Microsoft Defender Antivirus: Changes to “engine update” support plans

News Informatique

Microsoft Defender Antivirus: Changes to “engine update” support plans

Microsoft Defender Antivirus is rolling out an update to the support plan for the anti-malware scan “engine update” (MpEngine.dll). To align with the current Defender Antivirus platform update, only N-2 versions will be supported.

Reasons:

  • New security intelligence update logic is dependent on newer scan engine logic. Many new detections won’t trigger for customers running an older engine version (such as from 6 months to 2+ years ago).
  • Newer Defender Antivirus platform updates might crash due to an older engine logic that does not comprehend new functionalities such as newer code in a Defender Antivirus platform update that works in unison with the engine update or newer endpoint data loss prevention (DLP) service, and so on.
  • Microsoft wants to ensure you are not running an older scan engine version with a known vulnerability. 

When this will happen:

General Availability : The changes will take effect May 1, 2024.

How this will affect your organization:

To be fully supported, keep current with the latest engine updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest engine version:

  • Security and critical updates servicing phase: When running the latest engine version, you’re eligible to receive security and critical updates to the anti-malware engine.
  • Technical support (only) phase: After a new engine version is released, support for older versions (N-2) reduces to technical support only. Engine versions older than N-2 are no longer supported. Technical support continues to be provided for upgrades from an older engine version to the latest engine version.
    • During the technical support (only) phase, commercially reasonable support incidents are handled through Microsoft Customer Service and Support and Microsoft’s managed support plans (such as Premier Support). If a support incident requires escalation to development teams for further guidance, requires a non-security update, or requires a security update, customers are asked to upgrade to the latest engine version.

What you need to do to prepare:

Please make sure that you have a supported mpengine.dll version installed. Minimum requirements are version 1.1.23110.2, version 1.1.24010.10, or newer.

To check your engine updates version in your environment:

1. In Microsoft Defender for Endpoint Plan 2, Microsoft Defender for Endpoint Plan 1, and Microsoft Defender for Business, go to:Security.microsoft.com > Reports > Endpoints > Device Health > Microsoft Defender Antivirus Health > Antivirus engine version

2. In Microsoft Defender for Endpoint Plan 2 and Microsoft Defender for Business, you can run an Advanced Hunting query and review the results of AVEngineVersion.

Learn more: Microsoft Defender Antivirus security intelligence and product updates | Microsoft Learn

No Comments

Add your comment