3.14.4 — Update Malicious Code Protection Mechanisms When New Releases Are Available

Your antivirus and anti-malware tools are only as good as their latest definitions. If your signature files are weeks old, you are essentially blind to new threats. Keep protection mechanisms current.

Example 1: In Microsoft Defender Antivirus, verify that automatic definition updates are enabled. Check via GPO: Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates -- ensure Define the number of days before security intelligence is considered out of date is set to 1 day. You can verify definitions are current on any machine by running Get-MpComputerStatus | Select AntivirusSignatureLastUpdated in PowerShell.

Example 2: For environments using a third-party AV like CrowdStrike Falcon or Trellix (formerly McAfee), check the management console to confirm sensor/agent versions are current across all endpoints. In CrowdStrike, go to Host Management > Sensor Update Policy and ensure auto-update is set to the N-1 or Latest channel. Set alerts for any endpoints that have not checked in within 48 hours.