Microsoft Defender has recently gained a new feature that gives more power to system admins on Windows 10. With the new ability, enterprise customers can have more control over scenarios of mass-installation through images.
When organizations want to update Windows 10 through Windows Imaging Format (WIM) or Virtual Hard Disks (VHD), they are forced to do so out of sync with Windows updates.
Installation images are often used multiple times over months so don’t follow monthly Windows 10 update cycles. As such Microsoft Defender (previously Windows Defender) will not receive update installation at the same time as the platform.
Windows 10 would eventually allow Defender to catch up by pulling in a new update. However, in the time between there will be what Microsoft is calling a “protection gap.”
“Initial hours of newly installed Windows OS deployments can suffer with Microsoft Defender protection gap, as the installation OS images may contain outdated Anti-Malware Software binaries. These devices will remain under protected until the first Anti-Malware software update finishes. Regular servicing of OS installation images to update Microsoft Defender binaries minimizes this protection gap in new deployments.”
Bridging the Gap
Microsoft points to this window potentially providing attackers more chance of success when targeting Windows machines. To overcome the problem, the company has created a new tool in Defender.
With the feature, the security service will give admins the opportunity to update WIM and VHD installation images ahead of deployment. Microsoft says the tool is available on 32-bit and 64-bit systems for Windows 10 (Enterprise, Home, Pro), Windows Server 2016, and Windows Server 2019.
Admins run the tool through DefenderUpdateWinImage.ps1 in PowerShell. Below is the path for admins to install the update with PowerShell:
C:\> DefenderUpdateWinImage.ps1 – WorkingDirectory<path> –Action AddUpdate – ImagePath <path_to_Os_Image> -Package <path_to_package>
If there are any issues, it’s possible to roll back the update if needed:
C:\> DefenderUpdateWinImage.ps1 – WorkingDirectory<path> –Action RemoveUpdate – ImagePath <path_to_Os_Image>