New Update Security Intelligence Updates in Microsoft Defender (Threat Detection Changelog)

[Fel Grossi]

Microsoft Defender Antivirus security intelligence and product updates - Microsoft Defender for Endpoint

Manage how Microsoft Defender Antivirus receives protection and product updates.

learn.microsoft.com

July-2024 (Platform: 4.18.24070.5 | Engine: 1.1.24070.3)​

• Security intelligence update version: 1.417.14.0
• Release date: August 7, 2024 (Engine and Platform)
• Platform: 4.18.24070.5
• Engine: 1.1.24070.3
• Support phase: Security and Critical Updates

What's new​

• False positive detections are no longer reported as ThreatNotFound in the Microsoft Defender portal.
• Optimized Network Protection calls to the backend that occur as a result of suspicious connection checks.
• Fixed the PerformanceModeStatus configuration key in Defender CSP so changing this value in the console takes effect on the endpoint.
• Resolved an issue where File Evidence Location was not always captured in scenarios where the Remote Location is inaccessible.
• New event log added (5016) to report Microsoft Defender Antivirus self-healed when a deadlock is detected during shutdown.
• Fixed a prioritization issue with full scans initiated from the portal that resulted in longer than expected full scan duration.

 

[oldschool]

I got the Platform and Engine updates today via the Beta channel, so no release notes ATM. This version will be rolling out to you at a later date.

Antimalware Client Version: 4.18.24080.4
Engine Version: 1.1.24080.5

 

[oldschool]

Today's Beta Platform update bumps MS Security to:

Antimalware Client Version: 4.18.24080.8
Engine Version: 1.1.24080.8

No release notes available as this is the beta version.

 

[SeriousHoax]

Regarding Micrsoft Defender, last year and years before that they were fixing reported false positives within 24 hours in most cases, even on weekends. But now they seem to ignore all user submissions. I submitted a false positive last month which was never checked. At the start of this month also sent a false positive which hasn't been checked yet and the submission records are removed after 30 days. Very disappointing.
I also had a false positive from the Ransomware ASR rule. To report ASR rules related FPs you have to be an enterprise customer.

 

[oldschool]

MS Defender Platform and Engine Beta updated to this version.

Antimalware Client Version: 4.18.24080.9
Engine Version: 1.1.24080.9

 

[oldschool]

Microsoft Defender Antivirus security intelligence and product updates - Microsoft Defender for Endpoint

August-2024 (Platform: 4.18.24080.9 | Engine: 1.1.24080.9)​

• Security intelligence update version: 1.419.1.0
• Release date: September 17, 2024 (Engine and Platform)
• Platform: 4.18.24080.9
• Engine: 1.1.24080.9
• Support phase: Security and Critical Updates

What's new​

• Added a new parameter to get-mppreference cmdlet (ControlledFolderAccessDefaultProtectedFolders) to show default protected folders for Controlled Folder Access (CFA).
• Fixed an issue with Device Control regarding printer security checks.
• Resolved an issue with platform rollback after an upgrade from Windows 10 to 11.
• Fixed an issue where volume exclusions weren't properly enforced in real-time protection after the completion of OOBE.
• Removed support for Windows RT devices, for example, Surface RT, that use 32-bit ARM processors and have reached their end-of-servicing date.

 

[oldschool]

MS Defender Beta Platform and Engine update.

Antimalware Client Version: 4.18.24090.4
Engine Version: 1.1.24090.4

 

[oldschool]

Beta update for Antimalware Client Version: 4.18.24090.6

 

[oldschool]

Beta update for Engine Version: 1.1.24090.7

 

[oldschool]

Beta channel update to Antimalware Client Version: 4.18.24090.11

 

[oldschool]

Beta channel update to Engine Version: 1.1.24090.11

 

[oldschool]

September-2024 (Platform: 4.18.24090.11 | Engine 1.1.24090.11)​

• Security intelligence update version: 1.421.12.0
• Release date: October 30, 2024 (Engine and Platform)
• Platform: 4.18.24090.11
• Engine: 1.1.24090.11
• Support phase: Security and Critical Updates

What's new​

• Improved detection logic to reduce false positives related to the ASR rule, Block Office applications from injecting code into other processes
• Resolved an issue that could lead to a Windows device to be marked as non-compliant in Intune when Microsoft Defender Antivirus starts.
• Resolved an issue with catchup scan configuration, where the DaysUntilAggressiveCatchupQuickScan policy setting was not honored.
• Fixed SharedSignatureRoot processing when an empty value was set.
• Fixed a problem with device control where certain file systems (like FAT, FAT32, exFAT) with volume information displayed when a blocking rule was defined.
• Improved performance in specific scenarios where network files were accessed.
• Fixed an issue with Azure Virtual Desktop where the Intune policy was not being honored.
• Fixed potential deadlock for custom detection rules on the Windows client
• Resolved an issue where antivirus exclusions were not being honored with AMSI.
• Fixed issue impacting a subset of devices where antivirus exclusions configured through SCCM were not honored

Microsoft Defender Antivirus security intelligence and product updates - Microsoft Defender for Endpoint