Microsoft Edge Try Microsoft Edge A fast and secure browser that's designed for Windows 10 Get started

Skip to main content
Microsoft
Microsoft Support
  • Office
  • Windows
  • Surface
  • Xbox
  • Deals
  • Support
      • Windows apps
      • OneDrive
      • Outlook
      • Skype
      • OneNote
      • PCs & tablets
      • Accessories
      • VR & mixed reality
      • Microsoft HoloLens
      • Xbox games
      • PC games
      • Windows digital games
      • Movies & TV
      • Books
      • Microsoft Azure
      • Microsoft Dynamics 365
      • Microsoft 365
      • Cloud platform
      • Enterprise
      • Data platform
      • .NET
      • Visual Studio
      • Windows Dev Center
      • Docs
      • Microsoft Store
      • Free downloads & security
      • Education
      • Store locations
      • Gift cards
    • View all
    0
    Sign in
    Microsoft Support

    Update for Windows Defender antimalware platform

    Content provided by Microsoft

    Content provided by Microsoft

    Applies to: Windows DefenderWindows 10Windows Server 2016


    Summary


    This article describes an antimalware platform update package for Windows Defender for the following operating systems:

    • Windows 10 (Enterprise, Pro, and Home editions)
    • Windows Server 2016
       

    Known issues in this update

    • Because of a change in the file path location in the update, many downloads are blocked when AppLocker is enabled.
       

      To work around this issue, open Group Policy, and then change the setting to Allow for the following path:

      %OSDrive%\ProgramData\Microsoft\Windows Defender\Platform\*

    Update information


    This package includes monthly updates and fixes to the Windows Defender antimalware platform that is used by Windows Defender Antivirus in Windows 10.

    Monthly updates are installed in addition to major Windows 10 releases. Both types of updates should be installed to ensure continued protection against malware and other threats.

    For more information about how the updates work and how you can configure and manage them, see the Manage Windows Defender Antivirus updates and apply baselines topic.

    Regular monthly updates are now being provided in addition to the standard performance updates. These monthly updates apply to Windows 10 Version 1607, Version 1703, and Version 1709.
     

    File location changes

    This update makes the following binary location changes.

    Affected component Old location New location

    Windows Defender Antivirus service (MsMpEng.exe)

    Network Realtime Inspection service (NisSrv.exe)

    %ProgramFiles%\Windows Defender %ProgramData%\Microsoft\Windows Defender\Platform\<Version>
    Windows Defender Antivirus drivers

    %Windir%\System32\drivers 

    %Windir%\System32\drivers\wd


    All third-party applications that have references to these binaries must be updated to the new locations.
     

    How to obtain this update

    This update is available from Microsoft Update and WSUS. 

    Version information

    This update changes the antimalware client version.

    How to find the client version information

    • Windows 10 Version 1709 and later versions:

      Open the Windows Defender Security Center app, click the Settings icon, and then click About. The version number is listed under Antimalware Client Version.
    • Windows 10 Version 1607, Version 1703, and later versions:

      Open the Windows Defender app, click Help, and then click About. The version number is listed under Antimalware Client Version.

    Package information

    The package name is listed as Update for Windows Defender antimalware platform. The package size is approximately 2–3 MB.
     

    Restart requirement

    You do not have to restart the system after you install this update.
     

    How to roll back this update

    To roll back this update, use the appropriate method:

    • To roll back this update to the previous version, run the following command:

      “%programdata%\microsoft\windows defender\platform\<version>\mpcmdrun.exe” -revertplatform
    • To roll back this update to the Inbox CAMP version, run the following command:

      "%programfiles%\Windows Defender\MpCmdRun.exe" -resetplatform

    References


    Learn about the terminology that Microsoft uses to describe software updates.

    Third-party information disclaimer
    The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

    Last Updated: Mar 26, 2018
    • Email
    • Print
    Thanks! Your feedback will help us improve the support experience.

    What's new

    • Surface Book 2
    • Surface Pro
    • Xbox One X
    • Xbox One S
    • VR & mixed reality
    • Windows 10 apps
    • Office apps

    Store & Support

    • Account profile
    • Download Center
    • Sales & support
    • Returns
    • Order tracking
    • Store locations
    • Support
    • Buy online, pick up in store

    Education

    • Microsoft in education
    • Office for students
    • Office 365 for schools
    • Deals for students & parents
    • Microsoft Azure in education

    Enterprise

    • Microsoft Azure
    • Enterprise
    • Data platform
    • Find a solutions provider
    • Microsoft partner resources
    • Microsoft AppSource
    • Manufacturing & resources
    • Financial services

    Developer

    • Microsoft Visual Studio
    • Windows Dev Center
    • Developer Network
    • TechNet
    • Microsoft Virtual Academy
    • Microsoft developer program
    • Channel 9
    • Office Dev Center

    Company

    • Careers
    • About Microsoft
    • Company news
    • Privacy at Microsoft
    • Investors
    • Diversity and inclusion
    • Accessibility
    • Security
    English (United States)
    • Terms of use
    • Privacy & cookies
    • Trademarks
    • © Microsoft 2018
    This site in other countries/regions
    Algérie - Français
    Argentina - Español
    Australia - English
    Belgique - Français
    België - Nederlands
    Bolivia - Español
    Bosna i Hercegovina - Hrvatski
    Brasil - Português
    Canada - English
    Canada - Français
    Chile - Español
    Colombia - Español
    Costa Rica - Español
    Crna Gora - Srpski
    Danmark - Dansk
    Deutschland - Deutsch
    Dominican Republic - Español
    Ecuador - Español
    Eesti - Eesti
    El Salvador - Español
    España - Español
    Estados Unidos - Español
    France - Français
    Guatemala - Español
    Hong Kong SAR - English
    Hrvatska - Hrvatski
    India - English
    Indonesia (Bahasa) - Bahasa
    Ireland - English
    Italia - Italiano
    Latvija - Latviešu
    Lietuva - Lietuvių
    Luxembourg - Français
    Magyarország - Magyar
    Malaysia - English
    Maroc - Français
    México - Español
    Nederland - Nederlands
    New Zealand - English
    Norge - Bokmål
    Panamá - Español
    Paraguay - Español
    Perú - Español
    Philippines - English
    Polska - Polski
    Portugal - Português
    Puerto Rico - Español
    România - Română
    Schweiz - Deutsch
    Singapore - English
    Slovenija - Slovenščina
    Slovensko - Slovenčina
    South Africa - English
    Srbija - Srpski
    Suisse - Français
    Suomi - Suomi
    Sverige - Svenska
    Tunisie - Français
    Türkiye - Türkçe
    United Kingdom - English
    United States - English
    Uruguay - Español
    Venezuela - Español
    Việt Nam - Tiếng việt
    Ísland - Íslenska
    Österreich - Deutsch
    Česká Republika - Čeština
    Ελλάδα - Ελληνικά
    България - Български
    Казахстан - Русский
    Россия - Русский
    Україна - Українська
    ישראל - עברית
    الإمارات العربية المتحدة - العربية
    المملكة العربية السعودية - العربية
    مصر - العربية
    भारत - हिंदी
    ไทย - ไทย
    中国 - 简体中文
    台灣 - 繁體中文
    日本 - 日本語
    香港特別行政區 - 繁體中文
    대한민국 - 한국어