Microsoft Defender Client/Platform v.4.18.25110.3

21 views
Skip to first unread message

Tomas Ulbrich

unread,
Nov 27, 2025, 10:06:27 AM (6 days ago) Nov 27
to ntsysadmin
Good Morning!!

On one of our server we find the Windows Platform/Client Version to be 4.18.25110.3. Which is fine, as we have no seen any issues with it, in performance and whatnot.

BUT the the Service Image Path is lacking quotes, as Qualys, our vulnerability scanner, has identified that as such:

MDCoreSvc
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.3-0\MpDefenderCoreService.exe

Normally we can fix such items in the Registry or using PS.. but it is Defender and is highly protected from alteration. 

Any ideas??


Cheers,
Tomas

Tomas Ulbrich

unread,
Dec 1, 2025, 4:23:42 PM (2 days ago) Dec 1
to ntsysadmin

The Registry Key which has these details are:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDCoreSvc\ImagePath

The data field needs to be enclosed within " " or else it is flagged as a vulnerable item -- Qualys and Tenable notes as such.


IS anyone running Defender Platform version 4.18.25110.3 -- and sees the registry entry w/o the ""? 

Brian Illner

unread,
Dec 2, 2025, 8:11:54 AM (22 hours ago) Dec 2
to ntsys...@googlegroups.com

My system is still on 4.18.25100.9008 and it still has the quotes

 

BRIAN ILLNER

 

Senior Systems Administrator

864.250.9227 Office

864.679.2537 Fax

Canal Insurance Company

101 N. Main Street, Suite 400

Greenville, SC 29601

WARNING:  As the information in this transmittal (including attachments, if any) may contain confidential, proprietary, or business trade secret information, it should only be reviewed by those who are the intended recipients.  Unless you are an intended recipient, any review, use, disclosure, distribution or copying of this transmittal (or any attachments) is strictly prohibited.   If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal.  While Canal believes this transmittal to be free of virus or other defect, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Canal (or its subsidiaries and affiliates) for any loss or damage arising therefrom.

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Tomas Ulbrich
Sent: Monday, December 1, 2025 4:24 PM
To: ntsysadmin <ntsys...@googlegroups.com>
Subject: [ntsysadmin] Re: Microsoft Defender Client/Platform v.4.18.25110.3

 

 

CAUTION: This message was sent from outside of Canal Insurance. Please do not click links or open attachments unless you recognize the source of this email and know the content is safe. Please report all suspicious emails to "inf...@canal-ins.com" as an attachment.

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/c2902415-2eaa-4cd1-8d9f-132eda5c69b5n%40googlegroups.com.

Tomas Ulbrich

unread,
Dec 2, 2025, 11:03:51 PM (7 hours ago) Dec 2
to ntsysadmin
Thanks Brian!! ---- 

Looked the version up. Seems it is listed, though we have not deployed it from SCCM as such, as a Beta/Internal/Current-Channel-Preview edition. Not sure it got on that 1 system.



Reply all
Reply to author
Forward
0 new messages