Microsoft Defender for Endpoint on Windows Server 2012 R2, Windows Server 2016
Summary
This update services the EDR sensor included in the new Microsoft Defender for Endpoint unified solution package released in 2021. Installation is required before this package can be applied. For more information about prerequisites and installation steps refer to Onboard Windows servers to the Microsoft Defender for Endpoint service.
NOTE: this update gets released periodically, and with the same KB number (5005292). When it is deployed, this article will be updated with the latest version number for MsSense.exe. It may take a while before the package is fully available for all channels including WSUS - this may mean that the version reflected in the Windows Update Catalog remains behind until broad deployment is reached.
This article describes an update package for Microsoft Defender for Endpoint. This update supports the following OS running the new EDR sensor component (MsSense.exe):
-
Windows Server 2016
-
Windows Server 2012 R2
Version information
This package updates the EDR sensor component to the following version:
-
10.8735
The package will be rolled out gradually starting March 2024.
For more information about what's new for the specific version of the EDR sensor, please refer to What's new in Microsoft Defender for Endpoint on Windows.
Package information
The package size is approximately 12MB.
Known issues in this update
No known issues.
Update information
This package includes updates and fixes to the Microsoft Defender for Endpoint EDR sensor that is used by Microsoft Defender for Endpoint installed on Windows Server 2012 R2 and Windows Server 2016.
This update also addresses CVE-2022-23278 - Security Update Guide - Microsoft - Microsoft Defender for Endpoint Spoofing Vulnerability for machines running a preview version (10.8048.* or earlier), installed before April 2022. Note that all versions released after this date already contain the fix.
NOTE: This update will apply only if the version of the EDR sensor on the machine is lower than the one in this update package. As we update the installer (MSI) package available in the onboarding section of the Microsoft 365 Defender portal regularly, you may observe you are already on the latest version and the installation location will be in the program files directory, until such time a newer update gets released and applied.
How to obtain this update
This update is available from Microsoft Update.
Restart requirement
You donhave to restart the system after you install this update.
How to remove or roll back this update
This package cannot be uninstalled.
How to find the installed version number
The location of the MsSense.exe file is specified in the registry. This path includes the version number:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection
'InstallLocation' value
EXAMPLE: C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Platform\10.8048.22415.1001
You can check the file location and version information for MsSense.exe manually using the registry editor or by running the following PowerShell command:
Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection\' -Name "InstallLocation"
References
Learn about the terminology that Microsoft uses to describe software updates.
