locked
Windows Defender Updates to Windows Server 2016 takes up to 5 days. RRS feed

  • Question

  • Hi There,

    • Our WSUS server is set to check for updates 6 times a day.
    • Client Servers are set to check for updates every hour.
    • Over 100 servers each month fall into a situation where the definitions get very old (3-5 days).
    • 99% of the servers are running Windows Server 2016.
    • Our FedRamp certification depends on keeping virus definitions within 24 hours. Is there an elegant way to fix it?

    Thanks!
    Scott


    SuperSquatch

    Wednesday, July 24, 2019 6:25 PM

All replies

  • Hi Scott,
      

    I seem to find what you said in my environment. The client with the update source only 'InternalDefinitionUpdateServer' has not updated the security intelligence of Windows Defender for several days. However, the update source includes the clients of 'MicrosoftUpdateServer' and 'MMPC', all of which have received newer security intelligence.
      

    I am still not sure why this is the case and I have not found the right article support. But for reference, the following methods seem to be able to cope with the problems that are currently encountered:
      

    1. Add the following source to the signature update source for Windows Defender Antivirus:
      - MicrosoftUpdateServe
      - MMPC
      This article mentions the specific method of operation: "Manage the sources for Windows Defender Antivirus protection updates"
        
    2. Manually download and install the latest security intelligence. Please read this article for reference: "Security intelligence updates for Windows Defender Antivirus and other Microsoft antimalware"
        

    I will continue to pay attention to this situation.
    If you have any findings, very welcome to share them with us.
      

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 25, 2019 2:28 AM