New Update Security Intelligence Updates in Microsoft Defender (Threat Detection Changelog)

[oldschool]

Broad channel release 2/25/2026 :

• Engine Version: 1.1.26010.1
• Platform Version: 4.18.26010.5

Latest security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware - Microsoft Security Intelligence

Beta channel updates:

• Antimalware Client Version: 4.18.26020.4
• Engine Version: 1.1.26020.3

 

[oldschool]

Release notes for latest update (above post).

Enhancements and features​

• Improved performance for Control Folder Access (CFA) when protected folders don't include network folders.
• Fixed proxy issue in the MdeNpDiag utility in the MDEClientAnalyzer support tool.
• Fixed an issue where syntax errors for contextual exclusions could lead to an engine crash.
• Fixed policy incompatibility that prevented unblocking engine updates.
• Fixed regression in the registry service path for the Core service.
• Improved detection in OLEstream objects.
• Fixed race condition during service initialization to read Tamper protection status.

Microsoft Defender for Endpoint release notes - Microsoft Defender for Endpoint *
* Note: MS changed the site for release notes.

 

[oldschool]

Beta channel update: Antimalware Client Version: 4.18.26020.6

 

[oldschool]

Beta channel updates:

• Antimalware Client Version: 4.18.26030.3004
• Engine Version: 1.1.26030.3005

 

[oldschool]

Beta channel updates:

• Antimalware Client Version: 4.18.26030.3008
• Engine Version: 1.1.26030.3008

 

[oldschool]

Stable channel updates:

• Antimalware Client Version: 4.18.26020.6
• Engine Version: 1.1.26020.3

Enhancements and features​

• Improved the network protection feature to promptly release closed connections and reduce unnecessary memory usage.
• Fixed an issue where the Get-MpComputerStatus PowerShell cmdlet could fail after updates due to a configuration mismatch.
• Improved performance for Network Response Intelligence (NRI) by reducing CPU usage during high-volume asynchronous message processing.
• Added support for AMSI path exclusions for Exchange Server so configured path exclusions are now correctly evaluated during AMSI scanning for Exchange workloads.
• Improved policy refresh behavior for device control by updating default policy and Azure AD refresh intervals to reduce retry frequency.

Microsoft Defender for Endpoint release notes - Microsoft Defender for Endpoint

This article describes releases of Microsoft Defender for Endpoint on Windows, macOS, Linux, Android, and iOS.

learn.microsoft.com

 

[oldschool]

Beta channel update: Antimalware Client Version: 4.18.26030.3011

 

[oldschool]

Broad Channel update:

• Platform version: 4.18.26030.3011
• Engine version : 1.1.26030.3008

Enhancements and features​

• Fixed a bug where Antimalware Scan Interface (AMSI) scan calls weren't passing exclusions in the scan configuration, causing unnecessary scans on excluded content.
• Fixed deadlocks in the platform that occur during remote procedure calls (RPC).
• Fixed a bug where Microsoft Protection Antimalware (MPAM) packages downloaded for direct update from Microsoft Malware Protection Center (MMPC) aren't cleaned up when the update fails, leading to unnecessary disk usage over time.
• Improved quick scan error handling logic to avoid scan interruptions due to corrupted user registry hive.
• Fixed tamper protection exclusions not activating after transitioning existing devices from co-management to full Intune management.
• Fixed Network Inspection Service (NisSrv) ESP reputation mode checks to avoid blocks during service shutdown, which impact Remote Desktop Protocol (RDP) sessions.
• Fixed the Defender Core Service display name in the Windows Services console.
• Fixed NisSrv self-healing when the service crosses memory thresholds.
• Improved encrypted PDF scanning.
• Fixed Get-MpPerformanceReport JSON parsing failures.

Microsoft Defender for Endpoint release notes - Microsoft Defender for Endpoint

Beta channel update:

• Antimalware Client Version: 4.18.26040.7
• Engine Version: 1.1.26040.6

 

[oldschool]

Stable channel updates:

• Antimalware Client Version: 4.18.26040.7
• Engine Version: 1.1.26040.8

1The security intelligence version listed here is relevant to the listed engine release. Newer versions of security intelligence are released regularly. For more information, see Security intelligence updates for Microsoft Defender Antivirus and other Microsoft anti-malware.

Enhancements and features​

• Performance improvement for SFC cache build during engine reload.
• Reduced API calls for Device Control to prevent Entra throttling and improved logging.
• Improved TVM Block logic handling.
• Fixed TVM Warn temporary paths exclusion issue when Tamper Protection Exclusions and Disable Local Admin Merge (DLAM) are enabled.
• Fixed Defender managed type when migrating from Co-management to Intune.
• Fixed three CVEs:
  • CVE-2026-41091: Microsoft Defender Elevation of Privilege Vulnerability — Improper link resolution before file access (Important; fixed in Engine 1.1.26040.8).
  • CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability (Low; fixed in Platform 4.18.26040.7).
  • CVE-2026-45584: Microsoft Defender Remote Code Execution Vulnerability — Heap-based buffer overflow (Critical; fixed in Engine 1.1.26040.8).

Beta channel update: Engine Version: 1.1.26050.11

 

[oldschool]

Stable channel updates:

• Platform 4.18.26050.15
• Engine 1.1.26050.11

Enhancements and features​

• Fixed remote-share file scans missing detections, when files were accessed through a symlink.
• Fixed mpcmdrun -scan output incorrectly displaying non-ASCII characters in localized paths and threat names.
• Fixed network protection watchdog timers silently not firing.