New Update Security Intelligence Updates in Microsoft Defender (Threat Detection Changelog)

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
8,093

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
630

March-2025 (Platform: 4.18.25030.2 | Engine 1.1.25030.1)​

  • Security intelligence update version: 1.427.3.0
  • Release date: April 1, 2025 (Engine) / April 9, 2025 (Platform)
  • Platform: 4.18.25030.2
  • Engine: 1.1.25030.1
  • Support phase: Security and Critical Updates

What's new​

  • Improved caching of device control settings to improve reliability in occasionally connected environments.
  • Performance improvement in on-access scans of files in network locations.
  • Fixed the Defender service description to match the latest installed version.
  • Improved Defender engine update logic when the update is included in a custom image.
  • Fix in health reporting where signature update data might have been incorrect.
  • Fixed reporting issue with controlled folder access (CFA) protected folders using the PowerShell cmdlet Get-MpPreference when CFA is disabled.
  • Improved performance when scanning UPX-packed files (Ultimate Packer for eXecutables) and updated the validation process to verify the integrity of the packed file itself.
  • Added support for distinguishing regular cloud allow signatures from clean Indicators of Compromise (IoC) in attack surface reduction (ASR).
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
8,093

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
8,093
April-2025 (Platform: TBD | Engine: 1.1.25040.1)
  • Security intelligence update version: 1.429.3.0
  • Release date: May 14, 2025 (Engine) / (Platform pending)
  • Platform: (coming soon)
  • Engine: 1.1.25040.1
  • Support phase: Security and Critical Updates

What's new​

  • Fixed TVM Block where we failed to block a trusted file
  • Fixed Microsoft Defender platform update timestamp to reflect the actual update time.
  • The 1002 event (An anti-malware scan was stopped before it finished) now includes details of the stop reason.
  • Added more details to the 1000 event (Scan started), like scan trigger and scan on idle.
  • Improved ASR file processing to correctly handle "allow" Indicators of Compromise (IoCs).
  • Improvement in health reporting for machines that are rebooted or hibernated.
  • Improved performance for Smart App Control (SAC) trusted file handling.
  • Improved device control logic for offline printers.
Microsoft Defender Antivirus security intelligence and product updates - Microsoft Defender for Endpoint
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top