Update for Windows Defender antimalware platform

Applies to: Windows DefenderWindows 10Windows Server 2016

Summary


This article describes an antimalware platform update package for Windows Defender for the following operating systems:

  • Windows 10 (Enterprise, Pro, and Home editions)
  • Windows Server 2016
     

Known issues in this update

  • Because of a change in the file path location in the update, many downloads are blocked when AppLocker is enabled.
     

    To work around this issue, open Group Policy, and then change the setting to Allow for the following path:

    %OSDrive%\ProgramData\Microsoft\Windows Defender\Platform\*

Update information


This package includes monthly updates and fixes to the Windows Defender antimalware platform that is used by Windows Defender Antivirus in Windows 10.

Monthly updates are installed in addition to major Windows 10 releases. Both types of updates should be installed to ensure continued protection against malware and other threats.

For more information about how the updates work and how you can configure and manage them, see the Manage Windows Defender Antivirus updates and apply baselines topic.

Regular monthly updates are now being provided in addition to the standard performance updates. These monthly updates apply to Windows 10 Version 1607, Version 1703, and Version 1709.
 

File location changes

This update makes the following binary location changes.

Affected component Old location New location

Windows Defender Antivirus service (MsMpEng.exe)

Network Realtime Inspection service (NisSrv.exe)

%ProgramFiles%\Windows Defender %ProgramData%\Microsoft\Windows Defender\Platform\<Version>
Windows Defender Antivirus drivers

%Windir%\System32\drivers 

%Windir%\System32\drivers\wd


All third-party applications that have references to these binaries must be updated to the new locations.
 

How to obtain this update

This update is available from Microsoft Update and WSUS. 

Version information

This update changes the antimalware client version.

How to find the client version information

  • Windows 10 Version 1709 and later versions:

    Open the Windows Defender Security Center app, click the Settings icon, and then click About. The version number is listed under Antimalware Client Version.
  • Windows 10 Version 1607, Version 1703, and later versions:

    Open the Windows Defender app, click Help, and then click About. The version number is listed under Antimalware Client Version.

Package information

The package name is listed as Update for Windows Defender antimalware platform. The package size is approximately 2–3 MB.
 

Restart requirement

You do not have to restart the system after you install this update.
 

How to roll back this update

To roll back this update, use the appropriate method:

  • To roll back this update to the previous version, run the following command:

    “%programdata%\microsoft\windows defender\platform\<version>\mpcmdrun.exe” -revertplatform
  • To roll back this update to the Inbox CAMP version, run the following command:

    "%programfiles%\Windows Defender\MpCmdRun.exe" -resetplatform

References


Learn about the terminology that Microsoft uses to describe software updates.