Windows Defender version

I'm trying to work something with this

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates\EngineVersion.

However after scanning my collection the key doesn't reflect the version reported manually through the console.

???

Hi William. I created a registry scanner that scanned for that same key and was able to confirm that all instances of Windows Defender were correct. Would you post a screenshot or two showing the inconsistency?

Here's the scanner I used:

And the collection showing all machines with the latest version:

And the machines with the vulnerable version(s):

You can also get the engine version from the Properties > Details tab in the following path:

C:\ProgramData\Microsoft\Windows Defender\Definition Updates\GUID\mpengine.dll

Hi Brigg,

I can post screenshots but they are near identical to yours!  What is weird is the scan doesn't seem to detect the change in the registry. I manually checked the registry of one of our client computers and it also wasn't up-to-date with a manual check of the engine version via the console.

One possible difference is that we are using Microsoft Endpoint security site wide. I wonder if that differs enough to produce the discrepancy.

I will try looking at the version info in the actual file. Thanks for the suggestion!!!!

Result: Endpoint security mpengine.dll located in different folder:

\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B627184-8464-4E76-AC3B-737EE66DCC11}\

Might have to scan this file and version for the correct response. Will give it a go after lunch.

:)

Works,

Had to change the scan to

%SYSTEMROOT%\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\**\

Thanks!