Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Windows Defender version


I want do create a collection based on the windows defender version ..

is this possible ..




Date Votes
  • I'm trying to work something with this

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates\EngineVersion.


    However after scanning my collection the key doesn't reflect the version reported manually through the console.




  • Hi William. I created a registry scanner that scanned for that same key and was able to confirm that all instances of Windows Defender were correct. Would you post a screenshot or two showing the inconsistency?

    Here's the scanner I used:

    And the collection showing all machines with the latest version:

    And the machines with the vulnerable version(s):

    You can also get the engine version from the Properties > Details tab in the following path:

    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\GUID\mpengine.dll


  • Hi Brigg,


    I can post screenshots but they are near identical to yours!  What is weird is the scan doesn't seem to detect the change in the registry. I manually checked the registry of one of our client computers and it also wasn't up-to-date with a manual check of the engine version via the console.

    One possible difference is that we are using Microsoft Endpoint security site wide. I wonder if that differs enough to produce the discrepancy.


    I will try looking at the version info in the actual file. Thanks for the suggestion!!!!

  • Result: Endpoint security mpengine.dll located in different folder:


    \ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B627184-8464-4E76-AC3B-737EE66DCC11}\


    Might have to scan this file and version for the correct response. Will give it a go after lunch.



  • Works,


    Had to change the scan to

    %SYSTEMROOT%\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\**\