Forum Discussion
Solved
Access denied error when updating Microsoft Defender from Fileshare
I read this document: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus?view=o365-worldwide and I created a share on a VM calle...
- We did, but we had to update MS Defender to the absolute latest version during the image build process. We used this process here: https://support.microsoft.com/en-us/topic/microsoft-defender-update-for-windows-operating-system-installation-images-1c89630b-61ff-00a1-04e2-2d1f3865450d
We also found that once it is working - if you set the update path post windows install it works, but says something like "it won't take effect until restart"... So I had to change that option during image build using a ps script:
Set-MpPreference -SharedSignaturesPath \\csabots2019\wdav-update - then reboot before sysprep.
Bottom line - the MS doc on how to do this is woefully incomplete.
Did you ever get this to work? If so, what did you have to change? It worked in my QA environment for a few days after adding "Domain Computers" to the Share/NTFS rights, but now is refusing to update again with no changes made, and I see the same errors as you.
- We did, but we had to update MS Defender to the absolute latest version during the image build process. We used this process here: https://support.microsoft.com/en-us/topic/microsoft-defender-update-for-windows-operating-system-installation-images-1c89630b-61ff-00a1-04e2-2d1f3865450d
We also found that once it is working - if you set the update path post windows install it works, but says something like "it won't take effect until restart"... So I had to change that option during image build using a ps script:
Set-MpPreference -SharedSignaturesPath \\csabots2019\wdav-update - then reboot before sysprep.
Bottom line - the MS doc on how to do this is woefully incomplete.- Funny, after I replied that's exactly what I found - the required reboot before changes took effect. I didn't want to bake those settings into my image, but here we are. I baked them in via PowerShell just like you have, and since doing that, updates have been working flawlessly.
NickPanaccio Nice! I should add we're just using configmgr to make the reference vdi image - so it was pretty simple to add another reboot.