MicrosoftIs it not the case that the MDE defender specific proxy is used for MDE telemetry only and not signature updates?
Therefore you must also consider an offline method for sig updates too, as if you are reliant on Microsoft Update/MMPC for access to sig updates, the update engine still utilises the system proxy/default gateway.
MicrosoftYou are correct, but you can configure the squid proxy as your system proxy or use advanced options outlined below.
Microsoft Defender Antivirus doesn't use the static proxy to connect to Windows Update or Microsoft Update for downloading updates. Instead, it uses a system-wide proxy if configured to use Windows Update, or the configured internal update source according to the configured fallback order. If necessary, you can use Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define proxy auto-config (.pac) for connecting to the network. If you need to set up advanced configurations with multiple proxies, use Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define addresses to bypass proxy server and prevent Microsoft Defender Antivirus from using a proxy server for those destinations.
You can use PowerShell with the Set-MpPreference cmdlet to configure these options:
For more, see this documentation: Configure your devices to connect to the Defender for Endpoint service using a proxy - Microsoft Defender for Endpoint | Microsoft Learn
