How to update Microsoft Defender Antivirus into the install image of Windows (install.wim)

Windows Defender update

Microsoft Defender Antivirus, formerly known as Windows Defender, is an antivirus protection program that’s included with Windows 10. Unlike other antivirus programs like McAfee, Microsoft Defender is free and doesn’t require any additional installation. Therefore, in this guide, I will be showing you how to update the Windows installation image (install.wim) file with the latest security intelligence package available. Please see WDS/DHCP scenarios: How to configure DHCP Server option 60, 66, and 67 for Windows Deployment Services, Uninstall WDS: How to remove Windows Deployment Services role via the GUI and PowerShell.

After the installation of Windows 10, the built-in version of Microsoft Defender Antivirus will download and apply any recent updates automatically. But this process does not happen immediately, thereby leaving the system temporarily vulnerable to attacks during this period.

I have successfully tested this on Windows 10 Enterprise, Pro und Home-Edition and Windows Server 2016 and 2019. Here is a detailed guide on “how to install ADK, MDT, and WDS: How to deploy Windows images via Microsoft Deployment Toolkit and Windows Deployment Services“.

Install WIM File

However, The install. wim file (Windows Image File) is a compressed file that contains a set of many files and associated file system metadata and is included in any Windows installation Media under the “sources” folder (sources\install.wim).

Also, see What are the differences between Capture image, Discover image, Install and Boot images (Windows PE). How to fix Action cannot be complete because the computer is open in Wimserv.

Boot WIM File

A boot image is an image we can use to boot a bare-metal system in order to begin the process of installing Windows onto the system.

Please see the following guides: Install Wim: How to Add Packages to Windows image the DISM Tool. How to add boot and install images to WDS and configure Multicast transmission via the GUI and WDSUTIL.

How to update Microsoft Defender on Windows 10 image

To update the Microsoft Defender Antivirus for system installation image. You will need to download the Microsoft Defender kit for the 64-bit version. If you are using 32-bits version of Windows 10. You can download this.

Install.wim modification

Upon download, please extract the as shown below. For more information on the differences between ADK, MDT, Microsoft Endpoint Configuration Manager (SCCM), Intune, Autopilot, and WSUS. No bootable media found system halted: Unable to PXE boot WDS to Virtualbox,

Next, create a temporary location, in my case, I will name it “Windefprocess”

Windows Defender update

Next, you will have to launch PowerShell, right-click the top result, and select Run administrator.

Install.wim modification

Type the following command to open the directory with the extracted files and press Enter


Next, type the command to update the Microsoft Defender Antivirus inside a Windows 10 image and press Enter:

.\DefenderUpdateWinImage.ps1 -WorkingDirectory "DEFINED_TEMP-LOCATION" -Action AddUpdate -ImagePath "PATH\TO\INSTALL.WIM" -Package "PATH\TO\DEFENDER\CAB\UPDATE"
.\DefenderUpdateWinImage.ps1 -WorkingDirectory "C:\Users\Christian\Documents\Windefprocess" -Action AddUpdate -ImagePath "C:\Users\Christian\Documents\Image\install.wim" -Package "C:\Users\Christian\Documents\defender-update-kit-x64\

Furthermore, As you can see below, the update has been successfully applied. Now, the PowerShell script will update the Windows 10 image with the most recent platform, engine, and signature version of Microsoft Defender Antivirus as shown below.

Here are some exciting guides: How to remove Microsoft Defender update on Windows 10 and Windows Server image, MDT accidental OS deletion: Mistakenly deleted your Operating Systems over Microsoft Deployment Toolkit, and how to fix “Error 0xc1420127: The specified image in the specified wim is already mounted for read and write access


I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x