Ways to check your current Defender Antimalware Platform Version

You can, if you wish, identify the installed version using a batch file that identifies that newest folder [shown in your first diagram] & hence the newest version

Show WD Version installed.bat

Code:

:: Simplify the command line prompt for ease of comprehension
prompt $g
:: search for the latest subfolder in %ProgramData%\Microsoft\Windows Defender\Platform
:: It processes all subfolders in sequence so that last one to be set is the latest one
set GetLatestVersionPath="dir "C:\ProgramData\Microsoft\Windows Defender\Platform" /ad /od /b"
FOR /F "tokens=*" %%i IN (' %GetLatestVersionPath% ') Do Set LatestVersionPath=%%i
echo %LatestVersionPath%
Pause to look at result

Additionally, if you suspect that there is an error in what is or is not actually in use by the system you could use these two commands [which I have just left as shortcuts rather than batch files]
Check that WD service is running.lnk

Code:

C:\Windows\System32\cmd.exe /k C:\Windows\System32\sc.exe query windefend

Show WD version currently in use.lnk

Code:

C:\Windows\System32\cmd.exe /k C:\Windows\System32\sc.exe qc windefend

Denis

And I've just been playing a bit with the batch file. I saw that you thought it worth checking the date-time that a WD version was installed so the new batch file version includes that.

Show WD Version installed.bat

Code:

:: Simplify the command line prompt for ease of comprehension during testing
prompt $g
Title ShowWDVersion-Path-DLM
:: Initialisation
Set CoreWDPath=C:\ProgramData\Microsoft\Windows Defender\Platform
:: Get latest version
:: search for the latest subfolder in %ProgramData%\Microsoft\Windows Defender\Platform
:: It processes all subfolders in sequence so that last one to be set is the latest one
set GetLatestVersionPath="dir "%CoreWDPath%" /ad /od /b"
FOR /F "tokens=*" %%i IN (' %GetLatestVersionPath% ') Do Set LatestVersion=%%i
::Get latest version installation date-time [and Get latest version full path]
Set LatestVersionFullPath=%CoreWDPath%\%LatestVersion%
:: Use For looping once-only on the path already found by escaping the For loop with a GoTo
for /f "skip=5 tokens=1,2 delims= " %%A in (' dir "%LatestVersionFullPath%"  /ad /od ') do (Set LatestVersionDateTime=%%A %%B) & (GoTo :EndForDateTime)
:EndForDateTime
:EndShowWDVersion
cls ::Added because the whole procedure is now more complex
echo Latest version is %LatestVersion%
echo Latest version full path is %LatestVersionFullPath%
echo Latest version was installed %LatestVersionDateTime%
Pause to look at result

Denis

In addition:

Update Security Intelligence Definition for Windows Defender Antivirus

Farvatten,

I got stupid. I realised that I did not know how to retrieve the WD definitions version using a batch file. So I decided to work it out because it could not possibly take more than half an hour. That was over three hours ago.

This batch file will display the WD definitions version. It must be run as Admin.

ShowWDDefinitionsVersion.bat

Code:

:: Extract definitions version from MpSigStub.log
::::: Initialisation :::::
prompt $g
Set WorkingFolder=%Temp%
::::: Create a MpSigStub.log copy that can be read
copy C:\Windows\Temp\MpSigStub.log "%WorkingFolder%"
:: This file format cannot be read so convert it using Type
CD /D "%WorkingFolder%"
type MpSigStub.log >CurrentMpSigStub.txt
::::: Find the most up-to-date entry containing the definitions version [this is in the last found line]
::::: sample line  AV delta VDM: 1.299.56.0  1.299.62.0 
Set SearchText= AV delta VDM:
Set SearchFile=CurrentMpSigStub.txt
for /f "tokens=* delims= " %%N in ('findstr /i /b /C:"%SearchText%" "%SearchFile%"') do (Set ThisLine=%%N)
::::: Extract the definitons version from that most up-to-date entry
:: Step through replacing up to and including spaces in the variable value - rather than using tokens to achieve the same result
Set ThisLine=%ThisLine:* =%
Set ThisLine=%ThisLine:* =%
Set ThisLine=%ThisLine:* =%
Set ThisLine=%ThisLine:* =%
Set ThisLine=%ThisLine:* =%
:: Remove the space always found at the end - by replacing space anywhere because it is now suitable
Set ThisLine=%ThisLine: =%
:: Remove temporary working files
del "%WorkingFolder%\MpSigStub.log"
del "%WorkingFolder%\CurrentMpSigStub.txt"
echo The definitions version is %ThisLine%
Pause at End of ShowWDDefinitionsVersion to look at results

I hoped to avoid needing Admin permission but could not find a way to do that because the source folder for MpSigStub.log requires that and I could not find another log file that contained the data I wanted.

Denis