Windows Defender Anti-Malware / Anti-Virus Does Not Reliably Update

The ITea Guy

8/22/24, 4:52 PM

Problem: Windows Domain environment with Windows 10 workstations that will not reliably update Windows Defender.

I use ACAS to scan my environment weekly, and every week at least a few of these workstations will report that they have not updated their definitions or signatures in more than one day (more than one day being what the plugin checks for). Sometimes definitions can be a week or more out of date! It is generally a random assortment of machines, all of which have been online and some of which were used between the scan periods, though some are persistent - one I've kept as a demo for troubleshooting is more than two weeks out of date.

I have GPOs set up to tell it where to get updates for this (MicrosoftUpdateServer|InternalDefinitionUpdateServer|WindowsServerUpdateService|MMPC), how often to do it (on startup, which is default, as well as a manual check at 3AM (by policy) every day (default)), and enforcing a 1-day limit before a "catch-up" update is required. There's also a separate policy saying "use Windows Update" but it being turned on or not configured had no impact. None of that has given me reliable updates, though all machines get the policy and apparently some do update reliably enough that ACAS doesn't flag them every time.

If I run the updater manually via Command Line, it is very reliable - the command for this is

MpCmdRun.exe -removedefinitions -dynamicsignatures

followed by

MpCmdRun.exe -SignatureUpdate

This tells me that it can actually get the updates when commanded (evidenced by some machines getting them). I tried to set a GPO to schedule this as a task but while Step 1 completes at 1AM, step 2 always fails at the scheduled time (usually 1:15AM and with a code of 0x2 that leads me nowhere - still can't figure that one out).

I did try pushing these through WSUS as well, with a daily pull and an auto-approval, but the workstations never download the updates - the Windows Update console will notice them, but it hangs at 0% Downloaded forever and can even sometimes apparently stop other updates from getting pulled down on that workstation too.

Has anyone had this sort of unreliable update schedule with Windows Defender? How did you overcome it?

0 + 0

scheduled-task

windows-update

task-scheduler

windows-10

windows-defender

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Windows Defender Anti-Malware / Anti-Virus Does Not Reliably Update

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.