Applies ToWindows Server 2022 Windows Server 2019 Windows Server 2016 Windows 10 Windows 11

Important: The National Public Data breach exposed personal information, including names, addresses, and social security numbers. Learn how to protect yourself and how Microsoft Defender is helping to prevent fraud. See: National Public Data breach: What you need to know.

Summary

The first hours of a newly installed Windows deployment can leave the system vulnerable because of a Microsoft Defender protection gap. This is because the OS installation images may contain outdated antimalware software binaries. 

The devices on which these deployments are made are inadequately protected until they receive the first antimalware software update. Defender updates also contain critical performance fixes that will improve the user experience. Devices that use either the Windows built-in antivirus or another security solution can benefit from these updates. We recommend  that you regularly service OS installation images to update Microsoft Defender binaries and minimize this protection gap in new deployments. You should follow a three-month update frequency routine.

No ordering is required to apply the latest cumulative update (LCU) versus the Microsoft Defender update offline.

This article describes antimalware update package for Microsoft Defender in the OS installation images (WIM and VHD files). This feature supports the following OS installation images:

  • Windows 11

  • Windows 10 (Enterprise, Pro, and Home editions)

  • Windows Server 2022

  • Windows Server 2019

  • Windows Server 2016

Version information

Notes: 

  • Defender package version: 1.419.396.0

This package updates the anti-malware client, anti-malware engine, and signature versions in the OS installation images to following versions:

  • Platform version: 4.18.24090.11

  • Engine version: 1.1.24090.2

  • Security intelligence version: 1.419.396.0

Package information

The package size is approximately:

  • ARM64: 78.2 MB

  • X86: 128 MB

  • X64: 132 MB

Known issues in this update

(None)

Update information

This package includes monthly updates and fixes to the Microsoft Defender antimalware platform and engine that is used by Microsoft Defender Antivirus in Windows 11. This package should be applied offline on Windows Images/VHD(x) file.

Learn more about the package contents here: Manage Microsoft Defender Antivirus updates and apply baselines | Microsoft Learn

This package also includes the latest security intelligence update that is available up to the date of release. Learn more about security intelligence updates including the release notes here.

How to obtain this update

Different update packages are required for different Windows OS image architectures. Select the architecture that matches the installation image to which you will apply this update:

Microsoft Defender update for Windows Operating system installation image: 32-bit | 64-bit | ARM64

Note: These links point to defender-update-kit-[x86|x64|arm].zip. Extract this .zip file to get the Defender update package (defender-dism-[x86|x64|arm].cab) and an updating tool (DefenderUpdateWinimage.ps1) that assists the update operation for OS installation images.

Package update tool

The following prerequisites apply to running this updating tool (DefenderUpdateWinImage.ps1):

  • You must be running a 64-bit Windows 10 or a later OS environment that includes PowerShell 5.1 or a later version.

  • The Microsoft.Powershell.Security and DISM modules must be installed.

  • You must start PowerShell on the device by using administrator privileges.

Notes: 

  • Do not use this package to update live images because it can damage the Windows installation that Is running inside the virtual machine.

  • The DefenderUpdateWinImage.ps1 tool provides an option to remove the update. However, you may still want to keep a backup copy of images before you apply the update.

How to apply this update

PS C:\> DefenderUpdateWinImage.ps1 -WorkingDirectory <path> -ImageIndex ImageIndexNumber -Action AddUpdate -ImagePath <path_to_Os_Image> -Package

Note: To make sure that you are adding the package to the operating system edition that you are installing, use the following command to determine the ImageIndexNumber value. The index number can vary based on the Install.wim file that you are using.Dism /get-imageinfo /imagefile:<path_to_OS_Image>   Check the list of operating system editions in the Install.wim file, and note the index number for the operating system edition that you want to install:Index: 3 Name: Windows 11 Enterprise Description: Windows 11 Enterprise Size: 16,472,078,997 bytes   To add the package to Windows 11 Enterprise, use the following value:-ImageIndex 3

How to remove or roll back this update

PS C:\> DefenderUpdateWinImage.ps1 -WorkingDirectory <path> -Action RemoveUpdate -ImagePath <path_to_Os_Image>

How to list the details of installed update

PS C:\> DefenderUpdateWinImage.ps1 -WorkingDirectory <path> -Action ShowUpdate -ImagePath <path_to_Os_Image>

References

Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.