 1.1.18900.3
  • Signature version: 1.359.1405.0

Fixes

  • None

Additional information

  • None

20220203.1

  • Package version: 20220203.1
  • Platform version: 4.18.2111.5
  • Engine version: 1.1.18900.2
  • Signature version: 1.357.32.0

Fixes

  • None

Additional information

  • None

20220105.1

  • Package version: 20220105.1
  • Platform version: 4.18.2111.5
  • Engine version: 1.1.18800.4
  • Signature version: 1.355.1482.0

Fixes

  • None

Additional information

  • None

1.1.2112.01

  • Package version: 1.1.2112.01
  • Platform version: 4.18.2110.6
  • Engine version: 1.1.18700.4
  • Signature version: 1.353.2283.0

Fixes

  • None

Additional information

  • None

1.1.2111.02

  • Package version: 1.1.2111.02
  • Platform version: 4.18.2110.6
  • Engine version: 1.1.18700.4
  • Signature version: 1.353.613.0

Fixes

  • Fixed an issue pertaining to localization files

Additional information

  • None

1.1.2110.01

  • Package version: 1.1.2110.01
  • Platform version: 4.18.2109.6
  • Engine version: 1.1.18500.10
  • Signature version: 1.349.2103.0

Fixes

  • None

Additional information

  • None

1.1.2109.01

  • Package version: 1.1.2109.01
  • Platform version: 4.18.2107.4
  • Engine version: 1.1.18400.5
  • Signature version: 1.347.891.0

Fixes

  • None

Additional information

  • None

1.1.2108.01

  • Package version: 1.1.2108.01
  • Platform version: 4.18.2107.4
  • Engine version: 1.1.18300.4
  • Signature version: 1.343.2244.0

Fixes

  • None

Additional information

  • None

1.1.2107.02

  • Package version: 1.1.2107.02
  • Platform version: 4.18.2105.5
  • Engine version: 1.1.18300.4
  • Signature version: 1.343.658.0

Fixes

  • None

Additional information

  • None

1.1.2106.01

  • Package version: 1.1.2106.01
  • Platform version: 4.18.2104.14
  • Engine version: 1.1.18100.6
  • Signature version: 1.339.1923.0

Fixes

  • None

Additional information

  • None

1.1.2105.01

  • Package version: 1.1.2105.01
  • Platform version: 4.18.2103.7
  • Engine version: 1.1.18100.6
  • Signature version: 1.339.42.0

Fixes

  • None

Additional information

  • None

1.1.2104.01

  • Package version: 1.1.2104.01
  • Platform version: 4.18.2102.4
  • Engine version: 1.1.18000.5
  • Signature version: 1.335.232.0

Fixes

  • None

Additional information

  • None

1.1.2103.01

  • Package version: 1.1.2103.01
  • Platform version: 4.18.2101.9
  • Engine version: 1.1.17800.5
  • Signature version: 1.331.2302.0

Fixes

  • None

Additional information

  • None

1.1.2102.03

  • Package version: 1.1.2102.03
  • Platform version: 4.18.2011.6
  • Engine version: 1.1.17800.5
  • Signature version: 1.331.174.0

Fixes

  • None

Additional information

  • None

1.1.2101.02

  • Package version: 1.1.2101.02
  • Platform version: 4.18.2011.6
  • Engine version: 1.1.17700.4
  • Signature version: 1.329.1796.0

Fixes

  • None

Additional information

  • None

1.1.2012.01

  • Package version: 1.1.2012.01
  • Platform version: 4.18.2010.7
  • Engine version: 1.1.17600.5
  • Signature version: 1.327.1991.0

Fixes

  • None

Additional information

  • None

1.1.2011.02

  • Package version: 1.1.2011.02
  • Platform version: 4.18.2010.7
  • Engine version: 1.1.17600.5
  • Signature version: 1.327.658.0

Fixes

  • None

Additional information

  • Refreshed Microsoft Defender Antivirus signatures

1.1.2011.01

  • Package version: 1.1.2011.01
  • Platform version: 4.18.2009.7
  • Engine version: 1.1.17600.5
  • Signature version: 1.327.344.0

Fixes

  • None

Additional information

  • None

1.1.2009.10

  • Package version: 1.1.2011.01
  • Platform version: 4.18.2008.9
  • Engine version: 1.1.17400.5
  • Signature version: 1.327.2216.0

Fixes

  • None

Additional information

  • Added support for Windows 10 RS1 or later OS install images.

More resources

Article Description
Microsoft Defender update for Windows operating system installation images Review antimalware update packages for your OS installation images (WIM and VHD files). Get Microsoft Defender Antivirus updates for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, Windows Server 2022, Windows Server 2016, and Windows Server 2012 R2 installation images.
Manage how protection updates are downloaded and applied Protection updates can be delivered through many sources.
Manage when protection updates should be downloaded and applied You can schedule when protection updates should be downloaded.
Manage updates for endpoints that are out of date If an endpoint misses an update or scheduled scan, you can force an update or scan the next time a user signs in.
Manage event-based forced updates You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events.
Manage updates for mobile devices and virtual machines (VMs) You can specify settings, such as whether updates should occur on battery power that 's especially useful for mobile devices and virtual machines.
Microsoft Defender for Endpoint update for EDR Sensor You can update the EDR sensor (MsSense.exe) that's included in the new Microsoft Defender for Endpoint unified solution package released in 2021.

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.