Hello,
I've searched the documentation but haven't found an answer to my question.
How do I push virus definition updates for Windows Defender via WAPT?
I checked the Microsoft documentation for the WUA API and it says it's possible.
Regards,
Yohan.
[WAPTWUA] Windows Defender Definition Updates
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
We have an internal ticket but we haven't revisited it yet:
One of the methods we have is to use "mpam-fe.exe": https://www.microsoft.com/en-us/wdsi/defenderupdates
One could use a wapt package and operate completely offline:
The update package allows you to update the definition:
One of the methods we have is to use "mpam-fe.exe": https://www.microsoft.com/en-us/wdsi/defenderupdates
One could use a wapt package and operate completely offline:
The update package allows you to update the definition:
Code: Select all
# -*- coding: utf-8 -*-
from setuphelpers import *
def install():
versionfile = get_file_properties(r'mpam-fe.exe')['ProductVersion']
run('mpam-fe.exe')
for i in get_antivirus_info():
if not i["name"] == "Windows Defender":
continue
if Version(control.get_software_version()) != Version(versionfile):
error('AntivirusSignatureVersion not in %s' % versionfile)
def update_package():
wget('https://go.microsoft.com/fwlink/?LinkID=121721&arch=%s' % control.architecture,'mpam-fe.exe')
control.set_software_version(get_file_properties(r'mpam-fe.exe')['ProductVersion'])
control.save_control_to_wapt()
-
dcardon
- WAPT Expert
- Messages: 1932
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Yohan,
To complete Simon's answer, in fact Windows Defender updates are not referenced in the wsusscn2.cab update index published by Microsoft, so they do not arrive in waptwua through this mechanism.
As Simon mentioned, Microsoft releases an update file, mpam-fe.exe, which contains all the definitions. Since it contains everything, it's quite large (134MB). That said, the file can be unzipped (mpam-fe.exe /x) and it clearly contains delta files.
We haven't received many requests for Microsoft Defender integration in WAPT yet, so we haven't started integrating it directly into the server. We'll be able to look into it more closely after the release of WAPT version 2.5.
Sincerely,
Denis
To complete Simon's answer, in fact Windows Defender updates are not referenced in the wsusscn2.cab update index published by Microsoft, so they do not arrive in waptwua through this mechanism.
As Simon mentioned, Microsoft releases an update file, mpam-fe.exe, which contains all the definitions. Since it contains everything, it's quite large (134MB). That said, the file can be unzipped (mpam-fe.exe /x) and it clearly contains delta files.
Code: Select all
08/12/2023 12:30 137 315 816 mpam-fe.exe
08/12/2023 12:32 72 321 624 mpasbase.vdm
08/12/2023 12:32 14 435 304 mpasdlta.vdm
08/12/2023 12:32 42 312 280 mpavbase.vdm
08/12/2023 12:32 870 376 mpavdlta.vdm
08/12/2023 12:32 19 000 424 mpengine.dll
08/12/2023 12:32 918 960 MpSigStub.exeSincerely,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
-
YohanRodriguez
- Messages: 8
- Registration: December 1, 2023 - 2:26 PM
Hello,
thank you for your feedback, we will follow this closely.
Sincerely,
Yohan.
thank you for your feedback, we will follow this closely.
Sincerely,
Yohan.
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
In the meantime, we've created this Wapt package which is generated daily:
https://wapt.tranquil.it/store/fr/tis-m ... ion-update
https://wapt.tranquil.it/store/fr/tis-m ... ion-update
