Search the Petri IT Knowledgebase
search icon

close

Want to know about the security benefits of Microsoft's E5 license?

Watch Webinar Now
Icon for Latest Whitepaper

Latest Whitepaper

7 Critical Reasons for Microsoft 365 Backup

Icon for Whitepaper

Whitepaper

Choosing an MFA Solution for Your Active Directory Envi...

Icon for On-Demand Webinar

On-Demand Webinar

Anatomy of a Project – Project Management with Micros...

Icon for On-Demand Webinar

On-Demand Webinar

Combating Cyberattacks in 2022: Prepare to Defend Your ...

Home

Windows 10

How to Update Windows System Images Using the Antimalware Update Package for Microsoft Defender

Russell Smith

 |

Oct 20, 2020

If your organization provisions and services Windows using system imaging, Microsoft has released a new tool that can help make sure devices are secure when they are deployed to users. System imaging involves capturing an installation of Windows that contains the configuration settings and software required for your organization’s devices. The resulting capture, or ‘snapshot’ if you like, is known as a system image. The image is then used to automate the installation of Windows at scale.

Creating a standard system image involves a lot of work and testing. Without significant effort upfront, the operating system and applications might not work as expected when it is deployed to users. Because of the work that goes into creating a system image, organizations tend not to recreate them regularly. A new image might only be called for if a new version of Windows is released or if software needs to be added or removed.

For more information using the Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS) to deploy Windows images, check out my 3-part series on Petri:

Deploy Windows 10 Using MDT and WDS, Part 1: Create an MDT Deployment Share
Deploy Windows 10 Using MDT and WDS, Part 2: Create an MDT Task Sequence and Configure WDS
Deploy Windows 10 Using MDT and WDS, Part 3: Deploy Windows 10 from a PXE-Enabled Boot Client

Devices inadequately protected until Microsoft Defender updates

Devices provisioned using a system image are at risk for the first few hours of use as they come provisioned with out-of-date antivirus. To solve the issue, Microsoft recently released a tool that lets IT service existing offline images to update them with the latest Defender definition files, platform, and engine version. Microsoft says:

The first hours of a newly installed Windows deployment can leave the system vulnerable because of a Microsoft Defender protection gap. This is because the OS installation images may contain outdated antimalware software binaries.

The devices on which these deployments are made are inadequately protected until they receive the first antimalware software update. We recommend that you regularly service OS installation images in order to update Microsoft Defender binaries and minimize this protection gap in new deployments.

The new antimalware update package for Microsoft Defender

The new update package for Microsoft Defender works with the following operating systems:

  • Windows 10 Enterprise, Pro, and Home
  • Windows Server 2019
  • Windows Server 2016

The update package will be refreshed monthly to include updates and fixes for Microsoft Defender, along with the latest security intelligence update (antivirus definition file) that is available at the time the update package is released. You can download the 32-bit and 64-bit versions of the update package from Microsoft’s website.

Updating a Windows image using the update package for Microsoft Defender

Before you can service a system image, there are several prerequisites that must be met.

  • The device on which you run the update tool must be running 64-bit Windows 10 with PowerShell 5.1 or later version installed.
  • The Powershell.Security and DISM PowerShell modules must be installed on the device.
  • PowerShell must be running with administrator privileges on the device where the tool is run.

Additionally, Microsoft says that the tool must only be run against offline images. Updating live images can damage the Windows installation. And while there is an option to remove updates you apply, Microsoft recommends making a backup of any images you update using the tool.

Image # Expand
How to Update Windows System Images Using the Antimalware Update Package for Microsoft Defender (Image Credit: Russell Smith)

 

Once you’ve unzipped the package for the architecture you want to update, you can run the script in an elevated PowerShell window:

DefenderUpdateWinImage.ps1 – WorkingDirectory <path> -Action AddUpdate - ImagePath <path_to_Os_Image> -Package <path_to_package>

There are three supported actions. In the above example, the update tool is used to install a Defender update on a system image (-ImagePath). If you want to remove a Defender update from an image, you change -Action to RemoveUpdate and omit the -Package option:

DefenderUpdateWinImage.ps1 - WorkingDirectory<path> -Action RemoveUpdate - ImagePath <path_to_Os_Image>

Finally, you can show the details of an installed update using the ShowUpdate action:

DefenderUpdateWinImage.ps1 - WorkingDirectory<path> -Action ShowUpdate - ImagePath <path_to_Os_Image>

 

 

 

 

 

 

More from Russell Smith

Top 5 New Features in Microsoft Teams - July 2022
Windows 11 hero approved - 2

What’s New in Windows – July 2022
This Week in IT ep29

Mac vs PC for Work? 7 Critical Things to Consider

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Windows 10

Windows 11

August Patch Tuesday Updates Fix 121 Vulnerabilities and Improve Focus Assist

Aug 10, 2022 | Laurent Giret

Windows 10

Microsoft Brings Windows 11's Universal Print Capabilities to Windows 10

Aug 9, 2022 | Rabia Noureen

Windows 11 approved hero 3

Windows 11 to Add New Multi-App Kiosk Mode for IT Admins

Jul 29, 2022 | Rabia Noureen

Security

Microsoft Retires Windows Information Protection in Favor of New Purview Service

Jul 22, 2022 | Rabia Noureen

Windows

How to Use the Icacls Command to Manage File Permissions

Jul 20, 2022 | Michael Reinders

Windows 11 approved hero 3

July Patch Tuesday Updates Fix 84 Vulnerabilities and LDAP Gets TLS 1.3

Jul 13, 2022 | Laurent Giret

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use