Applies ToWindows Server 2022 Windows Server 2019 Windows Server 2016 Windows 10 Windows 11
Important: The National Public Data breach exposed personal information, including names, addresses, and social security numbers. Learn how to protect yourself and how Microsoft Defender is helping to prevent fraud. See: National Public Data breach: What you need to know.
Summary
The first hours of a newly installed Windows deployment can leave the system vulnerable because of a Microsoft Defender protection gap. This is because the OS installation images may contain outdated antimalware software binaries.
The devices on which these deployments are made are inadequately protected until they receive the first antimalware software update. Defender updates also contain critical performance fixes that will improve the user experience. Devices that use either the Windows built-in antivirus or another security solution can benefit from these updates. We recommend that you regularly service OS installation images to update Microsoft Defender binaries and minimize this protection gap in new deployments. You should follow a three-month update frequency routine.
No ordering is required to apply the latest cumulative update (LCU) versus the Microsoft Defender update offline.
This article describes antimalware update package for Microsoft Defender in the OS installation images (WIM and VHD files). This feature supports the following OS installation images:
-
Windows 11
-
Windows 10 (Enterprise, Pro, and Home editions)
-
Windows Server 2022
-
Windows Server 2019
-
Windows Server 2016
Version information
Notes:
-
After a new package version is released, support for the previous two versions will be reduced to technical support only.
-
Versions prior to the previous two versions will no longer be supported. For more information, see Manage Windows Defender Antivirus updates and apply baselines.
-
Defender package version: 1.423.160.0
This package updates the anti-malware client, anti-malware engine, and signature versions in the OS installation images to following versions:
-
Platform version: 4.18.25010.11
-
Engine version: 1.1.25010.7
-
Security intelligence version: 1.423.160.0
Package information
The package size is approximately:
-
ARM64: 78.2 MB
-
X86: 128 MB
-
X64: 132 MB
Known issues in this update
(None)
Update information
This package includes monthly updates and fixes to the Microsoft Defender antimalware platform and engine that is used by Microsoft Defender Antivirus in Windows 11. This package should be applied offline on Windows Images/VHD(x) file.
Learn more about the package contents here: Manage Microsoft Defender Antivirus updates and apply baselines | Microsoft Learn
This package also includes the latest security intelligence update that is available up to the date of release. Learn more about security intelligence updates including the release notes here.
How to obtain this update
Different update packages are required for different Windows OS image architectures. Select the architecture that matches the installation image to which you will apply this update:
Microsoft Defender update for Windows Operating system installation image: 32-bit | 64-bit | ARM64
Note: These links point to defender-update-kit-[x86|x64|arm].zip. Extract this .zip file to get the Defender update package (defender-dism-[x86|x64|arm].cab) and an updating tool (DefenderUpdateWinimage.ps1) that assists the update operation for OS installation images.
Package update tool
The following prerequisites apply to running this updating tool (DefenderUpdateWinImage.ps1):
-
You must be running a 64-bit Windows 10 or a later OS environment that includes PowerShell 5.1 or a later version.
-
The Microsoft.Powershell.Security and DISM modules must be installed.
-
You must start PowerShell on the device by using administrator privileges.
Notes:
-
Do not use this package to update live images because it can damage the Windows installation that Is running inside the virtual machine.
-
The DefenderUpdateWinImage.ps1 tool provides an option to remove the update. However, you may still want to keep a backup copy of images before you apply the update.
How to apply this update
PS C:\> DefenderUpdateWinImage.ps1 -WorkingDirectory <path> -ImageIndex ImageIndexNumber -Action AddUpdate -ImagePath <path_to_Os_Image> -Package
Note: To make sure that you are adding the package to the operating system edition that you are installing, use the following command to determine the ImageIndexNumber value. The index number can vary based on the Install.wim file that you are using.
Dism /get-imageinfo /imagefile:<path_to_OS_Image>
Check the list of operating system editions in the Install.wim file, and note the index number for the operating system edition that you want to install:
Index: 3
Name: Windows 11 Enterprise
Description: Windows 11 Enterprise
Size: 16,472,078,997 bytes
To add the package to Windows 11 Enterprise, use the following value:
-ImageIndex 3
How to remove or roll back this update
PS C:\> DefenderUpdateWinImage.ps1 -WorkingDirectory <path> -Action RemoveUpdate -ImagePath <path_to_Os_Image>
How to list the details of installed update
PS C:\> DefenderUpdateWinImage.ps1 -WorkingDirectory <path> -Action ShowUpdate -ImagePath <path_to_Os_Image>
References
Learn about the terminology that Microsoft uses to describe software updates.
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Page 1 of 11
-
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
-
It would be nice if you could mention the original links / sources in OP, how are you authoring these cabs and if it can be automated via a diy script.
The integration script can be provided right at OP in a code block and/or attached as zip for more transparency.
And using google drive links is less accessible and more volatile than for example a github, but still better than mediafire & coPeople are naturally circumspect (or at least they should be) when it comes to stuff touching the core defense mechanisms of windows.
And because I and probably others don’t feel like checking each file for having a valid digital signature,
I present a 3rd-party verify script:@(set `" <#=")& echo off & title Defender Update Kit Verification Tool v1.6 set "0=%~f0"&set 1=%*& powershell -nop -c iex ([io.file]::ReadAllText($env:0)) &exit/b || #>) $messages = @{ WARN_DEFENDER_CABS_MISSING = " Place this script in the same folder as Defender Update cabs " WARN_DIGITAL_SIGNATURES_ERR = " ERR! " WARN_DIGITAL_SIGNATURES_OK = " OK! " } cd -Lit(split-path $env:0) $x86 = gci defender-dism-x86*.cab | sort creationtime | select-object -last 1 $x64 = gci defender-dism-x64*.cab | sort creationtime | select-object -last 1 $arm64 = gci defender-dism-arm64*.cab | sort creationtime | select-object -last 1 if ($null -eq $x86 -and $null -eq $x64 -and $null -eq $arm64) { write-host -fore black -back yellow $messages.WARN_DEFENDER_CABS_MISSING; choice /c EX1T; exit 1 } $root = "defender-dism"; ri $root -recurse -force -ea 0|out-null; ni $root -item directory -force -ea 0|out-null if ($x86) {ni "$root\x86" -item directory -force -ea 0|out-null; expand -R $x86.Name -F:* "$root\x86"} if ($x64) {ni "$root\x64" -item directory -force -ea 0|out-null; expand -R $x64.Name -F:* "$root\x64"} if ($arm64) {ni "$root\arm64" -item directory -force -ea 0|out-null; expand -R $arm64.Name -F:* "$root\arm64"} $ext = '.exe .dll .mui .sys .ax .ocx .cpl .scr .msu .msi .Msix .msixbundle .appx .appxbundle .cab .cat .cdxml .ps1xml .psd1 .psm1' $filter = $ext.Split(); $err = @() gci $root\*.* -file -recurse | foreach-object { if ($filter -contains $_.Extension) { $sig = Get-AuthenticodeSignature $_ if ($sig.status -eq 0) { $sig.SignerCertificate| add-member Thumbprint $sig.SignerCertificate.Subject.Split('=')[1].Trim(', O').Trim(', OU') -force write-output $sig } else { $err += "Invalid "+$_.FullName+"`nModified "+$_.LastWriteTime+" Size "+$_.Length+"`n" } } } write-host if ($err.length -eq 0 -and ($x86 -or $x64 -or $arm64)) { write-host -fore yellow -back darkgreen $messages.WARN_DIGITAL_SIGNATURES_OK } else { write-output $err; write-host -fore yellow -back darkred $messages.WARN_DIGITAL_SIGNATURES_ERR } write-host choice /c EX1T #,# AveYo and steven4554Save as defender_update_kit_verify.bat in the same folder as Defender Update Kit cabs
It will extract cabs in a defender-dism folder, then run Get-AuthenticodeSignature powershell cmdlet on all sensitive files.
Hope it helps someone.[update]
2021.08.10: +fix arm64 support from steven4554
2021.09.15: enhanced output
2021.09.16: improve output speed
Attached Files:
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
Not available on MS Catalog yet, if anyone have the direct download links to v4.18.2104.5 it would be appreciated.
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
Thanks, but the cabs on that MS website, are now out of date. Plus, MS only updates once a month now. It wouldn’t surprise me when they do stop making cabs altogether.
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
-
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
When it is updated, it is always better to look for it on MS sites and not elsewhere
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
And those are certainly just these two pages
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
-
MS pages, not packing and repacking
Stop hovering to collapse…
Click to collapse…
Hover to expand…
Click to expand…
Page 1 of 11
For Integration into offline Windows 11/10 images only, not to be installed on a Running/functioning Windows 11/10 OS!
I will provide updated defender cabs on the 1st, 2nd, 3rd and 4th week of the same month, always on a Friday. Updates will be available from this first post only.
Credit goes to members on My Digital Life Forum:-
abbodi1406 for signature blocks in the Windows Defender Integration Tool script. And for providing direct download links for the beta platform updates.
Enthousiast for pointing out the missing files, letting me know about new platform updates and for testing the new defender cabs.
AveYo for creating a verification tool that checks the digital signatures of files inside the cabs, to make sure they are valid and not tampered with. This script has been updated to support arm64.
drew84, Stripakulina and Enthousiast For providing direct download links for the x64 beta platform updates.
atplsx for providing the direct download links to pre-release platform updates.
—————————————————————-
To integrate the updated Platform and Anti-Malware definitions into your Windows 10/11 offline images, you can use the tools below:-
1. Windows NT 10.0 Updates Installer v10.53 — Tool created and maintained by abbodi1406
2. UUP to ISO Converter v113 — Tool created and maintained by abbodi1406
3. Defender files Verification Tool v2.1 — Tool created by AveYo, Updated by AveYo and steven4554
——————————————————————
Details
Released: May 9th, 2025
Next Update: May 16th, 2025
Defender: 5.4.2504.6
Engine: 1.1.25030.1
Platform: 4.18.25030.2
Version: 1.427.719.0
x64
File Size: 201.8MB / SHA-1: D0B281A08EA4F3BF246B034B2375AA234E9E047A
arm64
File Size: 200.0MB / SHA-1: D1810AD8A974BBE4B2EF5F0EE28C02E3A3B24F17
x86 — (This cab is for Windows 10 x86 only!)
File Size: 196.7MB / SHA-1: E85CCB3892F54B9BFF9B795BB8CCC1666DE9F679
Defender cabs can be downloaded here: https://mega.nz/folder/S8xknZDK#heADKKYAv9w2HUQV6s8Ntw
Download the previous two versions of supported defender cabs:-
https://mega.nz/folder/C4h3TALT#sD9qhmluImsDV7YGhpBADg
Please Note — Defender cabs (x64, arm64 and x86) will continue to be updated until end of the Windows 10 ESU programme.
Users that are running both Enterprise editions of LTSC 2021, defender cabs will continue to be made for x64 until end of support of both SKU’s. As for x86, I will continue making cabs until end of support date of the LTSC Enterprise 2021 version. Which is on January 12th, 2027!
Edited by steven4554
See also
Microsoft has released on Friday a new tool that will allow system administrators to update the Defender security package inside Windows installation images (WIM or VHD supported).
The new tool was created for enterprise environments where workstations and servers are serviced or mass-installed using installation images.
Some of these images are reused for months at a time, and the Microsoft Defender (default antivirus) package found inside would usually end up being installed using an out-of-date detection database.
The newly installed Windows operating systems would eventually update the Defender package, but Microsoft says that this creates a «protection gap» during which systems could be easily attacked and infected.
Microsoft’s new tool is intended to allow system administrators to update their WIM or VHD installation images to contain the most recent Defender component before deploying it on their device fleet.
The new tool was provided for both 32-bit and 64-bit architectures and supports installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016.
«These links point to zip files defender-update-kit-[x86|x64].zip. Extract the .zip file to get the Defender update package (defender-dism-[x86|x64].cab) and an update patching tool (defenderupdatewinimage.ps1) that assists update operation for OS installation images,» Microsoft said on Friday.
To run the tool, just run the DefenderUpdateWinImage.ps1 Powershell script.
This script needs to be run with Administrator privileges from a 64-bit Windows 10 or later OS environment with PowerShell 5.1 or later versions. Powershell required modules include Microsoft.Powershell.Security and DISM.
How to apply this update
PS C:\> DefenderUpdateWinImage.ps1 — WorkingDirectory —Action AddUpdate — ImagePath -Package
How to remove or roll back this update
PS C:\> DefenderUpdateWinImage.ps1 — WorkingDirectory —Action RemoveUpdate — ImagePath
How to list details of installed update
PS C:\> DefenderUpdateWinImage.ps1 — WorkingDirectory —Action ShowUpdate — ImagePath
Additional information is available in this Windows support page.
Security
Editorial standards
Здравствуйте админ! После того, как я обновил на своём ноутбуке Windows 8.1 до Windows 10, десятка стала активно обновляться и после каждого выключения ноутбука выходит сообщение «Работа с обновлениями. Завершено 100%. Не выключайте компьютер» и ноутбук не выключается довольно долго, мне это надоело и я отключил обновления Windows по вашей статье. Всё бы хорошо, но в качестве антивирусной программы я использую Защитник Windows (Windows Defender), а его антивирусные базы обновляются через Центр обновления Windows, который я отключил, а это значит, что антивирусные базы встроенного в Win 10 антивируса не получают обновлений. Скажите, как можно вручную обновить Защитник Windows? Можно где-то отдельно скачать файлы обновлений для Защитника Windows для операционных систем Windows 7, Windows 8.1 и Windows 10?
Как вручную (автономно) обновить встроенный в Windows 10 антивирус Windows Defender (Защитник Windows)
Привет друзья! Все мы знаем, что встроенный в Windows 10 бесплатный антивирус Windows Defender защищает нашу операционную систему от различных вредоносных программ и получает обновления вирусных сигнатур каждый день через Центр обновлений Windows.
Если вы отключили обновления в Windows 10, то это значит, что встроенный в операционную систему антивирус Windows Defender также не будет обновляться. Поэтому имеет большое значение, держать Центр обновления Windows включенным, чтобы Защитник Windows получал обновления своевременно.
Если вы по каким-либо причинам отключили обновления Windows, то обновить Windows Defender можно вручную (автономно), в сегодняшней статье я покажу вам, как это можно сделать.
В параметрах Windows выбираем «Обновление и безопасность»,
затем «Защитник Windows» и смотрим версию подсистемы, а также определения антивирусной программы и определения антишпионской программы. После ручного обновления версии должны измениться.
Щёлкаем левой мышью на кнопке «Поиск Windows»
и набираем «Защитник Windows», затем жмём на появившееся приложение «Защитник Windows»,
появляется окно антивируса Windows Defender. Видим, что определения вирусов и программ-шпионов очень старые.
Жмём на кнопку «Обновить».
Жмём на кнопку «Обновление определений».
Происходит обновление антивирусных баз Защитника Windows.
Антивирус обновлён.
Версия подсистемы, а так же определения антивирусной программы и определения антишпионской программы изменились.
В процессе обновления у вас может выйти ошибка — «Не удалось обновить определения вирусов и программ шпионов».
В этом случае перейдите по ссылке на официальный сайт Майкрософт
https://www.microsoft.com/en-us/wdsi/definitions
Обновление защиты от вредоносных программ и программ-шпионов программное обеспечение Microsoft.
Ведём шкалу прокрутки вниз до слов…
Обновления для защиты от вредоносных программ и программ-шпионов.
Выбираем версию установленной на нашем компьютере операционной системы и её разрядность. В моём случае, это Windows 10-64 бит.
Мне на компьютер скачивается файл mpam-fe.exe с обновлениями вирусных сигнатур для Защитника Windows размером 120 Мб. Запускаю данный файл от администратора.
Программа не открывает никакого окна. Windows Defender обновляется за несколько минут. Теперь в параметрах Windows выберите «Обновление и безопасность», затем «Защитник Windows» и смотрите версию подсистемы, а также определения антивирусной программы и определения антишпионской программы. После ручного обновления версии должны измениться.