Microsoft Windows Defender

Nov 27, 2019.

  1. Microsoft Windows Defender Cost
  2. Microsoft Defender Antivirus Windows 10
  1. If you need to use two-factor authentication to access your business network and resources but don’t want to carry a second device, then this is the solution for you! The Defender Soft Token for Windows Phone when used in conjunction with Defender enables you to use your Windows Phone device as a token to enable two-factor authentication to your corporate.
  2. Aug 13, 2020.

Microsoft Windows Defender Cost

Windows 10 includes Windows Security, which provides the latest antivirus protection. Your device will be actively protected from the moment you start Windows 10. Windows Security continually scans for malware (malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protect it from threats.

Windows 10 in S mode

Some features will be a little different if you're running Windows 10 in S mode. Because this mode is streamlined for tighter security, the Virus & threat protection area has fewer options. But don't worry—the built-in security of this mode automatically prevents viruses and other threats from running on your device, and you'll receive security updates automatically. For more info, see Windows 10 in S mode FAQ.

Important security info

  • Windows Security is built-in to Windows 10 and includes an antirvirus program called Microsoft Defender Antivirus. (In previous versions of Windows 10, Windows Security is called Windows Defender Security Center).

  • If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on automatically.

  • If you're having problems receiving Windows Security updates, see Fix Windows Update errors and the Windows Update FAQ.

  • For info on how to uninstall an app, see Repair or remove an app in Windows 10.

  • To change your user account to an admin account, see Create a local user or administrator account in Windows 10.

Understand and customize Windows Security features

Windows Security is your home to manage the tools that protect your device and your data:

  • Virus & threat protection. Monitor threats to your device, run scans, and get updates to help detect the latest threats. (Some of these options are unavailable if you're running Windows 10 in S mode.)

  • Account protection. Access sign-in options and account settings, including Windows Hello and dynamic lock.

  • Firewall & network protection. Manage firewall settings and monitor what’s happening with your networks and internet connections.

  • App & browser control. Update settings for Microsoft Defender SmartScreen to help protect your device against potentially dangerous apps, files, sites, and downloads. You'll have exploit protection and you can customize protection settings for your devices.

  • Device security. Review built-in security options to help protect your device from attacks by malicious software.

  • Device performance & health. View status info about your device’s performance health, and keep your device clean and up to date with the latest version of Windows 10.

  • Family options. Keep track of your kids’ online activity and the devices in your household.

You can customize how your device is protected with these Windows Security features. To access them, select Start > Settings > Update & Security > Windows Security . Then select the feature you want to explore.
Open Windows Security settings

Status icons indicate your level of safety:

  • Green means your device is sufficiently protected and there aren’t any recommended actions.

  • Yellow means there is a safety recommendation for you.

  • Red is a warning that something needs your immediate attention.

Run a malware scan manually

When you're concerned about risks to a specific file or folder, you can right-click the file or folder in File Explorer, then select Scan with Microsoft Defender.

If you suspect there's malware or a virus on your device, you should immediately run a quick scan. This is much faster than running a full scan on all your files and folders.

Run a quick scan in Windows Security

  1. Select Start > Settings > Update & Security > Windows Security and then Virus & threat protection.
    Open Windows Security settings

  2. Under Current threats, select Quick scan (or in previous versions of Windows 10, under Threat history, select Scan now).

If the scan doesn't find any issues, but you're still concerned, you may want to check your device more thoroughly.

Microsoft Defender Antivirus Windows 10

Run an advanced scan in Windows Security

  1. Select Start > Settings > Update & Security > Windows Security and then Virus & threat protection.

  2. Under Current threats, select Scan options (or in previous versions of Windows 10, under Threat history, select Run a new advanced scan).

  3. Select one of the scan options:

    • Full scan (check files and programs currently running on your device)

    • Custom scan (scan specific files or folders)

    • Microsoft Defender Offline scan (run this scan if your device has been, or could potentially be, infected by a virus or malware). Learn more about Microsoft Defender Offline

  4. Select Scan now.

Note: Because of streamlined security, this process isn't available if you're running Windows 10 in S mode.

Schedule your own scan

Even though Windows Security is regularly scanning your device to keep it safe, you can also set when and how often the scans occur.

Schedule a scan

  1. Select the Start button, type schedule tasks in the Search box, and in the list of results, select Task Scheduler.

  2. In the left pane, select the arrow (>) next to Task Scheduler Library to expand it, do the same with Microsoft > Windows, and then scroll down and select the Windows Defender folder.

  3. In the top-center pane, select Windows Defender Scheduled Scan. (Point to the choices to see the full names.)

  4. In the Actions pane on the right, scroll down and then select Properties.

  5. In the window that opens, select the Triggers tab, and then select New.

  6. Set your preferred time and frequency, and then select OK.

  7. Review the schedule and select OK.

Note: Because of streamlined security, this process isn't available if you're running Windows 10 in S mode.

Turn Microsoft Defender Antivirus real-time protection on or off

Sometimes you may need to briefly stop running real-time protection. While real-time protection is off, files you open or download won't be scanned for threats. However, real-time protection will soon turn on automatically again to protect your device.

Turn real-time protection off temporarily

  1. Select Start > Settings > Update & Security > Windows Security and then Virus & threat protection > Manage settings. (In previous versions of Windows 10, select Virus & threat protection > Virus & threat protection settings.)
    Open Windows Security settings

  2. Switch the Real-time protection setting to Off and choose Yes to verify.

Note: Because of streamlined security, this process isn't available if you're running Windows 10 in S mode.



Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.

Applies to:

There are two types of updates related to keeping Microsoft Defender Antivirus up to date:

  • Security intelligence updates
  • Product updates


Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques.
This also applies to devices where Microsoft Defender Antivirus is running in passive mode.


You can use the below URL to find out what are the current versions:

Security intelligence updates

Microsoft Windows Defender

Microsoft Defender Antivirus uses cloud-delivered protection (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection.


Updates are released under the below KB numbers:
Microsoft Defender Antivirus: KB2267602
System Center Endpoint Protection: KB2461484

Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see Use Microsoft cloud-provided protection in Microsoft Defender Antivirus.

Engine updates are included with security intelligence updates and are released on a monthly cadence.

Product updates

Microsoft Defender Antivirus requires monthly updates (KB4052623) (known as platform updates), and will receive major feature updates alongside Windows 10 releases.

You can manage the distribution of updates through one of the following methods:

  • The usual method you use to deploy Microsoft and Windows updates to endpoints in your network.

For more information, see Manage the sources for Microsoft Defender Antivirus protection updates.


We release these monthly updates in phases. This results in multiple packages visible in your WSUS server.

Monthly platform and engine versions

For information how to update or how to install the platform update, see Update for Windows Defender antimalware platform.

All our updates contain:

  • performance improvements
  • serviceability improvements
  • integration improvements (Cloud, Microsoft 365 Defender)
September-2020 (Platform: 4.18.2009.7 Engine: 1.1.17500.4)

 Security intelligence update version: 1.325.10.0
 Released: October 01, 2020
 Platform: 4.18.2009.7
 Engine: 1.1.17500.4
 Support phase: Security and Critical Updates

What's new

  • Admin permissions are required to restore files in quarantine
  • XML formatted events are now supported
  • CSP support for ignoring exclusion merge
  • New management interfaces for:
    • UDP Inspection
    • Network Protection on Server 2019
    • IP Address exclusions for Network Protection
  • Improved visibility into TPM measurements
  • Improved Office VBA module scanning

Known Issues

No known issues

August-2020 (Platform: 4.18.2008.9 Engine: 1.1.17400.5)

 Security intelligence update version: 1.323.9.0
 Released: August 27, 2020
 Platform: 4.18.2008.9
 Engine: 1.1.17400.5
 Support phase: Security and Critical Updates

What's new

  • Add more telemetry events
  • Improved scan event telemetry
  • Improved behavior monitoring for memory scans
  • Improved macro streams scanning
  • Added AMRunningMode to Get-MpComputerStatus PowerShell cmdlet
  • DisableAntiSpyware is ignored. Microsoft Defender Antivirus automatically turns itself off when it detects another antivirus program.

Known Issues

No known issues

July-2020 (Platform: 4.18.2007.8 Engine: 1.1.17300.4)

 Security intelligence update version: 1.321.30.0
 Released: July 28, 2020
 Platform: 4.18.2007.8
 Engine: 1.1.17300.4
 Support phase: Security and Critical Updates

What's new

  • Improved telemetry for BITS
  • Improved Authenticode code signing certificate validation

Known Issues

No known issues

June-2020 (Platform: 4.18.2006.10 Engine: 1.1.17200.2)

 Security intelligence update version: 1.319.20.0
 Released: June 22, 2020
 Platform: 4.18.2006.10
 Engine: 1.1.17200.2
 Support phase: Technical upgrade Support (Only)

What's new

  • Possibility to specify the location of the support logs
  • Skipping aggressive catchup scan in Passive mode.
  • Allow Defender to update on metered connections
  • Fixed performance tuning when caching is disabled
  • Fixed registry query
  • Fixed scantime randomization in ADMX

Known Issues

No known issues

May-2020 (Platform: 4.18.2005.4 Engine: 1.1.17100.2)

 Security intelligence update version: 1.317.20.0
 Released: May 26, 2020
 Platform: 4.18.2005.4
 Engine: 1.1.17100.2
 Support phase: Technical upgrade Support (Only)

What's new

  • Improved logging for scan events
  • Improved user mode crash handling.
  • Added event tracing for Tamper protection
  • Fixed AMSI Sample submission
  • Fixed AMSI Cloud blocking
  • Fixed Security update install log

Known Issues

No known issues

April-2020 (Platform: 4.18.2004.6 Engine: 1.1.17000.2)

 Security intelligence update version: 1.315.12.0
 Released: April 30, 2020
 Platform: 4.18.2004.6
 Engine: 1.1.17000.2
 Support phase: Technical upgrade Support (Only)

What's new

  • WDfilter improvements
  • Add more actionable event data to attack surface reduction detection events
  • Fixed version information in diagnostic data and WMI
  • Fixed incorrect platform version in UI after platform update
  • Dynamic URL intel for Fileless threat protection
  • UEFI scan capability
  • Extend logging for updates

Known Issues

No known issues

March-2020 (Platform: 4.18.2003.8 Engine: 1.1.16900.2)

 Security intelligence update version: 1.313.8.0
 Released: March 24, 2020
 Platform: 4.18.2003.8
 Engine: 1.1.16900.4
 Support phase: Technical upgrade Support (Only)

What's new

  • CPU Throttling option added to MpCmdRun
  • Improve diagnostic capability
  • reduce Security intelligence timeout (5 min)
  • Extend AMSI engine internal log capability
  • Improve notification for process blocking

Known Issues

[Fixed] Microsoft Defender Antivirus is skipping files when running a scan.

February-2020 (Platform: - Engine: 1.1.16800.2)

Security intelligence update version: 1.311.4.0
Released: February 25, 2020
Platform/Client: -
Engine: 1.1.16800.2
Support phase: N/A

What's new

Known Issues

No known issues

January-2020 (Platform: 4.18.2001.10 Engine: 1.1.16700.2)

Security intelligence update version: 1.309.32.0
Released: January 30, 2020
Platform/Client: 4.18.2001.10
Engine: 1.1.16700.2
Support phase: Technical upgrade Support (Only)

What's new

  • Fixed BSOD on WS2016 with Exchange
  • Support platform updates when TMP is redirected to network path
  • Platform and engine versions are added to WDSI
  • extend Emergency signature update to passive mode
  • Fix 4.18.1911.3 hang

Known Issues

[Fixed] devices utilizing modern standby mode may experience a hang with the Windows Defender filter driver that results in a gap of protection. Affected machines appear to the customer as having not updated to the latest antimalware platform.


This updates is needed by RS1 devices running lower version of the platform to support SHA2.
This update has reboot flag for systems that are experiencing the hang issue.
the This update is re-released in April 2020 and will not be superseded by newer updates to keep future availability.


This update is categorized as an 'update' due to its reboot requirement and will only be offered with a Windows Update

November-2019 (Platform: 4.18.1911.3 Engine: 1.1.16600.7)

Security intelligence update version: 1.307.13.0
Released: December 7, 2019
Platform: 4.18.1911.3
Engine: 1.1.17000.7
Support phase: No support

Microsoft Windows Defender

What's new

  • Fixed MpCmdRun tracing level
  • Fixed WDFilter version info
  • Improve notifications (PUA)
  • add MRT logs to support files

Known Issues

When this update is installed, the device needs the jump package 4.10.2001.10 to be able to update to the latest platform version.

Microsoft Defender Antivirus platform support

Platform and engine updates are provided on a monthly cadence. To be fully supported, keep current with the latest platform updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest platform version:

  • Security and Critical Updates servicing phase - When running the latest platform version, you will be eligible to receive both Security and Critical updates to the anti-malware platform.

  • Technical Support (Only) phase - After a new platform version is released, support for older versions (N-2) will reduce to technical support only. Platform versions older than N-2 will no longer be supported.*

* Technical support will continue to be provided for upgrades from the Windows 10 release version (see Platform version included with Windows 10 releases) to the latest platform version.


During the technical support (only) phase, commercially reasonable support incidents will be provided through Microsoft Customer Service & Support and Microsoft’s managed support offerings (such as Premier Support). If a support incident requires escalation to development for further guidance, requires a non-security update, or requires a security update, customers will be asked to upgrade to the latest platform version or an intermediate update (*).

Platform version included with Windows 10 releases

The below table provides the Microsoft Defender Antivirus platform and engine versions that are shipped with the latest Windows 10 releases:

Windows 10 releasePlatform versionEngine versionSupport phase
2004 (20H1)4.18.2004.61.1.17000.2Technical upgrade Support (Only)
1909 (19H2)4.18.1902.51.1.16700.3Technical upgrade Support (Only)
1903 (19H1)4.18.1902.51.1.15600.4Technical upgrade Support (Only)
1809 (RS5)4.18.1807.180751.1.15000.2Technical upgrade Support (Only)
1803 (RS4)4.13.17134.11.1.14600.4Technical upgrade Support (Only)
1709 (RS3)4.12.16299.151.1.14104.0Technical upgrade Support (Only)
1703 (RS2)4.11.15603.21.1.13504.0Technical upgrade Support (Only)
1607 (RS1)4.10.14393.36831.1.12805.0Technical upgrade Support (Only)

Windows 10 release info: Windows lifecycle fact sheet.

See also

Manage how protection updates are downloaded and appliedProtection updates can be delivered through a number of sources.
Manage when protection updates should be downloaded and appliedYou can schedule when protection updates should be downloaded.
Manage updates for endpoints that are out of dateIf an endpoint misses an update or scheduled scan, you can force an update or scan at the next logon.
Manage event-based forced updatesYou can set protection updates to be downloaded at startup or after certain cloud-delivered protection events.
Manage updates for mobile devices and virtual machines (VMs)You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines.