How to manually update Microsoft Defender

Microsoft Defender is the built-in anti-malware package that’s included with modern Windows operating systems. It’s alternatively known as Windows Security (it shows up under Settings > Privacy & security as Windows Security) or Windows Defender (sometimes with Antivirus at the end of the name, as in this Microsoft Learn page). But whatever you want to call it, for many Windows users, this tool is the go-to default for handling security on their PCs.

As with Windows Update in general, sometimes Microsoft Defender updates may not work. Normally, Defender updates are handled as part of routine Windows update behavior, run on a daily basis as a scheduled task. But sometimes, Windows Update itself runs into problems and doesn’t do much (or anything).

Should this happen, there are numerous other ways to keep Defender updated, sidestepping any issues strictly related to Windows Update itself. (See the note at end of story for more advice on this topic.)

1. Use Microsoft Defender’s update facility

Within the Settings app, you can access a Windows Security facility with this selection sequence: Start > Settings > Update & Security > Windows Security in Windows 10 or Start > Settings > Privacy & Security > Windows Security in Windows 11. There you’ll find a button labeled Open Windows Security, as shown in Figure 1. Alternatively, you can open the app directly by typing windows security into the Start menu.

IDG

The Windows Security app includes numerous entries, including the “Virus & threat protection” item that also appears in Figure 1. Clicking this produces an app pane like the one shown in Figure 2. Note the entry under “Virus & threat protection updates” near the bottom. In Windows 11, you can click the Protection updates link shown at the bottom of the image to instruct Defender to check for updates. (The Check for updates link in Windows 10 does the same thing.) If any updates are available, it will download and install them.

IDG

Note: this download process goes through Windows Update in the background. I have seen it work sometimes when WU is stuck on some specific update. At other times, it, too, fails to download updates when WU is completely stuck and won’t download anything. In such circumstances, there’s yet another way to forcibly update Microsoft Defender, covered in the section that follows.

2. Update Defender signatures in PowerShell

There’s a special PowerShell command for updating Defender security definitions (also known as signatures). The simple, basic syntax for this command is to simply type the command name — Update-MpSignature — in PowerShell. This command works on Windows 10 and 11 versions alike (as shown in Figure 3 for Windows 11). Although it doesn’t appear to do much inside PowerShell, the command does indeed update the Defender signatures. (If you watch while it runs, it does report progress; this screencap shows what things look like upon completion.

IDG

You can always check the protection update info by clicking Virus & threat protection inside Windows Security, then scrolling down to “Virus & threat protection updates,” then clicking on Protection updates. As shown in Figure 4, I updated the signatures (called “security intelligence version”) to version number 1.395.1156.0 through the command line at 3:41 PM on August 23, 2023. Note that the “Check for updates” button also appears in this screen capture; you could also use this to implement the preceding update method.

IDG

3. Update all Defender components via Microsoft.com

Microsoft maintains a web page specifically for Defender updates entitled “Microsoft Defender update for Windows operating system installation images.” It identifies three components that make up the Defender environment, all of which are subject to periodic updates:

• Platform version: signatures for a specific edition of Windows 10 or 11 (Home, Pro, Education, etc.)
• Engine version: specific anti-malware engine version for Windows 10 or 11
• Security intelligence version: current security intelligence updates for Defender

Because they change daily (or more often), signatures get updated all the time. But the anti-malware client (that part of Defender that coordinates checks on individual PCs) and the anti-malware engine (that part of Defender that handles defensive maneuvers and cleanups on individual PCs when malware is detected) are also subject to periodic updates. These typically happen anywhere from one to four times a month, depending on malware activity and severity. Security intelligence updates (labeled as “Windows Intelligence Update” under the “Other Updates” heading in Windows 11 Update History listings) also occur at irregular intervals. (As I write this, the most recent one I can find is dated July 26, 2023: YMMV.)

Working with offline Windows images

Installing the update requires picking the appropriate platform version for your target PC(s) — namely, 32-bit, 64-bit or ARM64. This downloads a ZIP file that includes relevant cabinet files (.cab), patching files, and a PowerShell script named DefenderUpdateWinImage.ps1. After unpacking, the script must be applied to an offline Windows image inside an administrative Windows Terminal/PowerShell session using the following syntax:

DefenderUpdateWinImage.ps1 -WorkingDirectory <path> -Action AddUpdate -ImagePath <path_to_OS_Image> -Package

Note: replace <path_to_OS_image> with the actual path to the offline image to be updated, and <path> with the path to the working directory for results.

Working with online Windows images (running PCs)

By visiting the Microsoft Update Catalog and searching on “microsoft defender update,” one can find current anti-malware platform updates. Searching on “KB4052623” produces relatively recent signatures. Alas, searching on “windows intelligence update” produces no relevant results, while searching on “security intelligence update” produces results for Endpoint Protection and Security Essentials, but not for Windows Defender. Thus, I can’t unequivocally recommend this approach for finding current Defender updates when the usual methods don’t work.

4. Give Microsoft PC Manager (beta) a try

Microsoft has a new OS management tool called Microsoft PC Manager that’s available in beta test form. (You can download it from the application home page.) Once you’ve installed MSPCManager.exe, you can run the application from the Start menu (typing pc man will usually bring up the app name to click on). As you can see in Figure 5, if you click the Security button (bottom right, in blue) then click Scan (blue at upper right) you can access pending updates for the target PC by clicking on Windows Update.

IDG

As shown in Figure 6, this often includes updates for the anti-malware platform (above) and AV signatures (below). In most cases, however, if Windows Update isn’t working properly, this approach may not work either.

IDG

Where there’s a will there’s a way

Given the various methods to download Microsoft Defender signatures and executables, there’s always a method to bring things up to date. My advice is to let Windows Update do things automatically whenever it can. If that doesn’t work, try the Protection updates (Windows 11) or Check for updates  (Windows 10) link in the Windows Security app. And if that fails, you can turn to PowerShell to update signatures (Update-MpSignature), to the Defender installation images support page, or to the Microsoft Update Catalog for anti-malware platform runtime components.

What the heck: give MS PC Manager a try, too.

Hopefully you won’t have to go that far at all, or not very often. But it’s nice to know there’s another way when one is needed.

This article was originally launched in January 2022 and updated in November 2023.