Microsoft Defender Antivirus is also referred to as the “Endpoint Protection” and it is a free malware protection software that comes pre-installed on Windows 10. Previously called Windows Defender, Microsoft Defender Antivirus provides effective but no-frills real-time anti-malware protection for individual devices. If you are using a non-Microsoft antivirus/antimalware product on your device, you might be able to run Microsoft Defender Antivirus in passive mode alongside the non-Microsoft antivirus solution. This depends on the operating system used and whether your device is onboarded to Defender for Endpoint. See the following guide on how to set up a VM via PXE boot on a Generation 1 VM, how to configure DHCP Option 66, 67 to support WDS.and how to set up a VM via PXE boot on a Generation 2 VM.
Microsoft Defender Antivirus is activated by default if no other active antivirus software is detected, and automatically activates when third-party antivirus protection is disabled. Microsoft Defender is part of Microsoft's Windows Security settings. In order to remove the installed (updated Microsoft Defender Antivirus) update from the Windows 10 image (install.wim), please follow the steps below. You may want to see "how to update Microsoft Defender Antivirus into the install image of Windows (install.wim)", and "how to view Microsoft Defender Antivirus update details on Windows 10 image (install.wim)".
Remove Microsoft Defender update on Windows Image
In order to remove in installed (updated Microsoft Defender Antivirus) update from the Windows 10 image (install.wim), please follow the steps below. Launch PowerShell with administrative privilege by right-clicking on it as shown below.
Type the following command to open the directory with the extracted files and hit enter. In the below command, make sure to specify the path of the folder with the extracted files. This command will open the folder with the extracted files.
cd PATH\TO\THE\DEFENDER-UPDATE-KIT cd C:\Users\Christian\Documents\defender-update-kit-x64
Type the following command to rollback the Microsoft Defender Antivirus to its previous version and press Enter:
.\DefenderUpdateWinImage.ps1 -WorkingDirectory "DEFINED_TEMP-LOCATION" -Action RemoveUpdate -ImagePath "PATH\TO\INSTALL.WIM" .\DefenderUpdateWinImage.ps1 -WorkingDirectory "C:\Users\Christian\Documents\Windefprocess" -Action RemoveUpdate -ImagePath "C:\Users\Christian\Documents\Image\install.wim"
In the command, replace the “DEFINED_TEMP-LOCATION” with the path to a folder that the script will use for the process, and make sure to enter the “PATH\TO\THE\INSTALL.WIM” you have just updated in this guide “how to update Microsoft Defender Antivirus into the install image of Windows (install.wim)“. When the script is run, the operation will mount and remove the installed update and dismount it again as shown below.
Once the steps are complete successfully as shown below, the script should remove the recently applied antivirus update on the Windows 10 / Windows Server image you have specified in the command.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.