• Antimalware Client Version: 4.18.26020.6
  
• Engine Version: 1.1.26020.3
  

• Improved the network protection feature to promptly release closed connections and reduce unnecessary memory usage.
  
• Fixed an issue where the Get-MpComputerStatus PowerShell cmdlet could fail after updates due to a configuration mismatch.
  
• Improved performance for Network Response Intelligence (NRI) by reducing CPU usage during high-volume asynchronous message processing.
  
• Added support for AMSI path exclusions for Exchange Server so configured path exclusions are now correctly evaluated during AMSI scanning for Exchange workloads.
  
• Improved policy refresh behavior for device control by updating default policy and Azure AD refresh intervals to reduce retry frequency.
  

• Antimalware Client Version: 4.18.26020.6
  
• Engine Version: 1.1.26020.3
  

• Improved the network protection feature to promptly release closed connections and reduce unnecessary memory usage.
  
• Fixed an issue where the Get-MpComputerStatus PowerShell cmdlet could fail after updates due to a configuration mismatch.
  
• Improved performance for Network Response Intelligence (NRI) by reducing CPU usage during high-volume asynchronous message processing.
  
• Added support for AMSI path exclusions for Exchange Server so configured path exclusions are now correctly evaluated during AMSI scanning for Exchange workloads.
  
• Improved policy refresh behavior for device control by updating default policy and Azure AD refresh intervals to reduce retry frequency.
  

• Security intelligence update version: 1.443.6.0
  
• Release date: December 11, 2025 (Engine) / December 17, 2025 (Platform)
  
• Platform: 4.18.25110.6
  
• Engine: 1.1.25110.1
  
• Support phase: Security and Critical Updates
  

• Performance improvements when querying WMI due to Behavior Monitor detections.
  
• Fixed potential hang in PowerShell on Server 2016 due to Defender Filter Driver.
  
• Resolved an application compatibility issue due to a loopback with SMB1 enabled.
  
• Fixed issue with ASR path exclusion requiring additional "" characters to function appropriately.
  
• Resolved high I/O issue with NisSrv.exe due to high volume of network logging events.
  
• Fixed error in threat enumeration causing repeated failure notifications every 15 minutes in SCCM.
  
• Improved drive mapping enumeration for devices with many drives which resulted in false positive detections for ASR rules.
  
• Fixed a crash with Defender related to long scan times causing the service to hang in Windows Server 2019
  

• Security intelligence update version: 1.439.345.0
  
• Release date: September 8, 2025 (Engine) / September 21, 2025 (Platform)
  
• Platform: 4.18.25090.3009
  
• Engine: 1.1.25090.3001
  
• Support phase: Security and Critical Updates
  

• Improved service startup behavior: The core service now only restarts when necessary, for example, during a successful platform update. This change allows the organization to avoid unnecessary restarts when the service is already running correctly.
  
• Improved stability for RPC services: Added input validation across multiple RPC endpoints to prevent crashes caused by malformed data, which addresses a reported security vulnerability.
  
• Fixed threat exclusion handling: Resolved an issue where severity-based exclusions could cause the engine to misidentify threats, potentially skipping high severity detections.
  
• Restored performance optimization for network file access: Fixed a regression that caused slowdowns during file operations, like robocopy to network shares. The fix included reintroducing the logic to skip unnecessary checks on non-local files when Controlled Folder Access is enabled.
  

• Security intelligence update version: 1.437.1.0
  
• Release date: September 16, 2025 (Engine) / September 17, 2025 (Platform)
  
• Platform: 4.18.25080.5
  
• Engine: 1.1.25080.5
  
• Support phase: Security and Critical Updates
  

• Security intelligence update version: 1.433.2.0
  
• Release date: July 22, 2025 (Engine) / July 22, 2025 (Platform)
  
• Platform: 4.18.25060.7
  
• Engine: 1.1.25060.6
  
• Support phase: Security and Critical Updates
  

• Added filtering to improve scan stability and prevent engine crashes
  
• Additional performance improvements to prevent concurrent scans. This change ensures that if a quick or full scan is already running, no additional quick or full scan scans are initiated from MpCmdRun or Powershell (Start-Scan).
  
• Resolved the issue where subfolder exclusions were not being honored in Microsoft Defender Antivirus scans related to non-Microsoft SIEM solutions. This fix ensures that specified subfolders are now correctly excluded from scans, preventing unnecessary detections and improving overall system performance.
  

• Security intelligence update version: 1.431.19.0
  
• Release date: June 13, 2025 (Engine) / June 13, 2025 (Platform)
  
• Platform: 4.18.25050.5
  
• Engine: 1.1.25050.6
  
• Support phase: Security and Critical Updates
  

• Windows multisession SKUs are now properly classified as client SKUs for signature versioning
  
• EnableDynamicSignatureDroppedEventReporting configuration is now available in Intune (see Event ID 2011)
  
• The display name and description is now displayed correctly for the device control filter driver in Windows services
  
• Improved performance for kernel driver
  
• Improvements to network protection performance related to packet loss during high network utilization
  
• Reliability improvements to network protection during service shutdown
  
• Enriched Event ID 1000 to include ScanOnlyIfIdle and scan priority
  
• Improved device control Windows Portal Device (WPD) device discovery in File explorer. (For more information about device control, see Device control policy samples and scenarios.)
  
• Resolved discrepancy in device health reports between signature publish and signature install date and time
  
• Performance improvements when scanning files/folders with extended attributes
  
• Reliability improvement in the Defender kernel driver to avoid crashing when there's excessive disk input/output
  
• Added exponential backoff support to Core Service 1DS manager telemetry module to address memory consumption and DNS flooding issues
  

• Security intelligence update version: 1.429.3.0
  
• Release date: May 14, 2025 (Engine) / (Platform pending)
  
• Platform: (coming soon)
  
• Engine: 1.1.25040.1
  
• Support phase: Security and Critical Updates
  

• Fixed TVM Block where we failed to block a trusted file
  
• Fixed Microsoft Defender platform update timestamp to reflect the actual update time.
  
• The 1002 event (An anti-malware scan was stopped before it finished) now includes details of the stop reason.
  
• Added more details to the 1000 event (Scan started), like scan trigger and scan on idle.
  
• Improved ASR file processing to correctly handle "allow" Indicators of Compromise (IoCs).
  
• Improvement in health reporting for machines that are rebooted or hibernated.
  
• Improved performance for Smart App Control (SAC) trusted file handling.
  
• Improved device control logic for offline printers.
  

• Security intelligence update version: 1.427.3.0
  
• Release date: April 1, 2025 (Engine) / April 9, 2025 (Platform)
  
• Platform: 4.18.25030.2
  
• Engine: 1.1.25030.1
  
• Support phase: Security and Critical Updates
  

• Improved caching of device control settings to improve reliability in occasionally connected environments.
  
• Performance improvement in on-access scans of files in network locations.
  
• Fixed the Defender service description to match the latest installed version.
  
• Improved Defender engine update logic when the update is included in a custom image.
  
• Fix in health reporting where signature update data might have been incorrect.
  
• Fixed reporting issue with controlled folder access (CFA) protected folders using the PowerShell cmdlet Get-MpPreference when CFA is disabled.
  
• Improved performance when scanning UPX-packed files (Ultimate Packer for eXecutables) and updated the validation process to verify the integrity of the packed file itself.
  
• Added support for distinguishing regular cloud allow signatures from clean Indicators of Compromise (IoC) in attack surface reduction (ASR).
  

• Security intelligence update version: 1.415.1.0
  
• Release date: July 9, 2024 (Engine) / TBD (Platform)
  
• Platform: 4.18.24060.xxxx
  
• Engine: 1.1.24060.5
  
• Support phase: Security and Critical Updates
  

• Fixed issue where Microsoft Defender Antivirus was not properly changing state when non-Microsoft antivirus/antimalware software was installed and Windows Defender Application Control (WDAC) with Intelligent Security Graph were enabled.
  
• Fixed deadlock issue on VDI that occurred when loading corrupted update files from UNC share.
  
• Custom scans started with Start-MpScan are now reported in the event log.
  
• Fixed potential deadlock that occurred on volume mount scanning.
  
• Fixed issue where Microsoft Defender Antivirus did not allow applications to clean up temporary files.
  
• Fixed potentially packet loss due to network protection shutdown that could lead to deadlock.
  
• Implemented performance improvements for scenarios where WDAC is enabled with Intelligent Security Graph.
  
• Fixed an issue where an Outlook exclusion for the ASR rule Block Office applications from injecting code into other processes was not honored.
  

• Security intelligence update version: 1.409.1.0
  
• Release date: April 2, 2024 (Engine) / Coming soon (Platform)
  
• Engine: 1.1.24030.4
  
• Platform: Coming soon
  
• Support phase: Security and Critical Updates
  

• Added manageability settings to opt-out for One Collector telemetry channel and Experimentation and Configuration Service (ECS).
  
• Microsoft Defender Core Service will be disabled when 3rd party Antivirus is installed (except when Defender for Endpoint is running in Passive mode).
  
• The known issue in 4.18.24020.7 where enforcement of device level access policies wasn't working as expected no longer occurs.
  
• Fixed high CPU issue caused by redetection done during Sense originating scans.
  
• Fixed an issue with Security Intelligence Update disk cleanup.
  
• Fixed an issue where the Signature date information on the Security Health report wasn't accurate.
  
• Introducted performance improvements when processing paths for exclusions.
  
• Added improvements to allow recovering from erroneously added Indicators of compromise (IoC).
  
• Improved resilience in processing attack surface reduction exclusions for Anti Malware Scan Interface (AMSI) scans.
  
• Fixed a high memory issue related to the Behavior Monitoring queue that occured when MAPS is disabled.
  
• A possible deadlock when receiving a Tamper protection configuration change from the Microsoft Defender portal no longer occurs.
  

Quote:Microsoft Office will open files from potentially unsafe locations in  Microsoft Defender Application Guard, a secure container, that is isolated from the device through hardware-based virtualization. When Microsoft Office opens files in Microsoft Defender Application Guard, a user can then securely read, edit,  print, and save the files without having to re-open files outside of the container.

• 64-bit processor with at least 4 cores (physical or virtual), virtualization extensions (Intel VT-x or AMT-V), Core i5 or higher.
  
• 8 Gigabytes of memory.
  
• 10 Gigabytes of free hard disk space.
  
• Windows 10 version 2004 build 19041 or later, Enterprise edition only
  
• Licensing requirement: Microsoft 365 E5 or E5 Security.
  
• Office Beta Channel build version 2008 or later.
  
• Kb4566782 installed
  

• 2 enables Microsoft Defender Application Guard for isolated Windows environments ONLY.
  
• 3 enables Microsoft Defender Application Guard for Microsoft Edge and isolated Windows environments.