Microsoft has released on Friday a new tool that will allow system administrators to update the Defender security package inside Windows installation images (WIM or VHD supported).
The new tool was created for enterprise environments where workstations and servers are serviced or mass-installed using installation images.
Some of these images are reused for months at a time, and the Microsoft Defender (default antivirus) package found inside would usually end up being installed using an out-of-date detection database.
The newly installed Windows operating systems would eventually update the Defender package, but Microsoft says that this creates a "protection gap" during which systems could be easily attacked and infected.
Microsoft's new tool is intended to allow system administrators to update their WIM or VHD installation images to contain the most recent Defender component before deploying it on their device fleet.
The new tool was provided for both 32-bit and 64-bit architectures and supports installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016.
"These links point to zip files defender-update-kit-[x86|x64].zip. Extract the .zip file to get the Defender update package (defender-dism-[x86|x64].cab) and an update patching tool (defenderupdatewinimage.ps1) that assists update operation for OS installation images," Microsoft said on Friday.
To run the tool, just run the DefenderUpdateWinImage.ps1 Powershell script.
This script needs to be run with Administrator privileges from a 64-bit Windows 10 or later OS environment with PowerShell 5.1 or later versions. Powershell required modules include Microsoft.Powershell.Security and DISM.