Comments

5 comments

  • William Hart

    I'm trying to work something with this

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates\EngineVersion.

     

    However after scanning my collection the key doesn't reflect the version reported manually through the console.

     

    ???

     

    0
    Comment actions Permalink
  • Brigg Angus

    Hi William. I created a registry scanner that scanned for that same key and was able to confirm that all instances of Windows Defender were correct. Would you post a screenshot or two showing the inconsistency?

    Here's the scanner I used:

    And the collection showing all machines with the latest version:

    And the machines with the vulnerable version(s):

    You can also get the engine version from the Properties > Details tab in the following path:

    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\GUID\mpengine.dll

     

    0
    Comment actions Permalink
  • William Hart

    Hi Brigg,

     

    I can post screenshots but they are near identical to yours!  What is weird is the scan doesn't seem to detect the change in the registry. I manually checked the registry of one of our client computers and it also wasn't up-to-date with a manual check of the engine version via the console.

    One possible difference is that we are using Microsoft Endpoint security site wide. I wonder if that differs enough to produce the discrepancy.

     

    I will try looking at the version info in the actual file. Thanks for the suggestion!!!!

    0
    Comment actions Permalink
  • William Hart

    Result: Endpoint security mpengine.dll located in different folder:

     

    \ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B627184-8464-4E76-AC3B-737EE66DCC11}\

     

    Might have to scan this file and version for the correct response. Will give it a go after lunch.

     

    :)

    0
    Comment actions Permalink
  • William Hart

    Works,

     

    Had to change the scan to

    %SYSTEMROOT%\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\**\

    Thanks!

     

     

    0
    Comment actions Permalink

Please sign in to leave a comment.