Forum Discussion

Cloud0009's avatar
Cloud0009
Copper Contributor
Nov 09, 2022

GPO to auto update defender AV platform version on windows servers

We have 1200+ windows servers (2012R2, 2016 and 2019) and all the servers are on boarded to MDE however when checking defender AV platform version report on security portal, I can see all servers are running on different defender AV platform versions. tried to find any GPO steps which I can create to make sure all the servers gets defender AV platform updates automatically however could not find any GPO way to achieve this. We are not managing servers by SCCM or WSUS update hence GPO is the only way forward for us.

During my own research I found that MS releases defender AV platform update under KB4052623 but could not get any way to make sure this get installed automatically on all the servers.

 

  • Jonhed's avatar
    Jonhed
    Steel Contributor

    Cloud0009 

    Platform updates are received via Windows Update/Microsoft Update along with all other OS updates, so I think the only easy option here is to configure automatic updates for the whole OS.

     

    If you do not want this to happen, I guess you might be able to configure some sort of script to download said KB and install, but not sure if there is a download link that does not change every month.

    Also do note that 2012R2 and 2016 has sensor updates on top of Platform/Intelligence updates.

    (listed as the product Defender for Endpoint in Microsoft Update catalog)

    • Cloud0009's avatar
      Cloud0009
      Copper Contributor
      Thank you for the response on this however I wanted to clarify below:
      When I pull Defender AV report from endpoint manager portal I can see all my devices running on different platforms and versions of defender AV as below:

      AntiMalwareVersion EngineVersion SignatureVersion
      4.18.2210.5 1.1.19800.4 1.379.114.0
      4.18.2209.7 1.1.19700.3 1.377.735.0
      4.18.2210.5 1.1.19800.4 1.379.114.0
      4.18.2111.5 1.1.18800.4 1.355.2057.0
      4.18.2210.5 1.1.19800.4 1.379.114.0
      4.18.2203.5 1.1.19200.5 1.363.1631.0
      4.18.2201.10 1.1.18900.3 1.359.1176.0
      4.18.2111.5 1.1.18800.4 1.355.2104.0
      4.18.2210.5 1.1.19800.4 1.379.114.0
      4.18.2207.7 1.1.19600.3 1.375.670.0
      4.18.2210.5 1.1.19800.4 1.379.122.0
      4.18.2001.10 0.0.0.0 0.0.0.0
      4.18.2210.5 1.1.19800.4 1.379.122.0
      4.18.2210.5 1.1.19800.4 1.379.114.0
      4.18.2210.5 1.1.19800.4 1.379.71.0
      4.18.2210.5 1.1.19800.4 1.379.134.0
      4.18.2111.5 1.1.18800.4 1.355.738.0
      4.18.2104.10 1.1.17300.4 1.321.69.0
      4.18.2210.5 1.1.19800.4 1.379.114.0
      Hence wanted to know how can we make sure all our endpoints and servers (on barded to MDE) are getting latest updates.
      If there there is any GPO way by which we can push all the defender AV updates (antimalware, signature and version) to all the servers?

Resources