From 36f12fb400506adea0d6b7dbf0f96f19b9ff5b8a Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Wed, 29 Apr 2020 16:40:40 -0700
Subject: [PATCH] Update manage-updates-baselines-windows-defender-antivirus.md
Final draft
---
...es-baselines-windows-defender-antivirus.md | 140 +++++++-----------
1 file changed, 55 insertions(+), 85 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
index 8b55207b8c..2a8874766c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
@@ -28,8 +28,8 @@ There are two types of updates related to keeping Windows Defender Antivirus up
2. Product updates
> [!IMPORTANT]
-> Keeping Windows Defender Antivirus up to date is crucial to assure your devices have the latest technology and features needed to protect against new malware and attack techniques.
-> This also applies to devices where Windows Defender Antivirus is running in [passive mode](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility).
+> Keeping Windows Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques.
+> This also applies to devices where Windows Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility).
## Security intelligence updates
@@ -43,70 +43,64 @@ Engine updates are included with the Security intelligence updates and are relea
Windows Defender Antivirus requires [monthly updates (KB4052623)](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform) (known as "platform updates"), and will receive major feature updates alongside Windows 10 releases.
-You can manage the distribution of updates through [Windows Server Update Service (WSUS)](https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus), with [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/sum/understand/software-updates-introduction), or in the normal manner that you deploy Microsoft and Windows updates to endpoints in your network.
-For more information see [Manage the sources for Windows Defender Antivirus protection updates](https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus)
+You can manage the distribution of updates through [Windows Server Update Service (WSUS)](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus), with [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/sum/understand/software-updates-introduction), or in the normal manner that you deploy Microsoft and Windows updates to endpoints in your network.
+For more information see [Manage the sources for Windows Defender Antivirus protection updates](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus)
## Released platform and engine versions
### Monthly platform and engine releases
-For information how to update or how to install the platform update, please see: [Update for Windows Defender antimalware platform](https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform)
+For information how to update or how to install the platform update, please see: [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform)
+
+All our updates contain:
+* performance improvements
+* serviceability improvements
+* Integration improvements (Cloud, MTP)
+
April-2020 (Platform: 4.18.2004.5 | Engine: 1.1.17000.2)
-Security intelligence update version: **TBD**
-Released: **April 30, 2020**
-Platform: **4.18.2004.5**
-Engine: **1.1.17000.2**
-Support phase: **Security and Critical Updates**
+ Security intelligence update version: **TBD**
+ Released: **April 30, 2020**
+ Platform: **4.18.2004.5**
+ Engine: **1.1.17000.2**
+ Support phase: **Security and Critical Updates**
### What's new
+* WDfilter improvements
+* Add more actionable event data to ASR detection events
+* Fixed version information in diagnostic data and WMI
+* Fixed incorrect platform version in UI after platform update
+* Dynamic URL intel for Fileless threat protection
+* UEFI scan capability
+* Extend logging for updates
-:::row:::
- :::column:::
- **Platform**
- * fix1
- * fix2
-
- :::column-end:::
- :::column:::
- **Engine**
- * fix1
- * fix2
- :::column-end:::
-:::row-end:::
-
### Known Issues
No known issues
+
March-2020 (Platform: 4.18.2003.8 | Engine: 1.1.16900.2)
-Security intelligence update version: **1.313.8.0**
-Released: **March 24, 2020**
-Platform: **4.18.2003.8**
-Engine: **1.1.16900.4**
-Support phase: **Technical upgrade Support (Only)**
+ Security intelligence update version: **1.313.8.0**
+ Released: **March 24, 2020**
+ Platform: **4.18.2003.8**
+ Engine: **1.1.16900.4**
+ Support phase: **Technical upgrade Support (Only)**
### What's new
-:::row:::
- :::column:::
- **Platform**
- * fix1
- * fix2
-
- :::column-end:::
- :::column:::
- **Engine**
- * fix1
- * fix2
- :::column-end:::
-:::row-end:::
+* CPU Throttling option added to [MpCmdRun](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus)
+* Improve diagnostic capability
+* reduce Security intelligence timeout (5min)
+* Extend AMSI engine internal log capability
+* Improve notification for process blocking
### Known Issues
-No known issues
+[**Fixed**] Windows Defender Antivirus is skipping files when running a scan.
+
+
@@ -122,22 +116,10 @@ No known issues
### What's new
-:::row:::
- :::column:::
- **Platform**
- * fix1
- * fix2
-
- :::column-end:::
- :::column:::
- **Engine**
- * fix1
- * fix2
- :::column-end:::
-:::row-end:::
-
+
### Known Issues
No known issues
+
@@ -152,22 +134,18 @@ Support phase: **Technical upgrade Support (Only)**
### What's new
-:::row:::
- :::column:::
- **Platform**
- * fix1
- * fix2
-
- :::column-end:::
- :::column:::
- **Engine**
- * fix1
- * fix2
- :::column-end:::
-:::row-end:::
+* Fixed BSOD on WS2016 with Exchange
+* Support platform updates when TMP is redirected to network path
+* Platform and engine versions are added to [WDSI](https://www.microsoft.com/wdsi/defenderupdates)
+* extend Emergency signature update to [passive mode](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility)
+* Fix 4.18.1911.10 hang
### Known Issues
-No known issues
+[**Fixed**] devices utilizing [modern standby mode](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby) may experience a hang with the Windows Defender filter driver that results in a gap of protection. Affected machines appear to the customer as having not updated to the latest antimalware platform.
+
+> [!IMPORTANT]
+> This updates is needed by RS1 devices running lower version of the platform to support SHA2.
This update has reboot flag for systems that are experiencing the hang issue.
the This update is re-released in April 2020 and will not be superseded by newer updates to keep future availability.
+
@@ -181,22 +159,14 @@ Support phase: **No support**
### What's new
-:::row:::
- :::column:::
- **Platform**
- * fix1
- * fix2
-
- :::column-end:::
- :::column:::
- **Engine**
- * fix1
- * fix2
- :::column-end:::
-:::row-end:::
+* Fixed MpCmdRun tracing level
+* Fixed WDFilter version info
+* Improve notifications (PUA)
+* add MRT logs to support files
### Known Issues
No known issues
+
## Windows Defender Antivirus platform support
@@ -226,7 +196,7 @@ The below table provides the Windows Defender Antivirus platform and engine vers
|1703 (RS2) |4.11.15603.2 |1.1.13504.0 | Technical upgrade Support (Only) |
|1607 (RS1) |4.10.14393.3683 |1.1.12805.0 | Technical upgrade Support (Only) |
-Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet)
+Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet)
## In this section