Microsoft releases tool to update Defender inside Windows install images

The new tool supports installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016.

microsoft-defender-atp-now-scans-windows-5eef8de69c89f47042ec66fd-1-jun-23-2020-12-00-14-poster.jpg

Windows 10 security: 'So good, it can block zero-days without being patched'

Systems running the Windows 10 Anniversary Update were shielded from two exploits even before Microsoft had issued patches for them, its researchers have found.

Read More

Microsoft has released on Friday a new tool that will allow system administrators to update the Defender security package inside Windows installation images (WIM or VHD supported).

The new tool was created for enterprise environments where workstations and servers are serviced or mass-installed using installation images.

Some of these images are reused for months at a time, and the Microsoft Defender (default antivirus) package found inside would usually end up being installed using an out-of-date detection database.

The newly installed Windows operating systems would eventually update the Defender package, but Microsoft says that this creates a "protection gap" during which systems could be easily attacked and infected.

Microsoft's new tool is intended to allow system administrators to update their WIM or VHD installation images to contain the most recent Defender component before deploying it on their device fleet.

The new tool was provided for both 32-bit and 64-bit architectures and supports installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016.

"These links point to zip files defender-update-kit-[x86|x64].zip. Extract the .zip file to get the Defender update package (defender-dism-[x86|x64].cab) and an update patching tool (defenderupdatewinimage.ps1) that assists update operation for OS installation images," Microsoft said on Friday.

iso-defender.png

To run the tool, just run the DefenderUpdateWinImage.ps1 Powershell script.

This script needs to be run with Administrator privileges from a 64-bit Windows 10 or later OS environment with PowerShell 5.1 or later versions. Powershell required modules include Microsoft.Powershell.Security and DISM.

How to apply this update

PS C:\> DefenderUpdateWinImage.ps1 - WorkingDirectory -Action AddUpdate - ImagePath  -Package

How to remove or roll back this update

PS C:\> DefenderUpdateWinImage.ps1 - WorkingDirectory -Action RemoveUpdate - ImagePath 

How to list details of installed update

PS C:\> DefenderUpdateWinImage.ps1 - WorkingDirectory -Action ShowUpdate - ImagePath 

Additional information is available in this Windows support page.