- Mar 14, 2019.
- With Microsoft Security Essentials, your computer system is protected against malware and unauthorized access to your system.Thanks to its sophisticated security system, the software protects your PC against threats including viruses, trojans, and worms. The program will also automatically download the latest security updates to the virus database.
Important
Dec 10, 2019.
Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
Applies to:
There are two types of updates related to keeping Microsoft Defender Antivirus up to date:
- Security intelligence updates
- Product updates
Important
Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques.
This also applies to devices where Microsoft Defender Antivirus is running in passive mode.
You can use the below URL to find out what are the current versions:https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info
Security intelligence updates
Microsoft Defender Antivirus uses cloud-delivered protection (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection.
Note
Updates are released under the below KB numbers:
Microsoft Defender Antivirus: KB2267602
System Center Endpoint Protection: KB2461484
Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see Use Microsoft cloud-provided protection in Microsoft Defender Antivirus.
Engine updates are included with security intelligence updates and are released on a monthly cadence.
Product updates
Microsoft Defender Antivirus requires monthly updates (KB4052623) (known as platform updates), and will receive major feature updates alongside Windows 10 releases.
You can manage the distribution of updates through one of the following methods:
- The usual method you use to deploy Microsoft and Windows updates to endpoints in your network.
For more information, see Manage the sources for Microsoft Defender Antivirus protection updates.
Note
We release these monthly updates in phases. This results in multiple packages visible in your WSUS server.
Monthly platform and engine versions
For information how to update or how to install the platform update, see Update for Windows Defender antimalware platform.
All our updates contain:
- performance improvements
- serviceability improvements
- integration improvements (Cloud, Microsoft 365 Defender)
Security intelligence update version: 1.325.10.0
Released: October 01, 2020
Platform: 4.18.2009.7
Engine: 1.1.17500.4
Support phase: Security and Critical Updates
What's new
- Admin permissions are required to restore files in quarantine
- XML formatted events are now supported
- CSP support for ignoring exclusion merge
- New management interfaces for:
- UDP Inspection
- Network Protection on Server 2019
- IP Address exclusions for Network Protection
- Improved visibility into TPM measurements
- Improved Office VBA module scanning
Known Issues
No known issues
Security intelligence update version: 1.323.9.0
Released: August 27, 2020
Platform: 4.18.2008.9
Engine: 1.1.17400.5
Support phase: Security and Critical Updates
What's new
- Add more telemetry events
- Improved scan event telemetry
- Improved behavior monitoring for memory scans
- Improved macro streams scanning
- Added
AMRunningMode
to Get-MpComputerStatus PowerShell cmdlet - DisableAntiSpyware is ignored. Microsoft Defender Antivirus automatically turns itself off when it detects another antivirus program.
Known Issues
No known issues
Security intelligence update version: 1.321.30.0
Released: July 28, 2020
Platform: 4.18.2007.8
Engine: 1.1.17300.4
Support phase: Security and Critical Updates
What's new
- Improved telemetry for BITS
- Improved Authenticode code signing certificate validation
Known Issues
No known issues
Security intelligence update version: 1.319.20.0
Released: June 22, 2020
Platform: 4.18.2006.10
Engine: 1.1.17200.2
Support phase: Technical upgrade Support (Only)
What's new
- Possibility to specify the location of the support logs
- Skipping aggressive catchup scan in Passive mode.
- Allow Defender to update on metered connections
- Fixed performance tuning when caching is disabled
- Fixed registry query
- Fixed scantime randomization in ADMX
Known Issues
No known issues
Security intelligence update version: 1.317.20.0
Released: May 26, 2020
Platform: 4.18.2005.4
Engine: 1.1.17100.2
Support phase: Technical upgrade Support (Only)
What's new
- Improved logging for scan events
- Improved user mode crash handling.
- Added event tracing for Tamper protection
- Fixed AMSI Sample submission
- Fixed AMSI Cloud blocking
- Fixed Security update install log
Known Issues
No known issues
Security intelligence update version: 1.315.12.0
Released: April 30, 2020
Platform: 4.18.2004.6
Engine: 1.1.17000.2
Support phase: Technical upgrade Support (Only)
What's new
- WDfilter improvements
- Add more actionable event data to attack surface reduction detection events
- Fixed version information in diagnostic data and WMI
- Fixed incorrect platform version in UI after platform update
- Dynamic URL intel for Fileless threat protection
- UEFI scan capability
- Extend logging for updates
Known Issues
No known issues
Security intelligence update version: 1.313.8.0
Released: March 24, 2020
Platform: 4.18.2003.8
Engine: 1.1.16900.4
Support phase: Technical upgrade Support (Only)
What's new
- CPU Throttling option added to MpCmdRun
- Improve diagnostic capability
- reduce Security intelligence timeout (5 min)
- Extend AMSI engine internal log capability
- Improve notification for process blocking
Known Issues
[Fixed] Microsoft Defender Antivirus is skipping files when running a scan.
Security intelligence update version: 1.311.4.0
Released: February 25, 2020
Platform/Client: -
Engine: 1.1.16800.2
Support phase: N/A
What's new
Known Issues
No known issues
Security intelligence update version: 1.309.32.0
Released: January 30, 2020
Platform/Client: 4.18.2001.10
Engine: 1.1.16700.2
Support phase: Technical upgrade Support (Only)
What's new
- Fixed BSOD on WS2016 with Exchange
- Support platform updates when TMP is redirected to network path
- Platform and engine versions are added to WDSI
- extend Emergency signature update to passive mode
- Fix 4.18.1911.3 hang
Known Issues
[Fixed] devices utilizing modern standby mode may experience a hang with the Windows Defender filter driver that results in a gap of protection. Affected machines appear to the customer as having not updated to the latest antimalware platform.
Important
This updates is needed by RS1 devices running lower version of the platform to support SHA2.
This update has reboot flag for systems that are experiencing the hang issue.
the This update is re-released in April 2020 and will not be superseded by newer updates to keep future availability.
Important
This update is categorized as an 'update' due to its reboot requirement and will only be offered with a Windows Update
Security intelligence update version: 1.307.13.0
Released: December 7, 2019
Platform: 4.18.1911.3
Engine: 1.1.17000.7
Support phase: No support
What's new
- Fixed MpCmdRun tracing level
- Fixed WDFilter version info
- Improve notifications (PUA)
- add MRT logs to support files
Known Issues
When this update is installed, the device needs the jump package 4.10.2001.10 to be able to update to the latest platform version.
Microsoft Defender Antivirus platform support
Platform and engine updates are provided on a monthly cadence. To be fully supported, keep current with the latest platform updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest platform version:
Security and Critical Updates servicing phase - When running the latest platform version, you will be eligible to receive both Security and Critical updates to the anti-malware platform.
Technical Support (Only) phase - After a new platform version is released, support for older versions (N-2) will reduce to technical support only. Platform versions older than N-2 will no longer be supported.*
* Technical support will continue to be provided for upgrades from the Windows 10 release version (see Platform version included with Windows 10 releases) to the latest platform version.
During the technical support (only) phase, commercially reasonable support incidents will be provided through Microsoft Customer Service & Support and Microsoft’s managed support offerings (such as Premier Support). If a support incident requires escalation to development for further guidance, requires a non-security update, or requires a security update, customers will be asked to upgrade to the latest platform version or an intermediate update (*).
Platform version included with Windows 10 releases
The below table provides the Microsoft Defender Antivirus platform and engine versions that are shipped with the latest Windows 10 releases:
Microsoft Antivirus For Windows 7 64 Bit
Windows 10 release | Platform version | Engine version | Support phase |
---|---|---|---|
2004 (20H1) | 4.18.2004.6 | 1.1.17000.2 | Technical upgrade Support (Only) |
1909 (19H2) | 4.18.1902.5 | 1.1.16700.3 | Technical upgrade Support (Only) |
1903 (19H1) | 4.18.1902.5 | 1.1.15600.4 | Technical upgrade Support (Only) |
1809 (RS5) | 4.18.1807.18075 | 1.1.15000.2 | Technical upgrade Support (Only) |
1803 (RS4) | 4.13.17134.1 | 1.1.14600.4 | Technical upgrade Support (Only) |
1709 (RS3) | 4.12.16299.15 | 1.1.14104.0 | Technical upgrade Support (Only) |
1703 (RS2) | 4.11.15603.2 | 1.1.13504.0 | Technical upgrade Support (Only) |
1607 (RS1) | 4.10.14393.3683 | 1.1.12805.0 | Technical upgrade Support (Only) |
Windows 10 release info: Windows lifecycle fact sheet.
See also
Article | Description |
---|---|
Manage how protection updates are downloaded and applied | Protection updates can be delivered through a number of sources. |
Manage when protection updates should be downloaded and applied | You can schedule when protection updates should be downloaded. |
Manage updates for endpoints that are out of date | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next logon. |
Manage event-based forced updates | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events. |
Manage updates for mobile devices and virtual machines (VMs) | You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines. |
Important
Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
Applies to:
In Windows 10, version 1703 and later, the Windows Defender app is part of the Windows Security.
Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703.
Important
Disabling the Windows Security Center service will not disable Microsoft Defender AV or Windows Defender Firewall. These are disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
It may also prevent Microsoft Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
This will significantly lower the protection of your device and could lead to malware infection.
See the Windows Security article for more information on other Windows security features that can be monitored in the app.
Microsoft Antivirus For Windows 7 Free Download
The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal that is used to review and manage Microsoft Defender Advanced Threat Protection.
Review virus and threat protection settings in the Windows Security app
Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Defender.
Click the Virus & threat protection tile (or the shield icon on the left menu bar).
Comparison of settings and functions of the old app and the new app
All of the previous functions and settings from the Windows Defender app (in versions of Windows 10 before version 1703) are now found in the new Windows Security app. Settings that were previously located in Windows Settings under Update & security > Windows Defender are also now in the new app.
The following diagrams compare the location of settings and functions between the old and new apps:
Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | Description |
---|---|---|---|
1 | Update tab | Protection updates | Update the protection (Security intelligence) |
2 | History tab | Scan history | Review threats that were quarantined, removed, or allowed |
3 | Settings (links to Windows Settings) | Virus & threat protection settings | Enable various features, including Real-time protection, Cloud-delivered protection, Advanced notifications, and Automatic ample submission |
4 | Scan options | Advanced scan | Run a full scan, custom scan, or a Microsoft Defender Offline scan |
5 | Run a scan (based on the option chosen under Scan options | Quick scan | In Windows 10, version 1703 and later, you can run custom and full scans under the Advanced scan option |
Common tasks
This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Microsoft Defender Antivirus in the Windows Security app.
Note
If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The Configure end-user interaction with Microsoft Defender Antivirus topic describes how local policy override settings can be configured.
Microsoft Essentials Free Download Windows 10
Run a scan with the Windows Security app
Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Defender.
Click the Virus & threat protection tile (or the shield icon on the left menu bar).
Click Scan now.
Click Run a new advanced scan to specify different types of scans, such as a full scan.
Review the security intelligence update version and download the latest updates in the Windows Security app
Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Defender.
Click the Virus & threat protection tile (or the shield icon on the left menu bar).
Click Virus & threat protection updates. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version.
Click Check for updates to download new protection updates (if there are any).
Ensure Microsoft Defender Antivirus is enabled in the Windows Security app
Antivirus Free Download For Windows 7
Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Defender.
Click the Virus & threat protection tile (or the shield icon on the left menu bar).
Click Virus & threat protection settings.
Toggle the Real-time protection switch to On.
Note
If you switch Real-time protection off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats.
If you install another antivirus product, Microsoft Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable limited periodic scanning.
Add exclusions for Microsoft Defender Antivirus in the Windows Security app
Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Defender.
Click the Virus & threat protection tile (or the shield icon on the left menu bar).
Click Virus & threat protection settings.
Under the Exclusions setting, click Add or remove exclusions.
Click the plus icon to choose the type and set the options for each exclusion.
The following table summarizes exclusion types and what happens:
Exclusion type | Defined by | What happens |
---|---|---|
File | Location Example: c:samplesample.test | The specific file is skipped by Microsoft Defender Antivirus. |
Folder | Location Example: c:testsample | All items in the specified folder are skipped by Microsoft Defender Antivirus. |
File type | File extension Example: .test | All files with the .test extension anywhere on your device are skipped by Microsoft Defender Antivirus. |
Process | Executable file path Example: c:testprocess.exe | The specific process and any files that are opened by that process are skipped by Microsoft Defender Antivirus. |
To learn more, see:
Review threat detection history in the Windows Defender Security Center app
Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for Defender.
Click the Virus & threat protection tile (or the shield icon on the left menu bar).
Click Threat history
Click See full history under each of the categories (Current threats, Quarantined threats, Allowed threats).
Set ransomware protection and recovery options
Free Microsoft Antivirus Win 7
Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Defender.
Click the Virus & threat protection tile (or the shield icon on the left menu bar).
Click Ransomware protection.
To change Controlled folder access settings, see Protect important folders with Controlled folder access.
To set up ransomware recovery options, click Set up under Ransomware data recovery and follow the instructions for linking or setting up your OneDrive account so you can easily recover from a ransomware attack.