How to update the Microsoft Defender manually

How to update the Microsoft Defender manually

It is imperative to keep Microsoft Defender up to date, even if Windows Update does not work. Here are several methods to update Defender manually. […]

Microsoft Defender is the built-in anti-malware package that is included in modern Windows operating systems. It is also known by the name Windows Security (it is displayed under Settings as Windows Security) or Windows Defender (sometimes with antivirus at the end of the name, as on this Microsoft Docs page). But whatever you want to call it, for many Windows users this tool is the standard solution for security on their PCs.

As with Windows Update in general, it may happen that Microsoft Defender updates do not work. Normally, Defender updates are handled as part of routine Windows Update behavior and run daily as a scheduled task. But sometimes Windows Update itself has problems and can not do much (or nothing at all).

In this case, there are other ways to keep the Defender up to date, bypassing problems that are exclusively related to Windows Update itself. (For more advice on this topic, see the note at the end of the article).

1. Use Microsoft Defender’s own update feature

In the “Settings” app, you can access a Windows security feature using this selection sequence: Start > Settings > Update & Security > Windows Security in Windows 10 or Start > Settings > Privacy & Security > Windows Security in Windows 11. There you will find a button that says “Open Windows Security”, as shown in Figure 1. Alternatively, you can also open the app directly by typing “Windows Security” in the Start menu.

Figure 1: You can access Windows Security through the “Settings” app (c) IDG

The “Windows Security” app contains numerous entries, including the entry “Virus and Threat Protection”, which can also be seen in Figure 1. When you click on it, an application window appears, as in Figure 2. Note the entry under “Updates for virus and threat protection” at the bottom. You can click the “Check for updates” link at the bottom of the image to tell Defender to check for updates. If any are available, they will be downloaded and installed.

Figure 2: Click “Check for Updates” to instruct the Defender to download Updates (c) IDG

Note that this download process runs in the background via Windows Update. I’ve seen it work sometimes when WU gets stuck on a certain update. Sometimes, however, it is also not possible to download updates when WU is no longer getting any further and no longer downloads anything at all. In such cases, there is another way to forcibly update Microsoft Defender, which is described in the following section.

2. Updating the Defender signatures with Update-MpSignature

There is a special PowerShell command for updating Defender security definitions (also called signatures). The simple, basic syntax for this command is to simply type the command name in PowerShell. This command works on both Windows 10 and Windows 11 (as shown in Figure 3 for Windows 11). Although it doesn’t seem to do much within PowerShell, the command actually updates the Defender signatures.

Figure 3: The Update-MpSignature command updates the Defender definitions, but does not output much (c) IDG

You can check the information about the protection updates at any time by clicking on “Virus and Threat Protection” in Windows Security, then scroll down to “Virus and Threat Protection Updates” and then click on “Protection Updates”. As can be seen in Figure 4, I updated the signatures (called “Security Intelligence Version”) to version number 1.351.225.0 via the command line on October 11, 2021 at 15:44. Note that the “Check for updates” button also appears in this section of the screen; you could also use it to implement the previous update method.

Figure 4: “Security Intelligence Version” shows the version number and the creation time of the current signatures (c) IDG

3. Update all Defender components via Microsoft

Microsoft maintains a website specifically for Defender updates with the title “Microsoft Defender update for Windows operating system installation images”. There it is mentioned that the Defender environment consists of three components, all of which are regularly updated.

Since they change daily (or more often), the signatures are constantly updated. But also the anti-malware client (the part of Defender that coordinates the checks on the individual PCs) and the anti-malware engine (the part of Defender that performs the defense measures and cleanups on the individual PCs when malware is detected) are updated regularly. These are usually done one to four times a month, depending on the malware activity and severity.

You can use one of the following methods to update all three components of Defender.

Using installation images for offline updates

On the web page linked above, users must select a ZIP file download for 32-bit or 64-bit systems. (The latter is much more common than the former. Windows 11 is not available in a 32-bit version.) Also note that this page is constantly updated. So make sure you are using the latest version of the site.

Step 1: Unzip the contents of the download (e.g. in a directory. For example, I created a DefUpd folder on my D: drive as a destination (D:DefUpd). This resulted in a file structure as shown in Figure 5. It shows a PowerShell script that does the .CAB file is processed for the Defender updates for all three components.

Figure 5: The contents of the downloaded ZIP file for the 64-bit update (c) IDG

Step 2: Call the PowerShell script to add the update to an offline Windows image. The same script also supports operations for removing/rolling back and listing details. (For more information, see the already mentioned page about system installation images).

Working with online images

The Microsoft Update Catalog contains Defender updates for Windows 10 in versions x86, x64 and ARM; look for “Microsoft Defender” there to find them. For 64-bit systems, you need the version that shows properties as in Figure 6 and has (amd64fre) at the end of the file description. The others include (x86fre) for 32-bit processors and (arm64fre) for 64-bit ARM CPUs. They are self-installing executable files, so you can run them on a Windows 10 machine at any time. (As I write this article, the catalog does not seem to offer equivalents for Windows 11).

Figure 6: Properties for the 64-bit Windows 10 AntiMalware Platform Update file (c) IDG

Where there is a will, there is also a way

Given the various methods of downloading Microsoft Defender signatures and executables, there is always a method to keep things up to date. I recommend that you let Windows Update do things automatically whenever possible. If that doesn’t work, try using the “Check for Updates” button in the Windows security app. If that doesn’t work, you can use PowerShell to update signatures (Update-MpSignature), visit the support page for Defender installation images, or use the Microsoft Update Catalog for antimalware runtime components.

Hopefully you don’t have to go that far, or not very often. But it’s good to know that there is another way, if you need it.

*Ed Tittel has been working in the IT industry for over 30 years and has been a Windows Insider MVP since 2018. As the author of more than 100 computer books, Ed Tittel is perhaps best known for his Exam Cram series of certification preparation books. Nowadays, Ed blogs weekly for and even more often on Win10.Guru. To learn more about Ed, visit his website

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: