Advice Request Security Intelligence Updates in Microsoft Defender Antivirus and other anti-malware products (Threat Detection Changelog)

Please provide comments and solutions that are helpful to the author of this topic.

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Microsoft Defender Antivirus security intelligence and product updates
This is the latest product updates changelog:
Monthly platform and engine versions
For information how to update or install the platform update, see Update for Windows Defender antimalware platform.

All our updates contain

Performance improvements
Serviceability improvements
Integration improvements (Cloud, Microsoft 365 Defender)
January-2023 (Platform: 4.18.2301.6 | Engine: 1.1.20000.2)
Security intelligence update version: 1.383.26.0
Release date: February 14, 2023
Platform: 4.18.2301.6
Engine: 1.1.20000.2
Support phase: Security and Critical Updates

What's new
Improved ASR rule processing logic
Updated Sense token hardening
Improved Defender CSP module update channel logic
Known Issues - None
I have the latest update:
Code:
Antimalware Client Version: 4.18.2302.3
Engine Version: 1.1.20100.5
I'm wondering what version others have? I'm curious only because I'm on the Beta platform and engine update channel. :cool:
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Microsoft Defender Antivirus security intelligence and product updates

September-2023 (Platform: 4.18.23090.2008 | Engine: 1.1.23090.2007)​


  • Security intelligence update version: 1.399.44.0
  • Release date: October 3, 2023 (Engine) | October 4, 2023 (Platform)
  • Platform: 4.18.23090.2008
  • Engine: 1.1.23090.2007
  • Support phase: Security and Critical Updates

What's new​


  • Fixed automatic remediation during on demand scans involving archives with multiple threats
  • Improved the performance of scanning files on network locations
  • Added support for domain computer SID for device control policies
  • Improved installer of unified agent to include legacy version of Windows Server 2012 (6.3.9600.17735)
  • Fixed issue in device control when querying Azure AD group membership, which resulted in increased network traffic.
  • Improved parsing of attack surface reduction exclusions in the antimalware engine
  • Improved reliability in scanning PE files
  • Improved deployments safeguards for security intelligence updates

Known issues​


  • None

August-2023 (Platform: 4.18.23080.2006 | Engine: 1.1.23080.2005)​


  • Security intelligence update version: 1.397.59.0
  • Released: August 30, 2023 (Platform and Engine)
  • Platform: 4.18.23080.2006
  • Engine: 1.1.23080.2005
  • Support phase: Security and Critical Updates

What's new​



Known issues​


  • None
 
Last edited:

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
619

October-2023 (Platform: Platform: 4.18.23100.2009 | Engine: 1.1.23100.2009)​

  • Security intelligence update version: 1.401.3.0
  • Release date: November 3, 2023 (Engine) / November 6, 2023 (Platform)
  • Platform: 4.18.23100.2009
  • Engine: 1.1.23100.2009
  • Support phase: Security and Critical Updates

What's new​

Known issues​

  • None
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
619

November-2023 (Platform: 4.18.23110.3 | Engine: 1.1.23110.2)​

  • Security intelligence update version: 1.403.7.0
  • Release date: December 5, 2023 (Platform) / December 6, 2023 (Engine)
  • Platform: 4.18.23110.3
  • Engine: 1.1.23110.2
  • Support phase: Security and Critical Updates

What's new​

Known issues​

  • None
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
619
Finally.. @oldschool
Edit: I'll update my settings soon, sorry for the delay, just saw it now. Thanks!! ;)


January-2024 (Platform: 4.18.24010.12 | Engine: 1.1.24010.10)​

  • Security intelligence update version: 1.405.702.0
  • Release date: February 27, 2024
  • Platform: 4.18.24010.12
  • Engine: 1.1.24010.10
  • Support phase: Security and Critical Updates

What's new​

  • Microsoft Defender Antivirus now caches the Mark of the Web (MoTW) Alternative Data Stream (ADS) for better performance while scanning.
  • Fixed an issue that occurred in attack surface reduction in warn mode when removing scan results from the real-time protection cache.
  • Performance improvement added for OneNote.exe.
  • Cloud-based entries are regularly removed from the persistent user mode cache in Windows Defender to prevent an uncommon issue where a user could still add a certificate, based on an Indicator of compromise (IoC), to the cache after a file with that certificate had already been added via cloud signature.
  • The Sense onboarding event is now sent in passive mode for operating systems with the old Sense client.
  • Improved performance for logs created/accessed by powershell.
  • Improved performance for folders included in Controlled folder access(CFA) when accessing network files.
  • Fixed a deadlock that occurred at shutdown for Data Loss Prevention (DLP) enabled devices.
  • Fixed an issue to remove a vulnerability in the Microsoft Defender Core service.
  • Fixed an onboarding issue in the Unified Agent installation script install.ps1.
  • Fixed a memory leak that impacted some devices that received platform update 4.18.24010.7

February-2024 (Engine: 1.1.24020.9 | Platform: 4.18.24020.xx)​

  • Security intelligence update version: 1.407.46.0
  • Release date: March 6, 2024 (Engine) / To be confirmed (Platform)
  • Platform: 4.18.24020.xx (version number coming soon)
  • Engine: 1.1.24020.9
  • Support phase: Security and Critical Updates

What's new​

  • Improved support for virtualizing while compressing or decompressing zip files
  • Improved reporting in the Microsoft Defender portal (https://security.microsoft.com) for block-only remediations

Known issues​

  • None
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top