- Security intelligence updates
- Product updates
Tip
To see the most current engine, platform, and signature date, visit the Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware
Security intelligence updates
Microsoft Defender Antivirus uses cloud-delivered protection (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection.
Note
Updates are released under the following KBs:
- Microsoft Defender Antivirus: KB2267602
- System Center Endpoint Protection: KB2461484
Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see Use Microsoft cloud-provided protection in Microsoft Defender Antivirus.
For a list of recent security intelligence updates, see Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware.
Engine updates are included with security intelligence updates and are released on a monthly cadence.
Product updates
Microsoft Defender Antivirus requires monthly updates (KB4052623) known as platform updates.
You can manage the distribution of updates through one of the following methods:
- Windows Server Update Service (WSUS)
- Microsoft Endpoint Configuration Manager
- The usual method you use to deploy Microsoft and Windows updates to endpoints in your network.
For more information, see Manage the sources for Microsoft Defender Antivirus protection updates.
Note
- Monthly updates are released in phases, resulting in multiple packages visible in your Window Server Update Services.
- This article lists changes that are included in the broad release channel. See the latest broad channel release here.
- To learn more about the gradual rollout process, and to see more information about the next release, see Manage the gradual rollout process for Microsoft Defender updates.
- To learn more about security intelligence updates, see Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware.
- If you’re looking for a list of Microsoft Defender processes, download the mde-urls workbook, and then select the Microsoft Defender Processes worksheet. The mde-urls workbook also lists the services and their associated URLs that your network must be able to connect to, as described in Enable access to Microsoft Defender for Endpoint service URLs in the proxy server.
Monthly platform and engine versions
For information how to update or install the platform update, see Update for Windows Defender antimalware platform.
All our updates contain
- Performance improvements
- Serviceability improvements
- Integration improvements (Cloud, Microsoft 365 Defender)
November-2021 (Platform: 4.18.2111.5| Engine: 1.1.18800.4)
October-2021 (Platform: 4.18.2110.6| Engine: 1.1.18700.4)
September-2021 (Platform: 4.18.2109.6 | Engine: 1.1.18600.4)
Previous version updates: Technical upgrade support only
After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only.
August-2021 (Platform: 4.18.2108.7 | Engine: 1.1.18500.10)
July-2021 (Platform: 4.18.2107.4 | Engine: 1.1.18400.4)
June-2021 (Platform: 4.18.2106.5 | Engine: 1.1.18300.4)
May-2021 (Platform: 4.18.2105.4 | Engine: 1.1.18200.4)
April-2021 (Platform: 4.18.2104.14 | Engine: 1.1.18100.5)
March-2021 (Platform: 4.18.2103.7 | Engine: 1.1.18000.5)
February-2021 (Platform: 4.18.2102.3 | Engine: 1.1.17900.7)
January-2021 (Platform: 4.18.2101.9 | Engine: 1.1.17800.5)
November-2020 (Platform: 4.18.2011.6 | Engine: 1.1.17700.4)
October-2020 (Platform: 4.18.2010.7 | Engine: 1.1.17600.5)
September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)
August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5)
July-2020 (Platform: 4.18.2007.8 | Engine: 1.1.17300.4)
June-2020 (Platform: 4.18.2006.10 | Engine: 1.1.17200.2)
May-2020 (Platform: 4.18.2005.4 | Engine: 1.1.17100.2)
April-2020 (Platform: 4.18.2004.6 | Engine: 1.1.17000.2)
March-2020 (Platform: 4.18.2003.8 | Engine: 1.1.16900.2)
February-2020 (Platform: – | Engine: 1.1.16800.2)
January-2020 (Platform: 4.18.2001.10 | Engine: 1.1.16700.2)
November-2019 (Platform: 4.18.1911.3 | Engine: 1.1.16600.7)
Microsoft Defender Antivirus platform support
Platform and engine updates are provided on a monthly cadence. To be fully supported, keep current with the latest platform updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest platform version:
- Security and Critical Updates servicing phase – When running the latest platform version, you will be eligible to receive both Security and Critical updates to the anti-malware platform.
- Technical Support (Only) phase – After a new platform version is released, support for older versions (N-2) will reduce to technical support only. Platform versions older than N-2 will no longer be supported.*
* Technical support will continue to be provided for upgrades from the Windows 10 release version (see Platform version included with Windows 10 releases) to the latest platform version.
During the technical support (only) phase, commercially reasonable support incidents will be provided through Microsoft Customer Service & Support and Microsoft’s managed support offerings (such as Premier Support). If a support incident requires escalation to development for further guidance, requires a non-security update, or requires a security update, customers will be asked to upgrade to the latest platform version or an intermediate update (*).
Note
If you are manually deploying Microsoft Defender Antivirus Platform Update, or if you are using a script or a non-Microsoft management product to deploy Microsoft Defender Antivirus Platform Update, make sure that version 4.18.2001.10 is installed from the Microsoft Update Catalog before the latest version of Platform Update (N-2) is installed.
Platform version included with Windows 10 releases
The below table provides the Microsoft Defender Antivirus platform and engine versions that are shipped with the latest Windows 10 releases:
| Windows 10 release | Platform version | Engine version | Support phase |
|---|---|---|---|
| 2004 (20H1/20H2) | 4.18.1909.6 | 1.1.17000.2 | Technical upgrade support (only) |
| 1909 (19H2) | 4.18.1902.5 | 1.1.16700.3 | Technical upgrade support (only) |
| 1903 (19H1) | 4.18.1902.5 | 1.1.15600.4 | Technical upgrade support (only) |
| 1809 (RS5) | 4.18.1807.18075 | 1.1.15000.2 | Technical upgrade support (only) |
| 1803 (RS4) | 4.13.17134.1 | 1.1.14600.4 | Technical upgrade support (only) |
| 1709 (RS3) | 4.12.16299.15 | 1.1.14104.0 | Technical upgrade support (only) |
| 1703 (RS2) | 4.11.15603.2 | 1.1.13504.0 | Technical upgrade support (only) |
| 1607 (RS1) | 4.10.14393.3683 | 1.1.12805.0 | Technical upgrade support (only) |
For Windows 10 release information, see the Windows lifecycle fact sheet.
Updates for Deployment Image Servicing and Management (DISM)
We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, Windows Server 2022, and Windows Server 2016 OS installation images with the latest antivirus and antimalware updates. Keeping your OS installation images up to date helps avoid a gap in protection.
For more information, see Microsoft Defender update for Windows operating system installation images.
20220105.1
1.1.2112.01
1.1.2111.02
1.1.2110.01
1.1.2109.01
1.1.2108.01
1.1.2107.02
1.1.2106.01
1.1.2105.01
1.1.2104.01
1.1.2103.01
1.1.2102.03
1.1.2101.02
1.1.2012.01
1.1.2011.02
1.1.2011.01
1.1.2009.10
More resources
| Article | Description |
|---|---|
| Microsoft Defender update for Windows operating system installation images | Review antimalware update packages for your OS installation images (WIM and VHD files). Get Microsoft Defender Antivirus updates for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, Windows Server 2022, and Windows Server 2016 installation images. |
| Manage how protection updates are downloaded and applied | Protection updates can be delivered through many sources. |
| Manage when protection updates should be downloaded and applied | You can schedule when protection updates should be downloaded. |
| Manage updates for endpoints that are out of date | If an endpoint misses an update or scheduled scan, you can force an update or scan the next time a user signs in. |
| Manage event-based forced updates | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events. |
| Manage updates for mobile devices and virtual machines (VMs) | You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines. |
| Microsoft Defender for Endpoint update for EDR Sensor | You can update the EDR sensor (MsSense.exe) that is included in the new Microsoft Defender for Endpoint unified solution package released in 2021. |