locked
Clients in WSUS at 99% due to Mircosoft Defender updates Not installing RRS feed

  • Question

  • Hello.

     

    Is there anyone out there that can help. I have been looking into this WSUS issue for months now and all I find are people repeating the same fixes that do not solve the issue.

     

    Here is a list of things I have tried:

     

    Checking if BITS is running (aswell as: Wuauserv / Msiserver / CryptSvc)

    Renaming the softwaredistribution folder

    Ran MPCMDRUN.exe /removedefinitions -All & /signatureupdate

    Ran DISM.exe /online /clean-image /restorehealth

    Ran Sfc /scannow

    No point turning off AV as I don’t have any other AV installed

    I don’t want to hide the update as that isn’t solving the issue

     

    I have been trying my upmost to get my Environment fully patched. Most clients have installed 99% of the patches with the exception of a few Microsoft Defender updates:

     

    For server 2012 R2 its:

     

    KB2461484 – Version 1.319.1990.0

    KB2461484 – Version 1.319.1968.0

    KB2461484 – Version 1.319.1962.0

    KB2461484 – Version 1.319.1955.0

    KB2461484 – Version 1.319.1950.0

    KB2461484 – Version 1.319.1939.0

     

     

    And for Server 2016 / Win 10 its:

     

    KB2461484 – Version 1.319.1968.0

    KB2461484 – Version 1.319.1962.0

    KB2461484 – Version 1.319.1955.0

    KB2461484 – Version 1.319.1950.0

     


     


    When I go into the client and run windows update it flashes up with the update and then says it is fully up to date and no updates are available.

    (Why does it flash up and not install? Why does windows says no update needed when WSUS says updates are needed?)

     



    After that I do a wuauclt /reportnow and wsus says 99%

     

    Is this a windows update issue? A WSUS issue? Or an Enpoint protection issue?

     

    Some servers are patched 100% so it tells me there is not anything wrong with WSUS or the updates and the issue must lie on the client its self

     

    Here is what the updates look like in WSUS

     


     

    Sometimes the needed number even drops to 1 and then I run a windows update again and it goes back to needing 4.

     

    I just can’t get my head around it

     

    I feel like the issues lies within Windows defender and it needs to be purged and then reinstalled.

     

    It seems to me like a newer update has installed over the top of the older ones and now it is just failing to install.

    For example:

     

    KB2461484 – Version 1.319.1995.0 – Has installed

     

    So –

     

    KB2461484 – Version 1.319.1990.0

    KB2461484 – Version 1.319.1968.0

    KB2461484 – Version 1.319.1962.0

    KB2461484 – Version 1.319.1955.0 – Can’t install behind it
    Wednesday, July 22, 2020 3:17 PM

All replies

  • Hi Stevemac100,

    Thanks for your posting on this forum.

    Whether you enable the following policy on the clients or not. If not, please apply the policy to the client first.

    [Define the order of source for downloading definition updates]

    Location: Windows components > Windows Defender > Signature updates

    Specifies an update source.  If we do not specify the update source, the clients use the Microsoft Update Server, then Microsoft Malware Protection Center (MMPC), as an update source. 

    Reference picture:




    Regards,
    Rita 


    "WSUS" forum will be migrating to a new home on Microsoft Q&A!
    We invite you to post new questions in the "WSUS" forum's new home on Microsoft Q&A!
    For more information, please refer to the sticky post.

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 23, 2020 2:48 AM
  • Hi Stevemac100,
     
    It seems there is no update for a couple of days. May we know the current status of the problem? Is there any other assistance we can provide?
     
    If you have any questions, please keep us in touch.
     
    Regards,
    Rita

    "WSUS" forum will be migrating to a new home on Microsoft Q&A!
    We invite you to post new questions in the "WSUS" forum's new home on Microsoft Q&A!
    For more information, please refer to the sticky post.

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, July 26, 2020 4:18 AM
  • Hi Rita.

    Thank you for your suggestion. This is my first day back in office so I will give it a go today. Bit un sure what it needs to read. Our WSUS server is called Luna so should it read: Luna | Microsoftupdateserver | MMPC or WSUS | Microsoftupdateserver | MMPC

    also forgot to mention we are not connected to the internet. We get our updates from an upstream server. So do you think this fox would still apply

    Monday, July 27, 2020 10:30 AM
  • Hi Stevemac100,
     
    The clients who get Mircosoft Defender updates from WSUS should apply the policy. If the clients don't apply this policy, the default update source of the Mircosoft Defender updates  is the following path:

    Microsoft Update Server\Microsoft Malware Protection Center (MMPC)
     
    Here is a link for your reference. Please refer the -UpdateSource:
    https://docs.microsoft.com/en-us/powershell/module/defender/update-mpsignature?view=win10-ps

    Regards,
    Rita

    "WSUS" forum will be migrating to a new home on Microsoft Q&A!
    We invite you to post new questions in the "WSUS" forum's new home on Microsoft Q&A!
    For more information, please refer to the sticky post.

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, July 28, 2020 2:45 AM
  • Hi,
     
    It seems there is no update for a couple of days. May we know the current status of the problem? Is there any other assistance we can provide?
     
    If you have any questions, please keep us in touch.
     
    Regards,
    Rita

    "WSUS" forum will be migrating to a new home on Microsoft Q&A!
    We invite you to post new questions in the "WSUS" forum's new home on Microsoft Q&A!
    For more information, please refer to the sticky post.

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 30, 2020 5:45 AM