Avatar
Kevin Beaumont 2y ago

I noticed a change in how Microsoft deliver Defender AV updates - on Thursday July 27th 2023 in the AM, they pushed out a file called C:\Windows\SoftwareDistribution\Download\Install\MpSigStub.exe via Windows Update.

This wrote a new file out,

C:\Windows\System32\MpSigStub.exe

That triggers a few times a day, like this:

C:\Windows\system32\MpSigStub.exe /stub 1.1.23080.1001 /payload 1.393.1547.0 /MpWUStub /program C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe ANTIMALWARE /q

Reply to this note

Please Login to reply.

Discussion

No replies yet.