Windows power user tips

How to manually update Microsoft Defender

It’s imperative to keep Microsoft Defender up to date even when Windows Update isn’t working. Here are several methods to manually update Defender.

virtual update button hovers over a keyboard

Windows power user tips

Show More

Microsoft Defender is the built-in anti-malware package that’s included with modern Windows operating systems. It’s alternatively known as Windows Security (it shows up under Settings as Windows Security) or Windows Defender (sometimes with Antivirus at the end of the name, as in this Microsoft Docs page). But whatever you want to call it, for many Windows users, this tool is the go-to default for handling security on their PCs.

As with Windows Update in general, sometimes Microsoft Defender updates may not work. Normally, Defender updates are handled as part of routine Windows update behavior, run on a daily basis as a scheduled task. But sometimes, Windows Update itself runs into problems and doesn’t do much (or anything).

Should this happen, there are other ways to keep Defender updated, sidestepping any issues strictly related to Windows Update itself. (See the note at end of story for more advice on this topic.)

1. Use Microsoft Defender’s own update facility

Within the Settings app, you can access a Windows Security facility with this selection sequence: Start > Settings > Update & Security > Windows Security in Windows 10 or Start > Settings > Privacy & Security > Windows Security in Windows 11. There you’ll find a button labeled “Open Windows Security” as shown in Figure 1. Alternatively, you can open the app directly by typing “Windows Security” into the Start menu.

update ms defender fig01 windows security IDG

Figure 1: You can access Windows Security via the Settings app.

The Windows Security app includes numerous entries, including the “Virus & threat protection” item that also appears in Figure 1. Clicking this produces an app pane like the one shown in Figure 2. Note the entry under “Virus & threat protection updates” near the bottom. You can click the Check for updates link shown at the bottom of the image to instruct Defender to check for updates. If any are available, it will download and install them.

update ms defender fig02 virus threat protection IDG

Figure 2: Click Check for updates to instruct Defender to download updates.

Note that this download process goes through Windows Update in the background. I have seen it work sometimes when WU is stuck on some specific update. At other times, it too fails to download updates when WU is completely stuck and won’t download anything at all. In such circumstances, there’s yet another way to forcibly update Microsoft Defender, covered in the section that follows.

2. Update Defender signatures using Update-MpSignature

There’s a special PowerShell command for updating Defender security definitions (also known as signatures). The simple, basic syntax for this command is to simply type the command name in PowerShell. This command works on Windows 10 and 11 versions alike (as shown in Figure 3 for Windows 11). Although it doesn’t appear to do much inside PowerShell, the command does indeed update the Defender signatures.

update ms defender fig03 powershell update mpsignature IDG

Figure 3: The Update-MpSignature command will update Defender definitions, but doesn’t produce much output.

You can always check the protection update info by clicking Virus & threat protection inside Windows Security, then scrolling down to “Virus & threat protection updates,” then clicking on Protection updates. As shown in Figure 4, I updated the signatures (called “security intelligence version”) to version number 1.351.225.0 through the command line at 3:44 PM on October 11, 2021. Note that the “Check for updates” button also appears in this screen capture; you could also use this to implement the preceding update method.

update ms defender fig04 protection updates IDG

Figure 4: “Security intelligence version” shows the version number and creation time for current signatures.

3. Update all Defender components via Microsoft

Microsoft maintains a web page specifically for Defender updates entitled “Microsoft Defender update for Windows operating system installation images.” It mentions that there are three components that make up the Defender environment, all of which are subject to periodic updates.

Because they change daily (or more often), the signatures get updated all the time. But the anti-malware client (that part of Defender that coordinates checks on individual PCs) and the anti-malware engine (that part of Defender that handles defensive maneuvers and cleanups on individual PCs when malware is detected) are also subject to periodic updates. These typically happen anywhere from one to four times a month, depending on malware activity and severity.

Using one of the methods below, you can update all three components of Defender.

Using installation images for offline updates

From the afore-linked web page, users must select a ZIP file download for either 32-bit or 64-bit systems. (The latter is far more common than the former. Windows 11 is not available in a 32-bit version.) Note also that this page is updated constantly, so be sure to get any such updates from the most recent version of the page.

Step 1: Unzip the contents of the download (e.g., to a directory. For example, I created a DefUpd folder on my D: drive as the target (D:\DefUpd). This created a file structure like the one shown in Figure 5. It shows a PowerShell script that handles the .CAB file for the Defender updates for all three components.

update ms defender fig05 defupd IDG

Figure 5: The contents of the ZIP file downloaded for the 64-bit update. (Click image to enlarge it.)

Step 2: Invoke the PowerShell script to add the update to an offline Windows image. That same script also supports remove/rollback and list details operations. (See the previously mentioned system installation images page for details.)

Working with online images

The Microsoft Update Catalog maintains Defender updates for Windows 10 in x86, x64 and ARM versions; search for “Microsoft Defender” there to find them. For 64-bit systems, you want the one that shows properties like those in Figure 6 and has (amd64fre) at the end of its file description. The others include (x86fre) for 32-bit processors and (arm64fre) for 64-bit ARM CPUs. These are self-installing executables, so you can run them against a Windows 10 machine at any time. (As I write this story, the catalog does not appear to offer Windows 11 equivalents.)

update ms defender fig06 updateplatform properties IDG

Figure 6: Properties for the 64-bit Windows 10 AntiMalware Platform Update file.

Where there’s a will there’s a way

Given the various methods to download Microsoft Defender signatures and executables, there’s always a method to bring things up to date. My advice is to let Windows Update do things automatically whenever it can. If that doesn’t work, try the “Check for updates” button in the Windows Security app. And finally, if that fails, you can turn to PowerShell to update signatures (Update-MpSignature), to the Defender installation images support page, or to the Microsoft Update Catalog for antimalware platform runtime components.

Hopefully you won’t have to go that far at all, or not very often. But it’s nice to know there’s another way when one is needed.

Copyright © 2022 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon