Ways to check your current Defender Antimalware Platform Version

  1. Farvatten's Avatar
    Posts : 153
    Windows 10 Pro 64bit 1903 18362.356
       #1

    Ways to check your current Defender Antimalware Platform Version


    With all these sfc /scannow hash corruption issues tied to updates in Defender's Antimalware Platform it's helpful to know what you're currently running and when it was installed:

    Option One: The Defender Install Platform Folders

    C:/ProgramData/Microsoft/Windows Defender/Platform/

    These are created with each new update and labeled with version numbers. The most recent folder is the currently installed platform. This quickly shows when the update occurred. I put this file link in my Firefox menu favorites:

    file:///C:/ProgramData/Microsoft/Windows%20Defender/Platform/


    Click image for larger version. 

Name:	WindowsDefenderPlatformFolders.jpg 
Views:	2 
Size:	51.6 KB 
ID:	240642


    Option Two: Settings > Update & Security > Windows Security > Virus & threat protection > Settings > About

    Note: Date information is not provided

    Cumulative Update KB4507453 Windows 10 v1903 build 18362.239 - July 9



    You can also get version and date information for the Antimalware Client itself in Settings > Update & Security > View Update History > Definition Updates, as well as in the Reliability Monitor ( if enabled ):

    Click image for larger version. 

Name:	Reliabilith Monitor Defender Platform Update.jpg 
Views:	2 
Size:	164.2 KB 
ID:	240643



      My ComputersSystem Spec

  2. Try3's Avatar
    Posts : 2,430
    Windows 10 Home x64 and Pro x86
       #2

    You can, if you wish, identify the installed version using a batch file that identifies that newest folder [shown in your first diagram] & hence the newest version

    Show WD Version installed.bat
    Code:
    :: Simplify the command line prompt for ease of comprehension
    prompt $g
    :: search for the latest subfolder in %ProgramData%\Microsoft\Windows Defender\Platform
    :: It processes all subfolders in sequence so that last one to be set is the latest one
    set GetLatestVersionPath="dir "C:\ProgramData\Microsoft\Windows Defender\Platform" /ad /od /b"
    FOR /F "tokens=*" %%i IN (' %GetLatestVersionPath% ') Do Set LatestVersionPath=%%i
    echo %LatestVersionPath%
    Pause to look at result


    Additionally, if you suspect that there is an error in what is or is not actually in use by the system you could use these two commands [which I have just left as shortcuts rather than batch files]
    Check that WD service is running.lnk
    Code:
    C:\Windows\System32\cmd.exe /k C:\Windows\System32\sc.exe query windefend
    Show WD version currently in use.lnk
    Code:
    C:\Windows\System32\cmd.exe /k C:\Windows\System32\sc.exe qc windefend


    Denis
      My ComputerSystem Spec

  3. Farvatten's Avatar
    Posts : 153
    Windows 10 Pro 64bit 1903 18362.356
    Thread Starter
       #3

    Try3 said: View Post
    You can, if you wish, identify the installed version using a batch file that identifies that newest folder [shown in your first diagram] & hence the newest version...
    Very helpful utilities. Thanks!
      My ComputersSystem Spec

  4. Try3's Avatar
    Posts : 2,430
    Windows 10 Home x64 and Pro x86
       #4

    And I've just been playing a bit with the batch file. I saw that you thought it worth checking the date-time that a WD version was installed so the new batch file version includes that.

    Show WD Version installed.bat
    Code:
    :: Simplify the command line prompt for ease of comprehension during testing
    prompt $g
    Title ShowWDVersion-Path-DLM
    :: Initialisation
    Set CoreWDPath=C:\ProgramData\Microsoft\Windows Defender\Platform
    :: Get latest version
    :: search for the latest subfolder in %ProgramData%\Microsoft\Windows Defender\Platform
    :: It processes all subfolders in sequence so that last one to be set is the latest one
    set GetLatestVersionPath="dir "%CoreWDPath%" /ad /od /b"
    FOR /F "tokens=*" %%i IN (' %GetLatestVersionPath% ') Do Set LatestVersion=%%i
    ::Get latest version installation date-time [and Get latest version full path]
    Set LatestVersionFullPath=%CoreWDPath%\%LatestVersion%
    :: Use For looping once-only on the path already found by escaping the For loop with a GoTo
    for /f "skip=5 tokens=1,2 delims= " %%A in (' dir "%LatestVersionFullPath%"  /ad /od ') do (Set LatestVersionDateTime=%%A %%B) & (GoTo :EndForDateTime)
    :EndForDateTime
    :EndShowWDVersion
    cls ::Added because the whole procedure is now more complex
    echo Latest version is %LatestVersion%
    echo Latest version full path is %LatestVersionFullPath%
    echo Latest version was installed %LatestVersionDateTime%
    Pause to look at result

    Denis
      My ComputerSystem Spec

  5. Farvatten's Avatar
    Posts : 153
    Windows 10 Pro 64bit 1903 18362.356
    Thread Starter
       #5

    @Try3 Excellent! again thanks.
      My ComputersSystem Spec

  6. Brink's Avatar
    Posts : 42,095
    64-bit Windows 10 Pro for Workstations build 18980
       #6
      My ComputersSystem Spec


  7. Try3's Avatar
    Posts : 2,430
    Windows 10 Home x64 and Pro x86
       #7

    Farvatten,

    I got stupid. I realised that I did not know how to retrieve the WD definitions version using a batch file. So I decided to work it out because it could not possibly take more than half an hour. That was over three hours ago.

    This batch file will display the WD definitions version. It must be run as Admin.

    ShowWDDefinitionsVersion.bat
    Code:
    :: Extract definitions version from MpSigStub.log
    ::::: Initialisation :::::
    prompt $g
    Set WorkingFolder=%Temp%
    ::::: Create a MpSigStub.log copy that can be read
    copy C:\Windows\Temp\MpSigStub.log "%WorkingFolder%"
    :: This file format cannot be read so convert it using Type
    CD /D "%WorkingFolder%"
    type MpSigStub.log >CurrentMpSigStub.txt
    ::::: Find the most up-to-date entry containing the definitions version [this is in the last found line]
    ::::: sample line  AV delta VDM: 1.299.56.0  1.299.62.0 
    Set SearchText= AV delta VDM:
    Set SearchFile=CurrentMpSigStub.txt
    for /f "tokens=* delims= " %%N in ('findstr /i /b /C:"%SearchText%" "%SearchFile%"') do (Set ThisLine=%%N)
    ::::: Extract the definitons version from that most up-to-date entry
    :: Step through replacing up to and including spaces in the variable value - rather than using tokens to achieve the same result
    Set ThisLine=%ThisLine:* =%
    Set ThisLine=%ThisLine:* =%
    Set ThisLine=%ThisLine:* =%
    Set ThisLine=%ThisLine:* =%
    Set ThisLine=%ThisLine:* =%
    :: Remove the space always found at the end - by replacing space anywhere because it is now suitable
    Set ThisLine=%ThisLine: =%
    :: Remove temporary working files
    del "%WorkingFolder%\MpSigStub.log"
    del "%WorkingFolder%\CurrentMpSigStub.txt"
    echo The definitions version is %ThisLine%
    Pause at End of ShowWDDefinitionsVersion to look at results

    I hoped to avoid needing Admin permission but could not find a way to do that because the source folder for MpSigStub.log requires that and I could not find another log file that contained the data I wanted.

    Denis
      My ComputerSystem Spec

  8. Farvatten's Avatar
    Posts : 153
    Windows 10 Pro 64bit 1903 18362.356
    Thread Starter
       #8

    Try3 said: View Post
    ... So I decided to work it out because it could not possibly take more than half an hour. That was over three hours ago...
    Boy, don't I know that Alice in Wonderland rabbit hole...!

    Thanks for your efforts.
      My ComputersSystem Spec


 

Related Threads
Solved Defender antimalware client update in AntiVirus, Firewalls and System Security
In Windows 10 version 1709, os build 16299.192, checking for updates shows a new update for the Windows Defender antimalware platform, to version 4.12.17007.18011 173392 Installed without a problem, no restart required. Defender before...
Does it include update for antimalware platform? in AntiVirus, Firewalls and System Security
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" "-SignatureUpdate" Does the above include update for antimalware platform?
New Windows Defender Platform 4.18.1812.3-0 in AntiVirus, Firewalls and System Security
For those running custom scheduled tasks there's a new version platform folder: C:/ProgramData/Microsoft/Windows Defender/Platform/4.18.1812.3-0/ This just came down on both my machines, no doubt in prep for tomorrow's CU.
Defender Antimalware version update on Windows 10 1803 in AntiVirus, Firewalls and System Security
Received this via WIndows Update this morning on Insider PCs Antimalware Client Version: 4.14.17613.18038 Unknown what is fixed or anything, just thought i'd let folks know in regards to that, decided to keep Defender active on the systems til...
Solved Updated Defender Antimalware Client in AntiVirus, Firewalls and System Security
Just got an update thru Windows Update. Appears the Antimalware Client for Defender has been updated, and the Base # for the defender definitions has been bumped up. 167058167059
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 11:51.
Find Us