Rapid innovation
Since its initial launch in 2016, Microsoft Defender ATP has seen a non-stop progression of new features across prevention, detection, and response capabilities—even expanding into new product categories such as threat vulnerability management, which requires little or no scanning as it uses existing device inventory data.
In December 2017, Defender Antivirus switched to a monthly update model for the product. This allowed for a more rapid release cadence for new features, fixes, and capabilities as releases were no longer tied to Windows. The first version of this monthly update started with 4.12. Windows Server 2016, and simultaneously the first Redstone release of Windows 10 (RS1), shipped with a version starting with 4.10: the same version the latest SCEP client has today, and the reason you need to update the operating system and the antimalware platform to get to the latest versions, which currently start with 4.18.
Windows 10/2016 shipped with new core capabilities, including Exploit Protection, the integration of which was known as the Enhanced Mitigation Experience Toolkit, (EMET), which was a standalone piece of software for earlier Windows versions. The monthly update model facilitated the release of features such as attack surface reduction rules and network protection and really helped to accelerate the evolution of Windows Defender toward an elaborate, feature-rich set of endpoint protection capabilities.
Cold snack
The first monthly updates had a version number starting with 4.12. In 2018, the current versioning format was established, and platform versions started following the 4.18.YYMM format. The engine has been packaged together with definition files since around 2005, and its versioning scheme is the same across all products containing the engine today.
