cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

GPO to auto update defender AV platform version on windows servers

Cloud0009
Copper Contributor

‎Nov 09 2022 03:04 AM

‎Nov 09 2022 03:04 AM

GPO to auto update defender AV platform version on windows servers

We have 1200+ windows servers (2012R2, 2016 and 2019) and all the servers are on boarded to MDE however when checking defender AV platform version report on security portal, I can see all servers are running on different defender AV platform versions. tried to find any GPO steps which I can create to make sure all the servers gets defender AV platform updates automatically however could not find any GPO way to achieve this. We are not managing servers by SCCM or WSUS update hence GPO is the only way forward for us.

During my own research I found that MS releases defender AV platform update under KB4052623 but could not get any way to make sure this get installed automatically on all the servers.

 

1,473 Views
0 Likes
3 Replies
Reply
3 Replies
Jonhed

‎Nov 09 2022 08:14 AM - edited ‎Nov 09 2022 08:45 AM

‎Nov 09 2022 08:14 AM - edited ‎Nov 09 2022 08:45 AM

Re: GPO to auto update defender AV platform version on windows servers

@Cloud0009 

Platform updates are received via Windows Update/Microsoft Update along with all other OS updates, so I think the only easy option here is to configure automatic updates for the whole OS.

 

If you do not want this to happen, I guess you might be able to configure some sort of script to download said KB and install, but not sure if there is a download link that does not change every month.

Also do note that 2012R2 and 2016 has sensor updates on top of Platform/Intelligence updates.

(listed as the product Defender for Endpoint in Microsoft Update catalog)

0 Likes
Reply
Cloud0009

‎Nov 12 2022 10:51 PM

‎Nov 12 2022 10:51 PM

Re: GPO to auto update defender AV platform version on windows servers

Thank you for the response on this however I wanted to clarify below:
When I pull Defender AV report from endpoint manager portal I can see all my devices running on different platforms and versions of defender AV as below:

AntiMalwareVersion EngineVersion SignatureVersion
4.18.2210.5 1.1.19800.4 1.379.114.0
4.18.2209.7 1.1.19700.3 1.377.735.0
4.18.2210.5 1.1.19800.4 1.379.114.0
4.18.2111.5 1.1.18800.4 1.355.2057.0
4.18.2210.5 1.1.19800.4 1.379.114.0
4.18.2203.5 1.1.19200.5 1.363.1631.0
4.18.2201.10 1.1.18900.3 1.359.1176.0
4.18.2111.5 1.1.18800.4 1.355.2104.0
4.18.2210.5 1.1.19800.4 1.379.114.0
4.18.2207.7 1.1.19600.3 1.375.670.0
4.18.2210.5 1.1.19800.4 1.379.122.0
4.18.2001.10 0.0.0.0 0.0.0.0
4.18.2210.5 1.1.19800.4 1.379.122.0
4.18.2210.5 1.1.19800.4 1.379.114.0
4.18.2210.5 1.1.19800.4 1.379.71.0
4.18.2210.5 1.1.19800.4 1.379.134.0
4.18.2111.5 1.1.18800.4 1.355.738.0
4.18.2104.10 1.1.17300.4 1.321.69.0
4.18.2210.5 1.1.19800.4 1.379.114.0
Hence wanted to know how can we make sure all our endpoints and servers (on barded to MDE) are getting latest updates.
If there there is any GPO way by which we can push all the defender AV updates (antimalware, signature and version) to all the servers?

0 Likes
Reply
best response confirmed by Cloud0009 (Copper Contributor)
Jonhed

‎Nov 16 2022 07:00 AM

‎Nov 16 2022 07:00 AM

Solution

Re: GPO to auto update defender AV platform version on windows servers

There is no way to push all types of MDAV updates.

If you require all versions to update (AntilmalwareVersion included), you would need to enable Automatic updates for the OS itself.
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deplo...

This will get all types of updates available for the OS itself, MDAV included, assuming the servers can get updates from the Microsoft Update service online, or from an internal WSUS server if you have that setup.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Cloud0009 (Copper Contributor)
Jonhed

‎Nov 16 2022 07:00 AM

‎Nov 16 2022 07:00 AM

Solution

Re: GPO to auto update defender AV platform version on windows servers

There is no way to push all types of MDAV updates.

If you require all versions to update (AntilmalwareVersion included), you would need to enable Automatic updates for the OS itself.
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deplo...

This will get all types of updates available for the OS itself, MDAV included, assuming the servers can get updates from the Microsoft Update service online, or from an internal WSUS server if you have that setup.

View solution in original post

0 Likes
Reply