New Update Security Intelligence Updates in Microsoft Defender (Threat Detection Changelog)

[oldschool]

I could not find any group policy for update channel, and PS did not work neither.

You need to run as administrator, enable Powershell, and change directory to C:\Users\Username.

 

[Parkinsond]

You need to run as administrator, enable Powershell, and change directory to C:\Users\Username.

Thank you; it worked I was missing changing the directory.

 

[oldschool]

@Parkinsond - For GPEdit, go to Administrative templates > Windows Components > MS Defender > scroll down near the bottom. You'll see Engine and Platform.

 

[oldschool]

Beta channel update: Antimalware Client Version: 4.18.25090.3006

 

[oldschool]

Beta channel update: Antimalware Client Version: 4.18.25090.3009

 

[oldschool]

Beta channel update: Engine Version: 1.1.25100.3

 

[oldschool]

Beta channel update: Engine Version: 1.1.25100.9002

 

[oldschool]

September-2025 (Platform: 4.18.25090.3009 | Engine: 1.1.25090.3001)

• Security intelligence update version: 1.439.345.0
• Release date: September 8, 2025 (Engine) / September 21, 2025 (Platform)
• Platform: 4.18.25090.3009
• Engine: 1.1.25090.3001
• Support phase: Security and Critical Updates

What's new​

• Improved service startup behavior: The core service now only restarts when necessary, for example, during a successful platform update. This change allows the organization to avoid unnecessary restarts when the service is already running correctly.
• Improved stability for RPC services: Added input validation across multiple RPC endpoints to prevent crashes caused by malformed data, which addresses a reported security vulnerability.
• Fixed threat exclusion handling: Resolved an issue where severity-based exclusions could cause the engine to misidentify threats, potentially skipping high severity detections.
• Restored performance optimization for network file access: Fixed a regression that caused slowdowns during file operations, like robocopy to network shares. The fix included reintroducing the logic to skip unnecessary checks on non-local files when Controlled Folder Access is enabled.

 

[oldschool]

Beta channel update: Antimalware Client Version: 4.18.25100.9002

 

[oldschool]

Beta channel update: Antimalware Client Version: 4.18.25100.9003

 

[oldschool]

Beta channel update: Antimalware Client Version: 4.18.25100.9004

 

[oldschool]

Beta channel update: Engine Version: 1.1.25110.1

 

[oldschool]

Beta channel update: Antimalware Client Version: 4.18.25110.2

 

[oldschool]

Beta channel update: Antimalware Client Version: 4.18.25110.3

 

[oldschool]

October-2025 (Platform: 4.18.25100.9008 | Engine: 1.1.25100.9002)​

• Security intelligence update version: 1.441.131.0
• Release date: November 6, 2025 (Engine) / November 17, 2025 (Platform)
• Platform: 4.18.25100.9008
• Engine: 1.1.25100.9002
• Support phase: Security and Critical Updates

What's new​

• Fixed Network Inspection Service stability issue: The service now correctly restarts when memory usage exceeds the threshold, which prevents the service from getting stuck in a faulty or pending state.
• Reduced startup delay for Antimalware Service: Improved Defender service startup time by removing its dependency on Core Service startup. This change improves overall system startup performance.
• Fixed crash in Defender settings on x86 devices: Corrected an issue that caused the system to crash when applying Defender configuration settings on 32-bit machines.
• Fixed Defender startup issue: The platform no longer crashes when processing invalid Attack Surface Reduction rule exclusions.
• Reduced system resource usage: Defender no longer generates excessive Data Loss Prevention (DLP) logs that caused high disk activity, improving overall performance and stability.

Microsoft Defender Antivirus security intelligence and product updates - Microsoft Defender for Endpoint

 

[oldschool]

Beta channel update: Antimalware Client Version: 4.18.25110.5

 

[oldschool]

Beta channel update: Antimalware Client Version: 4.18.25110.6

 

[oldschool]

November-2025 (Platform: 4.18.25110.6 | Engine: 1.25110.1)

• Security intelligence update version: 1.443.6.0
• Release date: December 11, 2025 (Engine) / December 17, 2025 (Platform)
• Platform: 4.18.25110.6
• Engine: 1.1.25110.1
• Support phase: Security and Critical Updates

What's new​

• Performance improvements when querying WMI due to Behavior Monitor detections.
• Fixed potential hang in PowerShell on Server 2016 due to Defender Filter Driver.
• Resolved an application compatibility issue due to a loopback with SMB1 enabled.
• Fixed issue with ASR path exclusion requiring additional "" characters to function appropriately.
• Resolved high I/O issue with NisSrv.exe due to high volume of network logging events.
• Fixed error in threat enumeration causing repeated failure notifications every 15 minutes in SCCM.
• Improved drive mapping enumeration for devices with many drives which resulted in false positive detections for ASR rules.
• Fixed a crash with Defender related to long scan times causing the service to hang in Windows Server 2019

Microsoft Defender Antivirus security intelligence and product updates - Microsoft Defender for Endpoint

 

[oldschool]

Beta channel update:

Antimalware Client Version: 4.18.26010.4
Engine Version: 1.1.26010.1

 

[oldschool]

Beta channel update:

Antimalware Client Version: 4.18.26010.5