How to update Microsoft Defender Antivirus into the install image of Windows (install.wim)


Microsoft Defender Antivirus, formerly known as Windows Defender, is an antivirus protection program that’s included with Windows 10. Unlike other antivirus programs like McAfee, Microsoft Defender is free and doesn’t require any additional installation. After the installation of Windows 10, the built-in version of Microsoft Defender Antivirus will download and apply any recent updates automatically. But this process does not happen immediately, thereby leaving the system temporarily vulnerable to attacks during this period. For more information on the differences between ADK, MDT, Microsoft Endpoint Configuration Manager (SCCM), Intune, Autopilot, and WSUS. No bootable media found system halted: Unable to PXE boot WDS to Virtualbox, WDS/DHCP scenarios: How to configure DHCP Server option 60, 66, and 67 for Windows Deployment Services, Uninstall WDS: How to remove Windows Deployment Services role via the GUI and PowerShell.

Therefore, in this guide, I will be showing you how to update the Windows installation image (install.wim) file with the latest security intelligence package available. I have successfully tested this on Windows 10 Enterprise, Pro und Home-Edition and Windows Server 2016 and 2019. Here is a detailed guide on "how to install ADK, MDT, and WDS: How to deploy Windows images via Microsoft Deployment Toolkit and Windows Deployment Services".

The install. wim file (Windows Image File) is a compressed file that contains a set of many files and associated file system metadata and is included in any Windows installation Media under the “sources” folder (sources\install.wim). A boot image is an image we can use to boot a bare-metal system in order to begin the process of installing Windows onto the system. Please see the following guides: Install Wim: How to Add Packages to Windows image the DISM Tool, how to add boot and install images to WDS and configure Multicast transmission via the GUI and WDSUTIL, and What are the differences between Capture image, Discover image, Install and Boot images (Windows PE)

How to update Microsoft Defender on Windows 10 image

To update the Microsoft Defender Antivirus for system installation image, you will need to download the Microsoft Defender kit for the 64-bit version. If you are using 32bits version of Windows 10. You can download this.


Upon download, please extract the

Next, create a temporary location, in my case, I will name it “Windefprocess”


Next, you will have to launch PowerShell, right-click the top result, and select Run administrator.


Type the following command to open the directory with the extracted files and press Enter


Next, type the command to update the Microsoft Defender Antivirus inside a Windows 10 image and press Enter:

.\DefenderUpdateWinImage.ps1 -WorkingDirectory "DEFINED_TEMP-LOCATION" -Action AddUpdate -ImagePath "PATH\TO\INSTALL.WIM" -Package "PATH\TO\DEFENDER\CAB\UPDATE"

.\DefenderUpdateWinImage.ps1 -WorkingDirectory "C:\Users\Christian\Documents\Windefprocess" -Action AddUpdate -ImagePath "C:\Users\Christian\Documents\Image\install.wim" -Package "C:\Users\Christian\Documents\defender-update-kit-x64\

As you can see below, the update has been successfully applied. Now, the PowerShell script will update the Windows 10 image with the most recent platform, engine, and signature version of Microsoft Defender Antivirus as shown below.


I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x