Share via

Windows defender platform stuck at version 4.18.1909.6

Anonymous
2022-10-16T09:58:26+00:00

Hello,

Windows Update fails to install some Windows Defender-related updates with error 0x80070643
Aggiornamento per la piattaforma antimalware di Microsoft Defender Antivirus - KB4052623 (versione 4.18.2209.7)

Aggiornamento per la piattaforma antimalware di Windows Defender Antivirus - KB4052623 (versione 4.18.2001.10)

I manually downloaded the latest platform update from https://support.microsoft.com/en-us/topic/update-for-microsoft-defender-antimalware-platform-kb4052623-92e21611-8cf1-8e0e-56d6-561a07d144cc and it is successfully installed in the new path

"C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0"

I ran "MpCmdRun -SignatureUpdate" from the new location, the engine/antispyware/antivirus versions seem to be up to date, but the platform lags behind:

Versione client antimalware: 4.18.1909.6

Versione motore: 1.1.19700.3

Versione antivirus: 1.377.311.0

Versione antispyware: 1.377.311.0

The WindowsDefender service that's currently running on my machine is starting from "C:\Program Files\Windows Defender\MsMpEng.exe" and I can't stop it or disable it from Registry due to anti-tamper protection, even if it has been disabled. I tried to use the Group Policy local editor to disable it, but it keeps starting.
I tried to update the path of the Defender executable to the new one in ProgramData, but it fails even after taking FULL OWNERSHIP of the registry key and subkeys.

I'm at a complete and total loss. I can't edit the files (e.g. moving the new folder to the one in Program Files) and I can't edit the registry keys (not even temporarily disable antispyware and antivirus). I have the "new" platform in what should be the right location, but Windows still runs from the old location.

I also don't have AppLocker (that I know of) and don't have the Policy Management Console to add new GPOs (there was something about "enabling the new path in applocker" that I don't know how to do)

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

10 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-11-04T23:38:36+00:00

    I do currently still have an issue with my Windows Defender: it crashes when I try to open the protection history. The screen with the list of menaces is briefly displayed, but then the window closes abruptly and I think the service restarts. Any tips for this one?

    EDIT:

    I can see there's stuff here

    C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory

    And I can see what stuff is there with

    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe -Restore -ListAll

    Was this answer helpful?

    0 comments
  2. Anonymous
    2022-11-04T09:46:26+00:00

    I solved the Defender Update issues, as well as the yellow mark on the Defender icon in the taskbar

    with the following simple step.

    I just installed a full-blown anti virus solution. In my case (as the Windows 11 version is the 64-bit Arm based processor)

    I took the Panda Dome solution. (Other major brands do not support Arm based systems).

    After that the Defender updates were installed fully automatically and the yellow signal also disappeared.

    All follow up Windows Updates also installed correctly from then on.

    Cheers,

    Guido

    Was this answer helpful?

    0 comments
  3. Anonymous
    2022-11-04T09:31:42+00:00

    Sir, you are a savior!

    I couldn't move the files to the C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0 folder while the system was running, even if the antimalware service was stopped and I was running explorer as TrustedInstaller.

    I'll summarize the solution here for anyone with the same issue (if I understand it correctly):

    The older version of Windows Defender shipped with Win10 21H1 and 21H2 was in "C:\Program Files\Windows Defender". Due to anti-tamper protection (which is active even if disabled from the Windows Defender settings, somehow) it's not possible to update the registry keys that point to the new version (installed via Microsoft Update Catalog or Windows Update, if yours works) so it's necessary to authenticate as TrustedInstaller and update the registry keys.

    • The latest Anti-malware platform can be downloaded from https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623 (pick the one for your architecture, amd64 / x86 / arm).
    • Run the "updateplatform_*.exe" program and wait for a good couple of minutes for it to be unpacked and installed in "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0"

    If you see this in the future, it's likely the platform was updated again and there will be different numbers. Where you see "4.18.2210.4-0", replace with the latest platform version listed here: https://www.microsoft.com/en-us/wdsi/defenderupdates

    If not all of the files are moved, you will need to reboot into Safe Mode, extract the content of the .exe with 7zip or similar software and move it to "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0" manually!

    • Open the RegEdit as TrustedInstaller. There are different ways to do so, but the program https://winaero.com/execti/  suggested by _AW_ works perfectly.
    • From the registry editor change the following keys:

    In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender , "InstallLocation" should point to "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0"

    In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend , ImagePath should point to "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe"

    Last thing (which helped for me but I'm not sure if it's applicable): check if the Environment Variable %ProgramData% correctly points to C:\ProgramData.

    Image

    Thank to everybody for their contribution! My Windows Defender was stuck at the same version for over a year now :)

    Was this answer helpful?

    0 comments
  4. _AW_ 68,006 Reputation points Volunteer Moderator
    2022-11-04T02:12:50+00:00

    Download the engine update from:

    https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623

    It's the top Download, then from the three options that come up you need: updateplatform_c7e5f94329ce9c9082b974411f11b90556e443af.exe

    If double clicking updateplatform_c7e5f94329ce9c9082b974411f11b90556e443af.exe doesn't install to

    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0 then you'll have to manually install it.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender - InstallLocation should point to

    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0

    To manually install updateplatform_c7e5f94329ce9c9082b974411f11b90556e443af.exe you need something like 7-Zip to extract the contained archive content to a folder, then rename the folder 4.18.2210.4-0

    Then you boot into safe mode and copy the folder to C:\ProgramData\Microsoft\Windows Defender\Platform

    Restart the computer and the service should run.

    Was this answer helpful?

    0 comments
  5. Anonymous
    2022-11-04T01:40:56+00:00

    Hello,

    I just downloaded the latest Defender Antivirus and Network Real-Time inspection from https://www.microsoft.com/en-us/wdsi/defenderupdates 

    I now have the folder "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0" with the appropriate files in it.

    Now I'm trying to change the ImagePath key from "%ProgramFiles%\Windows Defender\MsMpEng.exe" to "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe" while authenticated as TrustedInstaller.

    Image

    I could do this successfully! Is there anything else I should change? Will I have to manually update the path for every platform update? Do I need to change anything in "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender"? The InstallLocation there still points to "C:\ProgramFiles\Windows Defender".

    Thank you for your help so far!

    EDIT1: after a reboot, Defender seems to be stuck here:
    Image

    And everything else seems to have reset:

    Image

    Platform is still 4.18.1909.6 even after changing the ImagePath and rebooting and overall it seems a bit broken, I can't activate real time protection!
    If I click on the "real time protection disabled prompt" I get this message:
    Image
    "Page not available, the IT Admin limited the access to some areas of the app..."

    And this is all because I noticed that the folder doesn't contain any executables!
    "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0"

    Welp

    EDIT2: Also downloaded and ran https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623 for 64bit Windows, doesn't appear to have made any difference to the content of that folder. Any suggestions on how to reset Windows Defender and install it cleanly from scratch is welcome!

    Was this answer helpful?

    0 comments