Microsoft Defender Antivirus: Changes to “engine update” support plans

Originally posted by Microsoft Mar 12, 2024 Uncategorized 0 Comments

Microsoft Defender Antivirus is changing its support plan for the anti-malware scan “engine update” (MpEngine.dll) to only support N-2 versions. This is due to new security intelligence update logic being dependent on newer scan engine logic, and to ensure customers are not running an older scan engine version with a known vulnerability. The changes will take effect on May 1, 2024. To be fully supported, keep current with the latest engine updates. Minimum requirements are version 1.1.23110.2, version 1.1.24010.10, or newer.

Microsoft Defender Antivirus is rolling out an update to the support plan for the anti-malware scan “engine update” (MpEngine.dll). To align with the current Defender Antivirus platform update, only N-2 versions will be supported.

Reasons:

  • New security intelligence update logic is dependent on newer scan engine logic. Many new detections won’t trigger for customers running an older engine version (such as from 6 months to 2+ years ago).
  • Newer Defender Antivirus platform updates might crash due to an older engine logic that does not comprehend new functionalities such as newer code in a Defender Antivirus platform update that works in unison with the engine update or newer endpoint data loss prevention (DLP) service, and so on.
  • We want to ensure you are not running an older scan engine version with a known vulnerability. 

When this will happen:

General Availability (Worldwide, GCC, GCC High, DoD, USNat, and USSec): The changes will take effect May 1, 2024.

How this will affect your organization:

To be fully supported, keep current with the latest engine updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest engine version:

What you need to do to prepare:

Please make sure that you have a supported mpengine.dll version installed. Minimum requirements are version 1.1.23110.2, version 1.1.24010.10, or newer.

To check your engine updates version in your environment:

1. In Microsoft Defender for Endpoint Plan 2, Microsoft Defender for Endpoint Plan 1, and Microsoft Defender for Business, go to:

  • Security and critical updates servicing phase: When running the latest engine version, you’re eligible to receive security and critical updates to the anti-malware engine.
  • Technical support (only) phase: After a new engine version is released, support for older versions (N-2) reduces to technical support only. Engine versions older than N-2 are no longer supported. Technical support continues to be provided for upgrades from an older engine version to the latest engine version.
    • During the technical support (only) phase, commercially reasonable support incidents are handled through Microsoft Customer Service and Support and Microsoft’s managed support plans (such as Premier Support). If a support incident requires escalation to development teams for further guidance, requires a non-security update, or requires a security update, customers are asked to upgrade to the latest engine version.
Security.microsoft.com > Reports > Endpoints > Device Health > Microsoft Defender Antivirus Health > Antivirus engine version

2. In Microsoft Defender for Endpoint Plan 2 and Microsoft Defender for Business, you can run an Advanced Hunting query and review the results of AVEngineVersion.

Learn more: Microsoft Defender Antivirus security intelligence and product updates | Microsoft Learn

Message ID: MC732103

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: