Microsoft releases tool to update Defender inside Windows install images
The new tool was created for enterprise environments where workstations and servers are serviced or mass-installed using installation images.
Some of these images are reused for months at a time, and the Microsoft Defender (default antivirus) package found inside would usually end up being installed using an out-of-date detection database.
The newly installed Windows operating systems would eventually update the Defender package, but Microsoft says that this creates a “protection gap” during which systems could be easily attacked and infected.
Microsoft’s new tool is intended to allow system administrators to update their WIM or VHD installation images to contain the most recent Defender component before deploying it on their device fleet.
“These links point to zip files defender-update-kit-[x86|x64].zip. Extract the .zip file to get the Defender update package (defender-dism-[x86|x64].cab) and an update patching tool (defenderupdatewinimage.ps1) that assists update operation for OS installation images,” Microsoft said on Friday.
To run the tool, just run the DefenderUpdateWinImage.ps1 Powershell script.
This script needs to be run with Administrator privileges from a 64-bit Windows 10 or later OS environment with PowerShell 5.1 or later versions. Powershell required modules include Microsoft.Powershell.Security and DISM.
HOW TO APPLY THIS UPDATE
PS C:> DefenderUpdateWinImage.ps1 – WorkingDirectory -Action AddUpdate – ImagePath -Package
HOW TO REMOVE OR ROLL BACK THIS UPDATE
PS C:> DefenderUpdateWinImage.ps1 – WorkingDirectory -Action RemoveUpdate – ImagePath
HOW TO LIST DETAILS OF INSTALLED UPDATE
PS C:> DefenderUpdateWinImage.ps1 – WorkingDirectory -Action ShowUpdate – ImagePath
Additional information is available in this Windows support page.