New Update Security Intelligence Updates in Microsoft Defender (Threat Detection Changelog)

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
F

ForgottenSeer 85179

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,577
Microsoft Defender Antivirus security intelligence and product updates
This is the latest product updates changelog:
Monthly platform and engine versions
For information how to update or install the platform update, see Update for Windows Defender antimalware platform.

All our updates contain

Performance improvements
Serviceability improvements
Integration improvements (Cloud, Microsoft 365 Defender)
January-2023 (Platform: 4.18.2301.6 | Engine: 1.1.20000.2)
Security intelligence update version: 1.383.26.0
Release date: February 14, 2023
Platform: 4.18.2301.6
Engine: 1.1.20000.2
Support phase: Security and Critical Updates

What's new
Improved ASR rule processing logic
Updated Sense token hardening
Improved Defender CSP module update channel logic
Known Issues - None
I have the latest update:
Code:
Antimalware Client Version: 4.18.2302.3
Engine Version: 1.1.20100.5
I'm wondering what version others have? I'm curious only because I'm on the Beta platform and engine update channel. :cool:
 

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,577
Microsoft Defender Antivirus security intelligence and product updates

September-2023 (Platform: 4.18.23090.2008 | Engine: 1.1.23090.2007)​


  • Security intelligence update version: 1.399.44.0
  • Release date: October 3, 2023 (Engine) | October 4, 2023 (Platform)
  • Platform: 4.18.23090.2008
  • Engine: 1.1.23090.2007
  • Support phase: Security and Critical Updates

What's new​


  • Fixed automatic remediation during on demand scans involving archives with multiple threats
  • Improved the performance of scanning files on network locations
  • Added support for domain computer SID for device control policies
  • Improved installer of unified agent to include legacy version of Windows Server 2012 (6.3.9600.17735)
  • Fixed issue in device control when querying Azure AD group membership, which resulted in increased network traffic.
  • Improved parsing of attack surface reduction exclusions in the antimalware engine
  • Improved reliability in scanning PE files
  • Improved deployments safeguards for security intelligence updates

Known issues​


  • None

August-2023 (Platform: 4.18.23080.2006 | Engine: 1.1.23080.2005)​


  • Security intelligence update version: 1.397.59.0
  • Released: August 30, 2023 (Platform and Engine)
  • Platform: 4.18.23080.2006
  • Engine: 1.1.23080.2005
  • Support phase: Security and Critical Updates

What's new​



Known issues​


  • None
 
Last edited:

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
627

October-2023 (Platform: Platform: 4.18.23100.2009 | Engine: 1.1.23100.2009)​

  • Security intelligence update version: 1.401.3.0
  • Release date: November 3, 2023 (Engine) / November 6, 2023 (Platform)
  • Platform: 4.18.23100.2009
  • Engine: 1.1.23100.2009
  • Support phase: Security and Critical Updates

What's new​

Known issues​

  • None
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
627

November-2023 (Platform: 4.18.23110.3 | Engine: 1.1.23110.2)​

  • Security intelligence update version: 1.403.7.0
  • Release date: December 5, 2023 (Platform) / December 6, 2023 (Engine)
  • Platform: 4.18.23110.3
  • Engine: 1.1.23110.2
  • Support phase: Security and Critical Updates

What's new​

Known issues​

  • None
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
627
Finally.. @oldschool
Edit: I'll update my settings soon, sorry for the delay, just saw it now. Thanks!! ;)


January-2024 (Platform: 4.18.24010.12 | Engine: 1.1.24010.10)​

  • Security intelligence update version: 1.405.702.0
  • Release date: February 27, 2024
  • Platform: 4.18.24010.12
  • Engine: 1.1.24010.10
  • Support phase: Security and Critical Updates

What's new​

  • Microsoft Defender Antivirus now caches the Mark of the Web (MoTW) Alternative Data Stream (ADS) for better performance while scanning.
  • Fixed an issue that occurred in attack surface reduction in warn mode when removing scan results from the real-time protection cache.
  • Performance improvement added for OneNote.exe.
  • Cloud-based entries are regularly removed from the persistent user mode cache in Windows Defender to prevent an uncommon issue where a user could still add a certificate, based on an Indicator of compromise (IoC), to the cache after a file with that certificate had already been added via cloud signature.
  • The Sense onboarding event is now sent in passive mode for operating systems with the old Sense client.
  • Improved performance for logs created/accessed by powershell.
  • Improved performance for folders included in Controlled folder access(CFA) when accessing network files.
  • Fixed a deadlock that occurred at shutdown for Data Loss Prevention (DLP) enabled devices.
  • Fixed an issue to remove a vulnerability in the Microsoft Defender Core service.
  • Fixed an onboarding issue in the Unified Agent installation script install.ps1.
  • Fixed a memory leak that impacted some devices that received platform update 4.18.24010.7

February-2024 (Engine: 1.1.24020.9 | Platform: 4.18.24020.xx)​

  • Security intelligence update version: 1.407.46.0
  • Release date: March 6, 2024 (Engine) / To be confirmed (Platform)
  • Platform: 4.18.24020.xx (version number coming soon)
  • Engine: 1.1.24020.9
  • Support phase: Security and Critical Updates

What's new​

  • Improved support for virtualizing while compressing or decompressing zip files
  • Improved reporting in the Microsoft Defender portal (https://security.microsoft.com) for block-only remediations

Known issues​

  • None
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
627

March-2024 (Engine: 1.1.24030.4 | Platform: Coming soon)​

  • Security intelligence update version: 1.409.1.0
  • Release date: April 2, 2024 (Engine) / Coming soon (Platform)
  • Engine: 1.1.24030.4
  • Platform: Coming soon
  • Support phase: Security and Critical Updates

What's new​

  • Added manageability settings to opt-out for One Collector telemetry channel and Experimentation and Configuration Service (ECS).
  • Microsoft Defender Core Service will be disabled when 3rd party Antivirus is installed (except when Defender for Endpoint is running in Passive mode).
  • The known issue in 4.18.24020.7 where enforcement of device level access policies wasn't working as expected no longer occurs.
  • Fixed high CPU issue caused by redetection done during Sense originating scans.
  • Fixed an issue with Security Intelligence Update disk cleanup.
  • Fixed an issue where the Signature date information on the Security Health report wasn't accurate.
  • Introducted performance improvements when processing paths for exclusions.
  • Added improvements to allow recovering from erroneously added Indicators of compromise (IoC).
  • Improved resilience in processing attack surface reduction exclusions for Anti Malware Scan Interface (AMSI) scans.
  • Fixed a high memory issue related to the Behavior Monitoring queue that occured when MAPS is disabled.
  • A possible deadlock when receiving a Tamper protection configuration change from the Microsoft Defender portal no longer occurs.
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
627

All our updates contain

  • Performance improvements
  • Serviceability improvements
  • Integration improvements (Cloud, Microsoft Defender XDR)

May-2024 (Engine: 1.1.24050.5 | Platform: 4.18.24050.7)​

  • Security intelligence update version: 1.413.1.0
  • Release date: May 30, 2024 (Engine) / June 4, 2024 (Platform)
  • Engine: 1.1.24050.5
  • Platform: 4.18.24050.7
  • Support phase: Security and Critical Updates

What's new​

  • Improved performance when running configuration queries.
  • Optimized how scans are prioritized.
  • Fixed a crash caused by a race condition with a device control driver.
  • Added Event Viewer Logging for scan start event where the scan originates from Powershell.
 

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,577
Microsoft Defender Antivirus security intelligence and product updates - Microsoft Defender for Endpoint

June-2024 (Platform: 4.18.24060.xxxx | Engine: 1.1.24060.5)​

  • Security intelligence update version: 1.415.1.0
  • Release date: July 9, 2024 (Engine) / TBD (Platform)
  • Platform: 4.18.24060.xxxx
  • Engine: 1.1.24060.5
  • Support phase: Security and Critical Updates

What's new​

  • Fixed issue where Microsoft Defender Antivirus was not properly changing state when non-Microsoft antivirus/antimalware software was installed and Windows Defender Application Control (WDAC) with Intelligent Security Graph were enabled.
  • Fixed deadlock issue on VDI that occurred when loading corrupted update files from UNC share.
  • Custom scans started with Start-MpScan are now reported in the event log.
  • Fixed potential deadlock that occurred on volume mount scanning.
  • Fixed issue where Microsoft Defender Antivirus did not allow applications to clean up temporary files.
  • Fixed potentially packet loss due to network protection shutdown that could lead to deadlock.
  • Implemented performance improvements for scenarios where WDAC is enabled with Intelligent Security Graph.
  • Fixed an issue where an Outlook exclusion for the ASR rule Block Office applications from injecting code into other processes was not honored.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top