Microsoft Defender Antivirus: Changes to “engine update” support plans
Microsoft Defender Antivirus is rolling out an update to the support plan for the anti-malware scan “engine update” (MpEngine.dll). To align with the current Defender Antivirus platform update, only N-2 versions will be supported.
Reasons:
- New security intelligence update logic is dependent on newer scan engine logic. Many new detections won’t trigger for customers running an older engine version (such as from 6 months to 2+ years ago).
- Newer Defender Antivirus platform updates might crash due to an older engine logic that does not comprehend new functionalities such as newer code in a Defender Antivirus platform update that works in unison with the engine update or newer endpoint data loss prevention (DLP) service, and so on.
- Microsoft wants to ensure you are not running an older scan engine version with a known vulnerability.
When this will happen:
General Availability : The changes will take effect May 1, 2024.
How this will affect your organization:
To be fully supported, keep current with the latest engine updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest engine version:
- Security and critical updates servicing phase: When running the latest engine version, you’re eligible to receive security and critical updates to the anti-malware engine.
- Technical support (only) phase: After a new engine version is released, support for older versions (N-2) reduces to technical support only. Engine versions older than N-2 are no longer supported. Technical support continues to be provided for upgrades from an older engine version to the latest engine version.
- During the technical support (only) phase, commercially reasonable support incidents are handled through Microsoft Customer Service and Support and Microsoft’s managed support plans (such as Premier Support). If a support incident requires escalation to development teams for further guidance, requires a non-security update, or requires a security update, customers are asked to upgrade to the latest engine version.
What you need to do to prepare:
Please make sure that you have a supported mpengine.dll version installed. Minimum requirements are version 1.1.23110.2, version 1.1.24010.10, or newer.
To check your engine updates version in your environment:
1. In Microsoft Defender for Endpoint Plan 2, Microsoft Defender for Endpoint Plan 1, and Microsoft Defender for Business, go to:Security.microsoft.com > Reports > Endpoints > Device Health > Microsoft Defender Antivirus Health > Antivirus engine version
2. In Microsoft Defender for Endpoint Plan 2 and Microsoft Defender for Business, you can run an Advanced Hunting query and review the results of AVEngineVersion.
Learn more: Microsoft Defender Antivirus security intelligence and product updates | Microsoft Learn
No Comments