Microsoft releases tool to update Defender inside Windows install images

microsoft-defender-atp-now-scans-windows-5eef8de69c89f47042ec66fd-1-jun-23-2020-12-00-14-poster.jpg

Microsoft has released on Friday a new tool that will allow system administrators to update the Defender security package inside Windows installation images (WIM or VHD supported).

The new tool was created for enterprise environments where workstations and servers are serviced or mass-installed using installation images.

Some of these images are reused for months at a time, and the Microsoft Defender (default antivirus) package found inside would usually end up being installed using an out-of-date detection database.

The newly installed Windows operating systems would eventually update the Defender package, but Microsoft says that this creates a “protection gap” during which systems could be easily attacked and infected.

Microsoft’s new tool is intended to allow system administrators to update their WIM or VHD installation images to contain the most recent Defender component before deploying it on their device fleet.

The new tool was provided for both 32-bit and 64-bit architectures and supports installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016.

“These links point to zip files defender-update-kit-[x86|x64].zip. Extract the .zip file to get the Defender update package (defender-dism-[x86|x64].cab) and an update patching tool (defenderupdatewinimage.ps1) that assists update operation for OS installation images,” Microsoft said on Friday.

iso-defender.png

To run the tool, just run the DefenderUpdateWinImage.ps1 Powershell script.

This script needs to be run with Administrator privileges from a 64-bit Windows 10 or later OS environment with PowerShell 5.1 or later versions. Powershell required modules include Microsoft.Powershell.Security and DISM.

How to apply this update

PS C:> DefenderUpdateWinImage.ps1 – WorkingDirectory<path> –Action AddUpdate – ImagePath <path_to_Os_Image> -Package <path_to_package>

How to remove or roll back this update

PS C:> DefenderUpdateWinImage.ps1 – WorkingDirectory<path> –Action RemoveUpdate – ImagePath <path_to_Os_Image>

How to list details of installed update

PS C:> DefenderUpdateWinImage.ps1 – WorkingDirectory<path> –