Forum Discussion
Defender not updating - ValidateMapsConnection failed to establish a connection to MAPS
Microsoft Defender is not updating. When I click "Check for updates" in the window "Windows Security / Virus & threat protection" under "Virus & threat protection updates", Defender searches for updates forever but also immediately shows me the message "Security intelligence is up to date.". Problem is that's not true an this message appears even if my definitions ar weeks old.
I ran
MpCmdRun.exe -ValidateMapsConnection
as documented on https://learn.microsoft.com/de-de/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus?view=o365-worldwide
ValidateMapsConnection failed to establish a connection to MAPS (hr=80070057 httpcode=451) CmdTool: Failed with hr = 0x80070057. Check C:\Users\<USERNAME>\AppData\Local\Temp\MpCmdRun.log for more information
the logfile looks like this:
MpEnsureProcessMitigationPolicy: hr = 0x1 ValidateMapsConnection ValidateMapsConnection failed to establish a connection to MAPS (hr=80070057 httpcode=451) MpCmdRun.exe: hr = 0x80070057.
I already tried the following steps without success:
- manual update with files from https://www.microsoft.com/en-us/wdsi/definitions/
- trigger update in command line
- reset Defender with "MpCmdRun.exe -RemoveDefinitions -All" and restart
- sfc/scannow
- firewall deactivated
- Resetting Windows Updates Components (Method 6 from https://appuals.com/definition-update-for-windows-defender-fails-with-error-0x80070643/
- ...other things
I don't have a 3rd party AV.
Any solutions? Is there a way I can do a ping to find out if I can connect to the update-server?
5 Replies
baumwe
We had a similar issue. This fixed it for us:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-worldwide#configure-a-static-proxy-for-microsoft-defender-antivirusSpecifically this bit:
"If you are using static proxy setting on devices that are otherwise completely offline, meaning the operating system is unable to connect for the online certificate revocation list or Windows Update, then it is required to add the additional registry setting SSLOptions with a dword value of 0. Parent registry path location for "SSLOptions" is "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" "- HeikeRitter
Microsoft
- I could check now. Other computers behind the same Firewall are working smoothly. The error occours only on one computer. I completely deactivated the software firewall on that computer but that didn't help.
- HeikeRitterIf this is really just one device, you will need to do more troubleshooting or contact our support. Did you have a look at the docs page will lots of troubleshooting scnearios? https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-worldwide
Thank you HeikeRitter, I will verify that an post here again when I know more.
