Forum Discussion

2289820's avatar
2289820
Copper Contributor
Feb 02, 2024

Signature update finished. No updates needed. Co-managed device

I have an issue where Security Intelligence update is being delayed by a number of days and can't figure out why. Currently testing migrating from another AV product to Defender for Endpoint(3rd Par...
Intune
mobile device management (mdm)
abs168's avatar
abs168
Copper Contributor
Sep 09, 2024

2289820The4thLegacyHi we are facing exactly the same issue. Did you or anyone else ever find the issue and where able to fix it?

2289820's avatar
2289820
Copper Contributor
Oct 16, 2024
The only way we could get this working was to deploy a workaround
Set gpo to 0 for define the number of days before virus security intelligence is considered out of date.
This workaround will come with other issues such as end user toast notifications and DFE device health reporting out of date.
If anyone has a better solution please post as I'd be open to changes 😄

Goodluck!! 🙂
  • abs168's avatar
    abs168
    Copper Contributor
    Oct 21, 2024

    2289820 
    We have found some more information on this. We can confirm that the issue is caused by the registry settings in 

    HKLM:\Software\policies\Microsoft\Windows\WindowsUpdate

    There you have 4 keys:

    SetPolicyDrivenUpdateSourceForDriverUpdates 
    SetPolicyDrivenUpdateSourceForFeatureUpdates
    SetPolicyDrivenUpdateSourceForOtherUpdates
    SetPolicyDrivenUpdateSourceForQualityUpdates

    All of which are set to 1 by Configuration Manager if you have Co-Management enabled and the Workloads for Windows Update policies and Office Click-To-Run set to Configuration Manager (or Intune Pilot and the devices having the issues are not in that Pilot collection).
    Setting SetPolicyDrivenUpdateSourceForOtherUpdates to 0, restarting the Windows Update service and triggering the signature Update by any means, instantly updates your signatures. However according to this documentation: https://learn.microsoft.com/en-us/windows/deployment/update/update-other-microsoft-products, this also sets the updates for other products, which for us is a no go.

     

    Currently we are checking if setting the Defender Preference OobeEnableRtpAndSigUpdate to true with PowerShell and rebooting the device fixes the issue.

    Set-MpPreference -OobeEnableRtpAndSigUpdate $true

     This was suggested by MS support. I will get back to you once we have reliable results.

    • ClientAdmin's avatar
      ClientAdmin
      Copper Contributor
      Nov 15, 2024

      Hi abs168

      I just found this thread today because I'm doing some research about this issue. We're also affected by this one. Did you manage to solve it?

      • abs168's avatar
        abs168
        Copper Contributor
        Dec 02, 2024

        Hi ClientAdmin,

        yes, in the end setting 

        Set-MpPreference -OobeEnableRtpAndSigUpdate $true

        did fix the issue. The initial tests did fail because on that device we had a wrong signature fallback order.

Resources