Definition updates for Windows Defender Antivirus and other Microsoft antimalware

Microsoft continually updates its antimalware definitions to cover the latest threats and to constantly tweak detection logic, enhancing the ability of antimalware solutions to accurately identify threats.

Automatic updates

To help ensure your antimalware solution detects the latest threats, you should always use the latest definitions. Your antimalware product should be set to automatically get updates. Windows Defender Antivirus gets updates as part of Windows Update. If you are having problems with Windows Update, use the troubleshooter.

If you don't already have Windows Defender Antivirus or other Microsoft antimalware or you want to reinstall it, see our threat protection catalog.

Trigger an update

A manually triggered update immediately downloads and applies the latest definitions. This process might also address problems with automatic updates.

Windows Defender Antivirus and other Microsoft antimalware solutions provide a way to manually trigger an update. In Windows 10, select Check for updates in the Windows Defender Security Center Protection updates screen to check for the latest definitions.

Windows Defender Security Center Protection updates screen
Windows Defender Security Center Protection updates screen

Enterprise administrators can also push updates to endpoints in their network. To clear the definitions cache and trigger an update, use a batch script to run the following commands as an administrator:

      cd %ProgramFiles%\Windows Defender
      MpCmdRun.exe -removedefinitions -dynamicsignatures
      MpCmdRun.exe -SignatureUpdate

Manually download and install the definitions

You can manually download the latest definitions or pre-release definitions.

Latest definitions

The latest antimalware definitions file is as follows:

  • Version: 1.261.1406.0
  • Released: Feb 14,2018 06:30 AM UTC
  • Documentation: Release notes

You need to download different definition files for different products and platforms. Select the version that matches your Windows operating system or the environment where you will use the definitions.

Windows Defender Antivirus for Windows 10 and Windows 8.132-bit | 64-bit | ARM
Microsoft Security Essentials32-bit | 64-bit
Windows Defender in Windows 7 and Windows Vista32-bit | 64-bit
Microsoft Diagnostics and Recovery Toolset (DaRT) 32-bit | 64-bit
Forefront Server Security32-bit | 64-bit
Forefront Endpoint Protection32-bit | 64-bit
System Center 2012 Configuration Manager32-bit | 64-bit
System Center 2012 Endpoint Protection32-bit | 64-bit
Windows Intune32-bit | 64-bit

The links point to an executable file named mpam-fe.exe, mpam-feX64.exe, or mpas-fe.exe (used by older antispyware solutions). Simply launch the file to manually install the latest definitions.

End of life for Microsoft Forefront Client Security was on July 14, 2015. Customers are encouraged to migrate to System Center Endpoint Protection. For more information, visit the Microsoft support lifecycle website.

Pre-release definitions

Pre-release definitions are partially tested definitions that can be installed manually only. They include the newest publicly available definitions.

NOTE: Using pre-release definitions can result in incorrect detections and other unexpected results. Use these definitions with caution.

Network Inspection System updates

The following products leverage Network Inspection System (NIS) updates:

  • Microsoft Security Essentials
  • Forefront Endpoint Protection
  • System Center 2012 Endpoint Protection

These updates are designed to protect you from network threats, including exploits as they are transmitted. Check the version of the Antimalware Client component on your security software and download the right version of the NIS updates for your platform.

4.1.522.0 and newerNetwork Real-time Inspection definitions32-bit | 64-bit
Latest news