Microsoft lays down a new path for Windows Defender installation on Windows 10

Microsoft recently rolled out a new update to its Windows Defender antimalware platform on Windows 10. This update package was released for Windows 10 Enterprise, Windows 10 Pro, Windows 10 Home, and Windows Server 2016 Operating Systems – and it makes location changes for Windows Defender Antivirus service (MsMpEng.exe), Network Realtime Inspection service (NisSrv.exe) and Windows Defender Antivirus drivers on these operating systems.

Antivirus tool

Every software update brings some bugs along with fixes or new features; this update is no different. As listed by Microsoft Support, here are the known issues involved with this update:

What’s new:

As a part of monthly updates for Windows Defender, this update is released for Windows 10 Version 1703 and Version 1709 or namely Windows 10 Creators Update and Windows 10 Fall Creators Update. Here, a few binary locations used by Windows 10 were updated. As listed by Microsoft, here are the changes :

Affected component Old location New location
Windows Defender Antivirus service (MsMpEng.exe)

Network Realtime Inspection service (NisSrv.exe)

%ProgramFiles%\Windows Defender %ProgramData%\Microsoft\Windows Defender\Platform\<Version>
Windows Defender Antivirus drivers %Windir%\System32\drivers %Windir%\System32\drivers\wd

All third-party applications that have references to these binaries must be updated to the new locations.

Known Issues:

1] Because of a change in the file path location in the latest update (Antimalware Client Version: 4.12.17007.17123), many downloads are being blocked when AppLocker is enabled.

%OSDrive%\ProgramData\Microsoft\Windows Defender\Platform\*

2] In rare cases, computers that are running Windows Defender Advanced Threat Protection together with Windows Defender Antivirus are put into a passive mode during the installation of this update. In this passive mode, Real-time Protection is disabled.

3] To work around this issue, delete the “PassiveMode” value in the following registry subkey:

HKLM\SOFTWARE\Microsoft\Windows Defender

You may need to take ownership of the Windows Defender subkey and enable full access to your user account to perform the second workaround.

If you are running Windows 10 version 1709 or any newer Insider Preview builds, you can do the following steps to check the client version information :

  1. First, open Windows Defender Security Center app.
  2. Now, click on the Settings Icon and then click About.
  3. Under the heading of Antimalware Client Version, you can find the version number.
  4. If you are running Windows 10 version 1703 or older builds, you can do the following steps to check the client version information :
  5. First, open Windows Defender App.
  6. Now, click on Help and then on About.
  7. Under the heading of Antimalware Client Version, you can find the version number.

The package is named as Update for Windows Defender antimalware platform and is sized around 2MB-3MB. This update is available to be downloaded via Windows Update and WSUS to all the PCs running the version of Windows 10 mentioned above.

Posted by with Tags
Ayush has been a Windows enthusiast since the day he got his first PC with Windows 98SE. He is an active Windows Insider since Day 1 and is now a Windows Insider MVP. He has been testing pre-release services on his Windows 10 PC, Lumia, and Android devices.