Monthly antimalware platform updates for Windows Defender

Beginning with December 2017, Microsoft is releasing antimalware platform updates for Windows Defender each month. The platform updates will be published as follows: category: Definition Updates, product: Windows Defender. If you use a Configuration Manager automatic deployment rule (ADR) to approve and deploy definition updates for Windows Defender, that same ADR will now pick up these monthly platform updates. The platform updates are applicable to Windows Defender running on Windows 10 (version 1607 and later) and Windows Server 2016.

The title of the platform updates will be in the form: Update for Windows Defender antimalware platform – KB 4052623 (Version X.X.X.X). For example, Update for Windows Defender antimalware platform – KB4052623 (4.12.17007.17123). Initially, for a given month, the platform update is released gradually. For this reason, you may see low or no required and installed counts in your Configuration Manager console. And there may be more than one version of a platform update released in each month as part of the gradual deployment process. Once the platform update is released broadly, more clients will find the final version of the update as applicable and install.

Frequently Asked Questions

What makes up the platform for Windows Defender and why does it need to be updated monthly?

The platform is often referred to as the “antimalware client”. It is composed of the services and drivers needed to provide protection functionality. In the ever-changing landscape of antimalware and spyware, it is necessary to regularly update components that make up the platform for the highest level of protection.

I keep up-to-date with engine and definition updates. Isn’t that enough to protect my endpoints?

While keeping up-to-date with signatures and engines is a best practice, a machine that is up-to-date with both definition/engine and platform updates can have a higher protection level than a machine that is just update-to-date with definition/engine updates.

Are these platform updates also included in the monthly quality updates for Windows 10?

No. The platform updates are released out of band of the monthly quality updates for Windows 10. New feature updates for Windows 10 will include the latest platform version for Windows Defender at that time but then must be updated monthly via the platform updates.

Comments (4)
  1. CaptainFail says:

    Just to be clear, none of these platform updates will ever require a reboot? Because we are pushing the “Definition Updates” category asap after they are released.

    1. Hello CaptainFail

      I’ve checked with the team that produces these and their answer is that the platform updates will not require a reboot.

      Best regards

  2. bhaak says:

    The update KB4052623 fails to install if the environment variables TMP and TEMP are set to a non-default location (for example to a ramdisk drive). After returning these variables to their original values and rebooting the update installs successfully. The team that produces these should fix this in future updates.

  3. Myle Taylor says:

    Hi Yvette,
    Hoping it’s a simple question/answer, it does however come about after having worked with Microsoft Premier support for around a month now on an issue with Defender MAPS connections when using nonstandard HTTP ports, so in our case using 8080 instead of 80, anyways my question is when a client installed a Platform update for example “4.12.17007.18011-0” under the install directory C:\ProgramData\Microsoft\Windows Defender\Platform should I still be seeing the previous version that it just updated? I see a folder for the version I just quoted and the previous version, “4.12.17007.17123-0”. I’m having to use a ConfigMgr Configuration Item you see to add a registry key to fix the MAPS connection issue, so every time a Platform update is released I have to update the CI to quote the new version number, just wondered what the expected behaviour is, I had assumed the version it replaces would be remove.


Comments are closed.

Skip to main content