Microsoft has developed a new tool for network admins to ensure that their Windows Installation Images are up to date with the latest security software.
Microsoft notes that install media are often outdated and during the initial hours of a newly installed Windows OS deployments, computers with Microsoft Defender can suffer a protection gap, as the installation OS images may contain outdated Anti-Malware Software binaries. These devices will remain under-protected until the first Anti-Malware software update finishes.
Microsoft says regular servicing of OS installation images to update Microsoft Defender binaries minimizes this protection gap in new deployments. Microsoft has now released a new Anti-Malware Update package for Microsoft Defender in the OS installation images (WIM or VHD files) that makes it easy to add the latest anti-malware client, anti-malware engine, and signature versions in the OS installation images.
The tool supports Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019 and Windows Server 2016.
The DefenderUpdateWinImage Powershell tool includes monthly updates and fixes to the Microsoft Defender antimalware platform and engine that’s used by Microsoft Defender Antivirus in Windows 10.
This package also includes the latest security intelligence update that is available up to the date of release.
It can be found at Microsoft here, with all the instructions on its implementation.