Microsoft Defender update for Windows operating system installation images

Applies to: Windows ServerWindows Server 2016Windows 10


The first hours of a newly installed Windows deployment can leave the system vulnerable because of a Microsoft Defender protection gap. This is because the OS installation images may contain outdated antimalware software binaries.

The devices on which these deployments are made are inadequately protected until they receive the first antimalware software update. We recommend that you regularly service OS installation images in order to update Microsoft Defender binaries and minimize this protection gap in new deployments.

This article describes antimalware update package for Microsoft Defender in the OS installation images (WIM and VHD files). This feature supports the following OS installation images:

  • Windows 10 (Enterprise, Pro, and Home editions)
  • Windows Server 2019
  • Windows Server 2016

Version information

  • New version: 1.1.2011.02

This package updates the anti-malware client, anti-malware engine, and signature versions in the OS installation images to following versions:

  • Platform version: 4.18.2010.7
  • Engine version: 1.1.17600.5
  • Signature version: 1.327.658.0

Package information

The package size is approximately 140 MB.

Known issues in this update


Update information

This package includes monthly updates and fixes to the Microsoft Defender antimalware platform and engine that's used by Microsoft Defender Antivirus in Windows 10.

This package also includes the latest security intelligence update that is available up to the date of release.

How to obtain this update

Different update packages are required for different Windows OS image architectures. Select the architecture that matches the installation image to which you will apply this update:

Microsoft Defender update for Windows Operating system installation image: 32-bit | 64-bit 


Package update tool

The following prerequisites apply to running this patching tool (DefenderUpdateWinImage.ps1):

  • You must be running a 64-bit Windows 10 or later OS environment that includes PowerShell 5.1 or a later version.
  • The Microsoft.Powershell.Security and DISM modules must be installed.
  • You must start PowerShell on the device by using administrator privileges.

How to apply this update

PS C:\> DefenderUpdateWinImage.ps1 - WorkingDirectory<path> -Action AddUpdate - ImagePath <path_to_Os_Image> -Package <path_to_package>

How to remove or roll back this update

PS C:\> DefenderUpdateWinImage.ps1 - WorkingDirectory<path> -Action RemoveUpdate - ImagePath <path_to_Os_Image>

How to list the details of installed update

PS C:\> DefenderUpdateWinImage.ps1 - WorkingDirectory<path> -Action ShowUpdate - ImagePath <path_to_Os_Image>


Learn about the terminology that Microsoft uses to describe software updates.