locked
Windows 8 Defender Showing Hundreds of Needed Definitions After Most Recent Definition Installed RRS feed

  • Question

  • Good morning.  I'm using WSUS to install Defender definition updates on my Win 8 clients.  WSUS shows several hundred of these Defender definitions needed although I have installed the most recent definition file.  Note that WSUS does reflect the installation of the most recent definition file; it just doesn't seem to eliminate the other "older" definition files from the Needed count.

    So, do I need to go back and install these older definition files?  If so, is there one huge cumulative definition file that I can download and manually install to eliminate this backlog?  Or should these numbers be reduced to zero with the application of the most recent definition file, as I would expect to happen?

    Tuesday, January 20, 2015 3:40 PM

Answers

  • WSUS shows several hundred of these Defender definitions needed although I have installed the most recent definition file.  Note that WSUS does reflect the installation of the most recent definition file; it just doesn't seem to eliminate the other "older" definition files from the Needed count.

    This is a known issue. It's caused by the limited number of *superseded* updates that can be listed on the newest update.

    So, do I need to go back and install these older definition files?

    No, you need to *DECLINE* them.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by AnnaWY Monday, February 2, 2015 8:10 AM
    Tuesday, January 20, 2015 7:18 PM
  • I have an upstream for my patches and downstream server for my computers.

    Huh???

    I had always assumed that, if I cleaned up the upstream server, those changes would synchronize with the downstream server.

    Nope.

    Seems reasonable, right?

    I suppose it does if you're making unresearched assumptions about how a product works, but the product documentation is pretty clear on this point. :-)

    I'm going to need to run the clean up on both servers at the beginning of our patch cycle.

    More significantly, you need to make sure that it runs *between* synchronization events on all servers. Running simultaneously is the best approach

    As for "when" to run it, I would suggest at the end of your patch cycle, when all of the installations completed now provide relevant and accurate state information on superseded updates, and you can properly identify the superseded updates that need to be declined.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by AnnaWY Monday, February 2, 2015 8:10 AM
    Wednesday, January 28, 2015 2:24 PM

All replies

  • WSUS shows several hundred of these Defender definitions needed although I have installed the most recent definition file.  Note that WSUS does reflect the installation of the most recent definition file; it just doesn't seem to eliminate the other "older" definition files from the Needed count.

    This is a known issue. It's caused by the limited number of *superseded* updates that can be listed on the newest update.

    So, do I need to go back and install these older definition files?

    No, you need to *DECLINE* them.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by AnnaWY Monday, February 2, 2015 8:10 AM
    Tuesday, January 20, 2015 7:18 PM
  • Thanks for pointing me in the right direction.  I have an upstream for my patches and downstream server for my computers.  I had always assumed that, if I cleaned up the upstream server, those changes would synchronize with the downstream server.  Seems reasonable, right?

    That was a bad assumption on my part.  As it turns out, I ran a clean up on my downstream server suddenly those numbers of outstanding patches for my Windows 8 boxes went way down.  None were showing that they needed old versions of the Defender updates.

    While I had thought that I would only need to only run the clean up on the upstream server, from now on, I'm going to need to run the clean up on both servers at the beginning of our patch cycle.

    Tuesday, January 27, 2015 10:01 PM
  • I have an upstream for my patches and downstream server for my computers.

    Huh???

    I had always assumed that, if I cleaned up the upstream server, those changes would synchronize with the downstream server.

    Nope.

    Seems reasonable, right?

    I suppose it does if you're making unresearched assumptions about how a product works, but the product documentation is pretty clear on this point. :-)

    I'm going to need to run the clean up on both servers at the beginning of our patch cycle.

    More significantly, you need to make sure that it runs *between* synchronization events on all servers. Running simultaneously is the best approach

    As for "when" to run it, I would suggest at the end of your patch cycle, when all of the installations completed now provide relevant and accurate state information on superseded updates, and you can properly identify the superseded updates that need to be declined.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by AnnaWY Monday, February 2, 2015 8:10 AM
    Wednesday, January 28, 2015 2:24 PM