locked
WSUS and Windows Defender Definition Update Issue RRS feed

  • Question

  • Hello,

    I run the WSUS service and have someone with a Windows Server 2019 box that is running Windows Defender and when they run updates they are able to get all other Windows Updates but the Definition Updates for Defender constantly fail with 80248007. We have tried updating from Windows Update and from within Defender. 

    On the WSUS Server, the Definition Updates are approved for Install, and I was able to view the logs on the 2019 Server and it appeared the updates were downloading then failing to install. I have had them manually install the definition updates and they work fine. We have tried everything I can think of like resetting windows updates, removing his box from the WSUS server, removing and reinstalling defender and they still fail. I have attempted to go through a number of different TechNet forums to help resolve this issue.

    am now at a loss of how to proceed with getting him fixed. Has anyone ever come across this? Are there any suggestions on how to fix?

    Thanks,

    Ryan

    Monday, July 8, 2019 12:34 PM

All replies

  • Hi Ryan,
      

    The following article has detailed troubleshooting steps for the definition update issues for Windows Defender. Please check if you have performed the steps mentioned in it: "How to troubleshoot definition update issues for Windows Defender".
      

    Hope the above can help you.
      

    Regards,
    Yic


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, July 9, 2019 1:58 AM
  • Hi Yic,

    We have tried the above steps as well. The manual install works just fine but then when a new signature is released it still does not update.

    Thanks,

    Ryan

    Wednesday, July 10, 2019 6:19 PM
  • Hi Ryan,
     

    I may need to know some information. Can these Windows Server 2019 servers have direct access to the Internet?
    Looking forward to your reply.
     

    Regards,
    Yic


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 12, 2019 3:04 AM
  • They do not have direct access to the internet. It might be possible but I would have to check with the client to ask if they are able to make any firewall changes to allow that.

    Thanks,

    Ryan

    Tuesday, July 16, 2019 12:40 PM
  • Hi Ryan,
      

    Please consider adjusting the related group policies so that these clients configure WSUS as the first update source. This article describes the methods: "Manage the sources for Windows Defender Antivirus protection updates", and perform the modifications mentioned in the "Use Group Policy to manage The update location" section.
      

    After synchronizing the updated GPO, run the following command on the client computer to check whether the feedback of the command prompt window is successful:
      

    Gpupdate /force
    cd %ProgramFiles%\Windows Defender MpCmdRun.exe -removedefinitions -dynamicsignatures MpCmdRun.exe -SignatureUpdate
       
    Hope the above can help you.

       

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, July 17, 2019 6:41 AM
  • Sorry for the delay, I have been on vacation.

    All of these steps have been attempted previously and does not work. The only thing we can seem to get working is manually downloading and installing the signature. On the WSUS Server I see the updates downloading and indicating as ready to install. Now I am getting multiple reports that this issue is occurring on other systems.

    I am at a loss.

    Thanks,

    Ryan

    Thursday, July 25, 2019 10:32 PM
  • Ryan

    Did you get any further with this?

    I think i am in similar boat with you. On Server 2019 environment. Using Auto approval rule to download the definition updates. They come down to the server fine, but just sits there pending install.

    I am using the policy "allow automatic updates immediate installation" as enabled. However, that is not making any difference. What has made it work was to unconfigure the policy "Configure Auto update". I previously had it configured with (3 - Auto download and notify for install). So the defender updates now self install fine... just that patching is now not working... doh

    DM


    DM

    Tuesday, March 3, 2020 4:55 AM