Microsoft Defender for Endpoint definition out of dated

Question

Hi all,&nbsp;Some devices that connected to internet can't get update AV signature, I trying to forced security intelligence from GPO but can't latest definition update. Please advise solution to resolve MDE can't automatically get definition update of (security intelligence, AV engine, AV platform update).&nbsp;Thank you!

jonhed · Answer

Could you give some additional info on the updates sources for security intelligence you setup in the GPO, and also how you manage general OS updates? (Windows Update? SCCM?)

Security intelligence and AV engine will be updated from the source you choose in GPO,
and AV platform updates will be retrieved as an OS update from Windows Update etc.

ny_dina · Answer

Jonhed&nbsp;Thank you Jonh for advise, Please kindly below path of GPO has configuredGPO: Computer Configuration\Policies\Windows Components\Microsoft Defender for Antivirus\Security Intelligence Updates&nbsp;Please kindly see details as attached pictures. And also advise if missing policy not configure.&nbsp;Thank you,

jonhed · Answer

Ok, so you are running the default sources.
Can't remember what those are, so could you run "Get-MpPreference" in powershell and check the value of "SignatureFallbackOrder" is?

Also, what happens if you try to run a manual update from the security center on one of the affected pcs? Do you get some sort of error code?

ny_dina · Answer

In powershell "Get-MpPreference" I got "SignatureFallbackOrder" is "MicrosoftUpdateServer | MMPC"Manual update also got failed Microsoft defender antivirus definition update. And error code is (0x80244018).Thank you

jonhed · Answer

Could be a network problem then.Do you have a proxy in your environmentIf you do are all the required URLs allowed, and have you setup defender to use said proxy?

Forum Discussion

Microsoft Defender for Endpoint definition out of dated

7 Replies

Resources