Update for Windows Defender antimalware platform

Applies to: Windows DefenderWindows 10Windows Server 2019


This article describes an antimalware platform update package for Windows Defender for the following operating systems:

  • Windows 10 (Enterprise, Pro, and Home editions)
  • Windows Server 2019
  • Windows Server 2016

Known issues in this update

  • New file path

    Because of a change in the file path location in the update, many downloads are blocked when AppLocker is enabled.

    To work around this issue, open Group Policy, and then change the setting to Allow for the following path:

    %OSDrive%\ProgramData\Microsoft\Windows Defender\Platform\*

  • Secure Boot issue in version 4.18.1901.7 

    Some devices that are running Windows 10 do not start if they have Secure Boot turned on.

    We are working on this issue and plan to provide a fix in a future update. To work around this issue in the meantime, follow these steps:

    1. Restart the device, and enter the BIOS.

    2. Turn off Secure Boot, and then restart the device again.

    3. In an administrative Command Prompt window, run the following command:

      "%programdata%\Microsoft\Windows Defender\Platform\4.18.1901-7\MpCmdRun.exe" -revertplatform

    4. Wait for one minute, and then do the following:

      • Run sc query windefend to verify that the Windows Defender service is running.

      • Run sc qc windefend to verify that the Windows Defender binary no longer points to version 4.18.1901.7.

    5. Restart the device, re-enter the BIOS, and then turn on Secure Boot.

Update information

This package includes monthly updates and fixes to the Windows Defender antimalware platform that is used by Windows Defender Antivirus in Windows 10.

Monthly updates are installed in addition to major Windows 10 releases. Both types of updates should be installed to ensure continued protection against malware and other threats.

For more information about the product versions and about how the updates work and how you can configure and manage them, see the Manage Windows Defender Antivirus updates and apply baselines topic.

File location changes

This update makes the following binary location changes.

Affected component Old location New location

Windows Defender Antivirus service (MsMpEng.exe)

Network Realtime Inspection service (NisSrv.exe)

%ProgramFiles%\Windows Defender %ProgramData%\Microsoft\Windows Defender\Platform\<Version>
Windows Defender Antivirus drivers



All third-party applications that have references to these binaries must be updated to the new locations.

How to obtain this update

This update is available from Microsoft Update and WSUS. 

Version information

This update changes the antimalware client version.

How to find the client version information

  • Windows 10, version 1709 and later versions:

    Open the Windows Defender Security Center app, click the Settings icon, and then click About. The version number is listed under Antimalware Client Version.
  • Windows 10, version 1607, version 1703, and later versions:

    Open the Windows Defender app, click Help, and then click About. The version number is listed under Antimalware Client Version.

Package information

The package name is listed as Update for Windows Defender antimalware platform. The package size is approximately 2–3 MB.

Restart requirement

You do not have to restart the system after you install this update.

How to roll back this update

To roll back this update, use the appropriate method:

  • To roll back this update to the previous version, run the following command:

    “%programdata%\microsoft\windows defender\platform\<version>\mpcmdrun.exe” -revertplatform
  • To roll back this update to the Inbox CAMP version, run the following command:

    "%programfiles%\Windows Defender\MpCmdRun.exe" -resetplatform


Learn about the terminology that Microsoft uses to describe software updates.