[RESOLVED] Package sharing update definition Microsoft Defender Zero Touch
Published: January 30, 2025 - 4:41 PM
Good morning,
A package already exists on the Wapt store, but I modified it so that the update is completely automatic thanks to the audit function (eliminating the need for the update_package function). The goal is to deploy the update as quickly as possible and without human intervention.
The code is probably messy; this is my first time manipulating dates and times
Prerequisites:
Each WAPT agent will look for the mpam-fe.exe binary on its WAPT repo to avoid saturating the internet link.
On the WAPT server, you must therefore add, for example, the following line to crontab:
It checks by comparing the date of the binary available on the repository and the binary cached in c:\windows\temp\mpam-fe.xe to see if there is a new version of the binary available.
If the binary does not yet exist in "c:\windows\temp\mpam-fe.exe", it fakes the date in order to force the download.
If the date is different, it downloads the new binary and then checks the signature of the binary (it must be from 'Microsoft Corporation').
Then he installs the new binary.
All that's left is to configure the audit frequency
setup.py:
Thanks to Simon for his help in putting together this package.
A package already exists on the Wapt store, but I modified it so that the update is completely automatic thanks to the audit function (eliminating the need for the update_package function). The goal is to deploy the update as quickly as possible and without human intervention.
The code is probably messy; this is my first time manipulating dates and times
Prerequisites:
Each WAPT agent will look for the mpam-fe.exe binary on its WAPT repo to avoid saturating the internet link.
On the WAPT server, you must therefore add, for example, the following line to crontab:
A brief summary of what the package audit does:00 20 * * * wget --user-agent="Mozilla" -O /var/www/waptwua/mpam-fe.exe 'https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64'
It checks by comparing the date of the binary available on the repository and the binary cached in c:\windows\temp\mpam-fe.xe to see if there is a new version of the binary available.
If the binary does not yet exist in "c:\windows\temp\mpam-fe.exe", it fakes the date in order to force the download.
If the date is different, it downloads the new binary and then checks the signature of the binary (it must be from 'Microsoft Corporation').
Then he installs the new binary.
All that's left is to configure the audit frequency
setup.py:
Code: Select all
# -*- coding: utf-8 -*-
from setuphelpers import *
import requests
import os
from datetime import datetime, timedelta
import time
import waptlicences
r"""
Usable WAPT package functions: install(), uninstall(), session_setup(), audit(), update_package()
"""
# Declaring global variables - Warnings: 1) WAPT context is only available in package functions; 2) Global variables are not persistent between calls
def install():
pass
def audit():
# Declaring local variables
osversion = get_os_version()
repo_url = [r for r in WAPT.repositories if r.name == 'wapt'][0].repo_url
repo_headers = WAPT.waptserver.head('waptwua/mpam-fe.exe')
repo_last_modified = repo_headers.get('last-modified')
repo_last_modified_pattern = "%a, %d %b %Y %H:%M:%S %Z"
repo_last_modified_date = datetime.strptime(repo_last_modified, repo_last_modified_pattern)
repo_last_modified_date_loc = repo_last_modified_date + timedelta(hours=1)
if isfile(r'c:\windows\temp\mpam-fe.exe') :
file_modTimesinceEpoc = os.path.getmtime(r'c:\windows\temp\mpam-fe.exe')
else :
# fake modification time if no bin
file_modTimesinceEpoc = int(float('1002387810.4883926'))
file_modificationTime_str = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(file_modTimesinceEpoc))
file_modificationTime_date = datetime.strptime(file_modificationTime_str, '%Y-%m-%d %H:%M:%S')
# Downloading new bin
if repo_last_modified_date_loc != file_modificationTime_date :
with WAPT.waptserver.get_requests_session() as session:
wget("%swua/mpam-fe.exe" % repo_url, r'c:\windows\temp\mpam-fe.exe', requests_session=session)
# Check signature bin
expected_issuer = 'Microsoft Corporation'
sign_name = waptlicences.check_msi_signature(r'c:\windows\temp\mpam-fe.exe')[0]
if sign_name != expected_issuer:
error('Bad issuer %s != %s ' % (sign_name,expected_issuer))
# Installing bin
versionfile = get_file_properties(r'c:\windows\temp\mpam-fe.exe')['ProductVersion']
if get_windows_defender_version() < versionfile:
run(r'c:\windows\temp\mpam-fe.exe /s')
if get_windows_defender_version() < versionfile:
error('AntivirusSignatureVersion not in %s' % versionfile)
print(r'OK: Definition Version is %s' % versionfile)
return "OK"
def get_windows_defender_version():
for i in get_antivirus_info():
if not i["name"] == "Windows Defender":
continue
return Version(i['AntivirusSignatureVersion'])
return Version('0')
. For your information, we're currently working on integrating the SOAP MS-WUSP communication protocol between the Windows Update agent and a WSUS server into the WAPT agent and server. Microsoft has provided a reference implementation [1] in .NET that implements this protocol. It takes into account the updating of Windows Defender definitions. So there might be some interesting new features coming soon.