Merge branch 'security-score-update' of https://github.com/limwainstein/defender-docs-pr into security-score-update

limwainstein · limwainstein · commit 3c19ae742afb · 2025-10-22T17:02:40.000+03:00
diff --git a/defender-endpoint/microsoft-defender-antivirus-updates.md b/defender-endpoint/microsoft-defender-antivirus-updates.md
@@ -101,82 +101,6 @@ Updates contain:
 
 Improved Defender update reliability by allowing non-admin processes to trigger shared signature updates, reducing unnecessary privilege requirements.
 
-### July-2025 (Platform: 4.18.25070.5 | Engine: 1.1.25070.4)
-
-- Security intelligence update version: **1.435.11.0**
-- Release date:  **August 5, 2025 (Engine) / August 6, 2025 (Platform)**
-- Platform: **4.18.25070.5**
-- Engine: **1.1.25070.4**
-- Support phase: **Security and Critical Updates**
-
-#### What's new
-
-- Enhanced Passive Mode Scanning Behavior
-When Microsoft Defender is in Passive mode, an Antivirus scan will not occur after a signature update , unless specifically set in the policy setting DisableScanOnUpdate.
-- Improved Tamper Protection Handling
-Optimized the configuration process for Tamper Protection in multi-threaded environments to ensure more reliable behavior.
-- Digital Signature Verification Performance Boost
-Enhanced the efficiency of digital signature verification to improve overall system performance.
-- Refined ASR Rule Exclusion Processing
-Refined exclusion processing and resolved false positives for the Attack Surface Reduction (ASR) rule: Block Office applications from injecting code into other processes.
-
-
-### June-2025 (Platform: 4.18.25060.7 | Engine: 1.1.25060.6)
- 
-- Security intelligence update version: **1.433.2.0**
-- Release date:  **July 22, 2025 (Engine)** / **July 22, 2025 (Platform)**
-- Platform: **4.18.25060.7**
-- Engine: **1.1.25060.6**
-- Support phase: **Security and Critical Updates**
- 
-#### What's new
-
-- Added filtering to improve scan stability and prevent engine crashes
-- Additional performance improvements to prevent concurrent scans. This change ensures that if a quick or full scan is already running, no additional quick or full scan scans are initiated from `MpCmdRun` or Powershell (`Start-Scan`).
-- Resolved the issue where subfolder exclusions were not being honored in Microsoft Defender Antivirus scans related to non-Microsoft SIEM solutions. This fix ensures that specified subfolders are now correctly excluded from scans, preventing unnecessary detections and improving overall system performance.
-
-### May-2025 (Platform: 4.18.25050.5 | Engine: 1.1.25050.6)
-
-- Security intelligence update version: **1.431.19.0**
-- Release date:  **June 13, 2025 (Engine)** / **June 13, 2025 (Platform)**
-- Platform: **4.18.25050.5**
-- Engine: **1.1.25050.6**
-- Support phase: **Security and Critical Updates**
-
-#### What's new
-
-- Windows multisession SKUs are now properly classified as client SKUs for signature versioning
-- `EnableDynamicSignatureDroppedEventReporting` configuration is now available in Intune (see [Event ID 2011](/defender-endpoint/troubleshoot-microsoft-defender-antivirus#event-id-2011))
-- The display name and description is now displayed correctly for the [device control](/defender-endpoint/device-control-overview) filter driver in Windows services
-- Improved performance for kernel driver
-- Improvements to [network protection](/defender-endpoint/network-protection#overview-of-network-protection) performance related to packet loss during high network utilization
-- Reliability improvements to network protection during service shutdown
-- Enriched [Event ID 1000](/defender-endpoint/troubleshoot-microsoft-defender-antivirus#event-id-1000) to include `ScanOnlyIfIdle` and scan priority
-- Improved device control Windows Portal Device (WPD) device discovery in File explorer. (For more information about device control, see [Device control policy samples and scenarios](/defender-endpoint/device-control-overview#device-control-policy-samples-and-scenarios).)
-- Resolved discrepancy in [device health reports](/defender-endpoint/device-health-reports) between signature publish and signature install date and time
-- Performance improvements when scanning files/folders with extended attributes
-- Reliability improvement in the Defender kernel driver to avoid crashing when there's excessive disk input/output
-- Added exponential backoff support to Core Service 1DS manager telemetry module to address memory consumption and DNS flooding issues
-
-### April-2025 (Platform: 4.18.25040.2 | Engine: 1.1.25040.1)
-
-- Security intelligence update version: **1.429.3.0**
-- Release date:  **May 14, 2025 (Engine)** / **May 22, 2025 (Platform)**
-- Platform: **4.18.25040.2**
-- Engine: **1.1.25040.1**
-- Support phase: **Security and Critical Updates**
-
-#### What's new
-
-- Fixed TVM Block where we failed to block a trusted file
-- Fixed Microsoft Defender platform update timestamp to reflect the actual update time.
-- The [1002 event](/defender-endpoint/troubleshoot-microsoft-defender-antivirus#event-id-1002) (An anti-malware scan was stopped before it finished) now includes details of the stop reason.
-- Added more details to the [1000 event](/defender-endpoint/troubleshoot-microsoft-defender-antivirus#event-id-1000) (Scan started), like scan trigger and scan on idle.
-- Improved attack surface reduction file processing to correctly handle ["allow" Indicators of Compromise](/defender-endpoint/indicators-overview) (IoCs).
-- Improvement in health reporting for machines that are rebooted or hibernated.
-- Improved performance for [Smart App Control](/windows/apps/develop/smart-app-control/overview) (SAC) trusted file handling.
-- Improved [device control](/defender-endpoint/device-control-overview) logic for offline printers.
-
 ### Previous version updates: Technical upgrade support only
 
 After a new package version is released, support for the previous two versions is reduced to technical upgrade support only. For more information about previous versions, see [Microsoft Defender Antivirus updates: Previous versions for technical upgrade support](msda-updates-previous-versions-technical-upgrade-support.md).
diff --git a/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support.md b/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support.md
@@ -28,6 +28,94 @@ Microsoft regularly releases [security intelligence updates and product updates
 
 ## Engine and platform updates
 
+### July-2025 (Platform: 4.18.25070.5 | Engine: 1.1.25070.4)
+
+- Security intelligence update version: **1.435.11.0**
+
+- Release date:  **August 5, 2025 (Engine) / August 6, 2025 (Platform)**
+
+- Platform: **4.18.25070.5**
+
+- Engine: **1.1.25070.4**
+
+- Support phase: **Technical upgrade support (only)**
+
+What's new
+
+- Enhanced Passive Mode Scanning Behavior When Microsoft Defender is in Passive mode, an Antivirus scan will not occur after a signature update , unless specifically set in the policy setting DisableScanOnUpdate.
+- Improved Tamper Protection Handling Optimized the configuration process for Tamper Protection in multi-threaded environments to ensure more reliable behavior.
+- Digital Signature Verification Performance Boost Enhanced the efficiency of digital signature verification to improve overall system performance.
+- Refined ASR Rule Exclusion Processing Refined exclusion processing and resolved false positives for the Attack Surface Reduction (ASR) rule: Block Office applications from injecting code into other processes.
+
+
+### June-2025 (Platform: 4.18.25060.7 | Engine: 1.1.25060.6)
+
+- Security intelligence update version: **1.433.2.0**
+
+- Release date:  **July 22, 2025 (Engine)** / **July 22, 2025 (Platform)**
+
+- Platform: **4.18.25060.7**
+
+- Engine: **1.1.25060.6**
+
+- Support phase: **Technical upgrade support (only)**
+
+What's new
+
+- Added filtering to improve scan stability and prevent engine crashes
+- Additional performance improvements to prevent concurrent scans. This change ensures that if a quick or full scan is already running, no additional quick or full scan scans are initiated from `MpCmdRun` or Powershell (`Start-Scan`).
+- Resolved the issue where subfolder exclusions were not being honored in Microsoft Defender Antivirus scans related to non-Microsoft SIEM solutions. This fix ensures that specified subfolders are now correctly excluded from scans, preventing unnecessary detections and improving overall system performance.
+
+### May-2025 (Platform: 4.18.25050.5 | Engine: 1.1.25050.6)
+
+- Security intelligence update version: **1.431.19.0**
+
+- Release date:  **June 13, 2025 (Engine)** / **June 13, 2025 (Platform)**
+
+- Platform: **4.18.25050.5**
+
+- Engine: **1.1.25050.6**
+
+- Support phase: **Technical upgrade support (only)**
+
+What's new
+
+- Windows multisession SKUs are now properly classified as client SKUs for signature versioning
+- `EnableDynamicSignatureDroppedEventReporting` configuration is now available in Intune (see [Event ID 2011](/defender-endpoint/troubleshoot-microsoft-defender-antivirus#event-id-2011))
+- The display name and description is now displayed correctly for the [device control](/defender-endpoint/device-control-overview) filter driver in Windows services
+- Improved performance for kernel driver
+- Improvements to [network protection](/defender-endpoint/network-protection#overview-of-network-protection) performance related to packet loss during high network utilization
+- Reliability improvements to network protection during service shutdown
+- Enriched [Event ID 1000](/defender-endpoint/troubleshoot-microsoft-defender-antivirus#event-id-1000) to include `ScanOnlyIfIdle` and scan priority
+- Improved device control Windows Portal Device (WPD) device discovery in File explorer. (For more information about device control, see [Device control policy samples and scenarios](/defender-endpoint/device-control-overview#device-control-policy-samples-and-scenarios).)
+- Resolved discrepancy in [device health reports](/defender-endpoint/device-health-reports) between signature publish and signature install date and time
+- Performance improvements when scanning files/folders with extended attributes
+- Reliability improvement in the Defender kernel driver to avoid crashing when there's excessive disk input/output
+- Added exponential backoff support to Core Service 1DS manager telemetry module to address memory consumption and DNS flooding issues
+
+### April-2025 (Platform: 4.18.25040.2 | Engine: 1.1.25040.1)
+
+- Security intelligence update version: **1.429.3.0**
+
+- Release date:  **May 14, 2025 (Engine)** / **May 22, 2025 (Platform)**
+
+- Platform: **4.18.25040.2**
+
+- Engine: **1.1.25040.1**
+
+- Support phase: **Technical upgrade support (only)**
+
+What's new
+
+- Fixed TVM Block where we failed to block a trusted file
+- Fixed Microsoft Defender platform update timestamp to reflect the actual update time.
+- The [1002 event](/defender-endpoint/troubleshoot-microsoft-defender-antivirus#event-id-1002) (An anti-malware scan was stopped before it finished) now includes details of the stop reason.
+- Added more details to the [1000 event](/defender-endpoint/troubleshoot-microsoft-defender-antivirus#event-id-1000) (Scan started), like scan trigger and scan on idle.
+- Improved attack surface reduction file processing to correctly handle ["allow" Indicators of Compromise](/defender-endpoint/indicators-overview) (IoCs).
+- Improvement in health reporting for machines that are rebooted or hibernated.
+- Improved performance for [Smart App Control](/windows/apps/develop/smart-app-control/overview) (SAC) trusted file handling.
+- Improved [device control](/defender-endpoint/device-control-overview) logic for offline printers.
+
 ### March-2025 (Platform: 4.18.25030.2 | Engine 1.1.25030.1)
 
 - Security intelligence update version: **1.427.3.0**
