New Update Security Intelligence Updates in Microsoft Defender (Threat Detection Changelog)

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,491
F

ForgottenSeer 85179

oldschool

Level 83
Verified
Top Poster
Well-known
Mar 29, 2018
7,210
Microsoft Defender Antivirus security intelligence and product updates
This is the latest product updates changelog:
Monthly platform and engine versions
For information how to update or install the platform update, see Update for Windows Defender antimalware platform.

All our updates contain

Performance improvements
Serviceability improvements
Integration improvements (Cloud, Microsoft 365 Defender)
January-2023 (Platform: 4.18.2301.6 | Engine: 1.1.20000.2)
Security intelligence update version: 1.383.26.0
Release date: February 14, 2023
Platform: 4.18.2301.6
Engine: 1.1.20000.2
Support phase: Security and Critical Updates

What's new
Improved ASR rule processing logic
Updated Sense token hardening
Improved Defender CSP module update channel logic
Known Issues - None
I have the latest update:
Code:
Antimalware Client Version: 4.18.2302.3
Engine Version: 1.1.20100.5
I'm wondering what version others have? I'm curious only because I'm on the Beta platform and engine update channel. :cool:
 

oldschool

Level 83
Verified
Top Poster
Well-known
Mar 29, 2018
7,210
Microsoft Defender Antivirus security intelligence and product updates

September-2023 (Platform: 4.18.23090.2008 | Engine: 1.1.23090.2007)​


  • Security intelligence update version: 1.399.44.0
  • Release date: October 3, 2023 (Engine) | October 4, 2023 (Platform)
  • Platform: 4.18.23090.2008
  • Engine: 1.1.23090.2007
  • Support phase: Security and Critical Updates

What's new​


  • Fixed automatic remediation during on demand scans involving archives with multiple threats
  • Improved the performance of scanning files on network locations
  • Added support for domain computer SID for device control policies
  • Improved installer of unified agent to include legacy version of Windows Server 2012 (6.3.9600.17735)
  • Fixed issue in device control when querying Azure AD group membership, which resulted in increased network traffic.
  • Improved parsing of attack surface reduction exclusions in the antimalware engine
  • Improved reliability in scanning PE files
  • Improved deployments safeguards for security intelligence updates

Known issues​


  • None

August-2023 (Platform: 4.18.23080.2006 | Engine: 1.1.23080.2005)​


  • Security intelligence update version: 1.397.59.0
  • Released: August 30, 2023 (Platform and Engine)
  • Platform: 4.18.23080.2006
  • Engine: 1.1.23080.2005
  • Support phase: Security and Critical Updates

What's new​



Known issues​


  • None
 
Last edited:

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
623

October-2023 (Platform: Platform: 4.18.23100.2009 | Engine: 1.1.23100.2009)​

  • Security intelligence update version: 1.401.3.0
  • Release date: November 3, 2023 (Engine) / November 6, 2023 (Platform)
  • Platform: 4.18.23100.2009
  • Engine: 1.1.23100.2009
  • Support phase: Security and Critical Updates

What's new​

Known issues​

  • None
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
623

November-2023 (Platform: 4.18.23110.3 | Engine: 1.1.23110.2)​

  • Security intelligence update version: 1.403.7.0
  • Release date: December 5, 2023 (Platform) / December 6, 2023 (Engine)
  • Platform: 4.18.23110.3
  • Engine: 1.1.23110.2
  • Support phase: Security and Critical Updates

What's new​

Known issues​

  • None
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
623
Finally.. @oldschool
Edit: I'll update my settings soon, sorry for the delay, just saw it now. Thanks!! ;)


January-2024 (Platform: 4.18.24010.12 | Engine: 1.1.24010.10)​

  • Security intelligence update version: 1.405.702.0
  • Release date: February 27, 2024
  • Platform: 4.18.24010.12
  • Engine: 1.1.24010.10
  • Support phase: Security and Critical Updates

What's new​

  • Microsoft Defender Antivirus now caches the Mark of the Web (MoTW) Alternative Data Stream (ADS) for better performance while scanning.
  • Fixed an issue that occurred in attack surface reduction in warn mode when removing scan results from the real-time protection cache.
  • Performance improvement added for OneNote.exe.
  • Cloud-based entries are regularly removed from the persistent user mode cache in Windows Defender to prevent an uncommon issue where a user could still add a certificate, based on an Indicator of compromise (IoC), to the cache after a file with that certificate had already been added via cloud signature.
  • The Sense onboarding event is now sent in passive mode for operating systems with the old Sense client.
  • Improved performance for logs created/accessed by powershell.
  • Improved performance for folders included in Controlled folder access(CFA) when accessing network files.
  • Fixed a deadlock that occurred at shutdown for Data Loss Prevention (DLP) enabled devices.
  • Fixed an issue to remove a vulnerability in the Microsoft Defender Core service.
  • Fixed an onboarding issue in the Unified Agent installation script install.ps1.
  • Fixed a memory leak that impacted some devices that received platform update 4.18.24010.7

February-2024 (Engine: 1.1.24020.9 | Platform: 4.18.24020.xx)​

  • Security intelligence update version: 1.407.46.0
  • Release date: March 6, 2024 (Engine) / To be confirmed (Platform)
  • Platform: 4.18.24020.xx (version number coming soon)
  • Engine: 1.1.24020.9
  • Support phase: Security and Critical Updates

What's new​

  • Improved support for virtualizing while compressing or decompressing zip files
  • Improved reporting in the Microsoft Defender portal (https://security.microsoft.com) for block-only remediations

Known issues​

  • None
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
623

March-2024 (Engine: 1.1.24030.4 | Platform: Coming soon)​

  • Security intelligence update version: 1.409.1.0
  • Release date: April 2, 2024 (Engine) / Coming soon (Platform)
  • Engine: 1.1.24030.4
  • Platform: Coming soon
  • Support phase: Security and Critical Updates

What's new​

  • Added manageability settings to opt-out for One Collector telemetry channel and Experimentation and Configuration Service (ECS).
  • Microsoft Defender Core Service will be disabled when 3rd party Antivirus is installed (except when Defender for Endpoint is running in Passive mode).
  • The known issue in 4.18.24020.7 where enforcement of device level access policies wasn't working as expected no longer occurs.
  • Fixed high CPU issue caused by redetection done during Sense originating scans.
  • Fixed an issue with Security Intelligence Update disk cleanup.
  • Fixed an issue where the Signature date information on the Security Health report wasn't accurate.
  • Introducted performance improvements when processing paths for exclusions.
  • Added improvements to allow recovering from erroneously added Indicators of compromise (IoC).
  • Improved resilience in processing attack surface reduction exclusions for Anti Malware Scan Interface (AMSI) scans.
  • Fixed a high memory issue related to the Behavior Monitoring queue that occured when MAPS is disabled.
  • A possible deadlock when receiving a Tamper protection configuration change from the Microsoft Defender portal no longer occurs.
 

oldschool

Level 83
Verified
Top Poster
Well-known
Mar 29, 2018
7,210
Nice to see MS refining its AV. I'm on Antimalware Client Version: 4.18.24030.9 since I enabled Platform and Engine Beta updates, though my Engine is as shown above.
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
623

All our updates contain

  • Performance improvements
  • Serviceability improvements
  • Integration improvements (Cloud, Microsoft Defender XDR)

May-2024 (Engine: 1.1.24050.5 | Platform: 4.18.24050.7)​

  • Security intelligence update version: 1.413.1.0
  • Release date: May 30, 2024 (Engine) / June 4, 2024 (Platform)
  • Engine: 1.1.24050.5
  • Platform: 4.18.24050.7
  • Support phase: Security and Critical Updates

What's new​

  • Improved performance when running configuration queries.
  • Optimized how scans are prioritized.
  • Fixed a crash caused by a race condition with a device control driver.
  • Added Event Viewer Logging for scan start event where the scan originates from Powershell.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top