Page 1 of 1
[WAPTWUA] Windows Defender Definition Updates
Published: Dec 8, 2023 - 10:48 AM
by Yohan Rodriguez
Hello,
I've searched the documentation but haven't found an answer to my question.
How do I push virus definition updates for Windows Defender via WAPT?
I checked the Microsoft documentation for the WUA API and it says it's possible.
Regards,
Yohan.
Re: [WAPTWUA] Windows Defender Definition Updates
Published: Dec 8, 2023 - 1:36 PM
by sfonteneau
We have an internal ticket but we haven't revisited it yet:
One of the methods we have is to use "mpam-fe.exe":
https://www.microsoft.com/en-us/wdsi/defenderupdates
One could use a wapt package and operate completely offline:
The update package allows you to update the definition:
Code: Select all
# -*- coding: utf-8 -*-
from setuphelpers import *
def install():
versionfile = get_file_properties(r'mpam-fe.exe')['ProductVersion']
run('mpam-fe.exe')
for i in get_antivirus_info():
if not i["name"] == "Windows Defender":
continue
if Version(control.get_software_version()) != Version(versionfile):
error('AntivirusSignatureVersion not in %s' % versionfile)
def update_package():
wget('https://go.microsoft.com/fwlink/?LinkID=121721&arch=%s' % control.architecture,'mpam-fe.exe')
control.set_software_version(get_file_properties(r'mpam-fe.exe')['ProductVersion'])
control.save_control_to_wapt()
Re: [WAPTWUA] Windows Defender Definition Updates
Published: Dec 8, 2023 - 3:23 PM
by dcardon
Hello Yohan,
To complete Simon's answer, in fact Windows Defender updates are not referenced in the wsusscn2.cab update index published by Microsoft, so they do not arrive in waptwua through this mechanism.
As Simon mentioned, Microsoft releases an update file, mpam-fe.exe, which contains all the definitions. Since it contains everything, it's quite large (134MB). That said, the file can be unzipped (mpam-fe.exe /x) and it clearly contains delta files.
Code: Select all
08/12/2023 12:30 137 315 816 mpam-fe.exe
08/12/2023 12:32 72 321 624 mpasbase.vdm
08/12/2023 12:32 14 435 304 mpasdlta.vdm
08/12/2023 12:32 42 312 280 mpavbase.vdm
08/12/2023 12:32 870 376 mpavdlta.vdm
08/12/2023 12:32 19 000 424 mpengine.dll
08/12/2023 12:32 918 960 MpSigStub.exe
We haven't received many requests for Microsoft Defender integration in WAPT yet, so we haven't started integrating it directly into the server. We'll be able to look into it more closely after the release of WAPT version 2.5.
Sincerely,
Denis
Re: [WAPTWUA] Windows Defender Definition Updates
Published: Dec 28, 2023 - 12:01
by Yohan Rodriguez
Hello,
thank you for your feedback, we will follow this closely.
Sincerely,
Yohan.
Re: [WAPTWUA] Windows Defender Definition Updates
Published: January 3, 2024 - 4:02 PM
by sfonteneau
In the meantime, we've created this Wapt package which is generated daily:
https://wapt.tranquil.it/store/fr/tis-m ... ion-update