Summary
This article describes an antimalware platform update package for Windows Defender for the following operating systems:
- Windows 10 (Enterprise, Pro, and Home editions)
- Windows Server 2016
Known issues in this update
- New file path
Because of a change in the file path location in the update, many downloads are blocked when AppLocker is enabled.
To work around this issue, open Group Policy, and then change the setting to Allow for the following path:
%OSDrive%\ProgramData\Microsoft\Windows Defender\Platform\*
-
Secure Boot issue in version 4.18.1901.7
Some devices that are running Windows 10 do not start if they have Secure Boot turned on.
We are working on this issue and plan to provide a fix in a future update. To work around this issue in the meantime, follow these steps:-
Restart the device, and enter the BIOS.
-
Turn off Secure Boot, and then restart the device again.
-
In an administrative Command Prompt window, run the following command:
"%programdata%\Microsoft\Windows Defender\Platform\4.18.1901-7\MpCmdRun.exe" -revertplatform -
Wait for one minute, and then do the following:
-
Run sc query windefend to verify that the Windows Defender service is running.
-
Run sc qc windefend to verify that the Windows Defender binary no longer points to version 4.18.1901.7.
-
-
Restart the device, re-enter the BIOS, and then turn on Secure Boot.
-
Update information
This package includes monthly updates and fixes to the Windows Defender antimalware platform that is used by Windows Defender Antivirus in Windows 10.
Monthly updates are installed in addition to major Windows 10 releases. Both types of updates should be installed to ensure continued protection against malware and other threats.
For more information about how the updates work and how you can configure and manage them, see the Manage Windows Defender Antivirus updates and apply baselines topic.
Regular monthly updates are now being provided in addition to the standard performance updates. These monthly updates apply to Windows 10, version 1607, version 1703, and version 1709.
File location changes
This update makes the following binary location changes.
| Affected component | Old location | New location |
| Windows Defender Antivirus service (MsMpEng.exe) Network Realtime Inspection service (NisSrv.exe) | %ProgramFiles%\Windows Defender | %ProgramData%\Microsoft\Windows Defender\Platform\<Version> |
| Windows Defender Antivirus drivers | %Windir%\System32\drivers | %Windir%\System32\drivers\wd |
All third-party applications that have references to these binaries must be updated to the new locations.
How to obtain this update
This update is available from Microsoft Update and WSUS.
Version information
This update changes the antimalware client version.
How to find the client version information
- Windows 10, version 1709 and later versions:
Open the Windows Defender Security Center app, click the Settings icon, and then click About. The version number is listed under Antimalware Client Version. - Windows 10, version 1607, version 1703, and later versions:
Open the Windows Defender app, click Help, and then click About. The version number is listed under Antimalware Client Version.
Package information
The package name is listed as Update for Windows Defender antimalware platform. The package size is approximately 2–3 MB.
Restart requirement
You do not have to restart the system after you install this update.
How to roll back this update
To roll back this update, use the appropriate method:
- To roll back this update to the previous version, run the following command:
“%programdata%\microsoft\windows defender\platform\<version>\mpcmdrun.exe” -revertplatform - To roll back this update to the Inbox CAMP version, run the following command:
"%programfiles%\Windows Defender\MpCmdRun.exe" -resetplatform
References
Learn about the terminology that Microsoft uses to describe software updates.