Microsoft Defender for Endpoint definition out of dated

Copper Contributor

Hi all,

 

Some devices that connected to internet can't get update AV signature, I trying to forced security intelligence from GPO but can't latest definition update. Please advise solution to resolve MDE can't automatically get definition update of (security intelligence, AV engine, AV platform update).

 

Thank you!

7 Replies
Could you give some additional info on the updates sources for security intelligence you setup in the GPO, and also how you manage general OS updates? (Windows Update? SCCM?)

Security intelligence and AV engine will be updated from the source you choose in GPO,
and AV platform updates will be retrieved as an OS update from Windows Update etc.

@Jonhed Thank you Jonh for advise, Please kindly below path of GPO has configured
GPO: Computer Configuration\Policies\Windows Components\Microsoft Defender for Antivirus\Security Intelligence Updates

 

Please kindly see details as attached pictures. And also advise if missing policy not configure.

 

Thank you,

Ok, so you are running the default sources.
Can't remember what those are, so could you run "Get-MpPreference" in powershell and check the value of "SignatureFallbackOrder" is?

Also, what happens if you try to run a manual update from the security center on one of the affected pcs? Do you get some sort of error code?
In powershell "Get-MpPreference" I got "SignatureFallbackOrder" is "MicrosoftUpdateServer | MMPC"

Manual update also got failed Microsoft defender antivirus definition update. And error code is (0x80244018).

Thank you
Could be a network problem then.
Do you have a proxy in your environment
If you do are all the required URLs allowed, and have you setup defender to use said proxy?
Hi Jonhed, After we check with network team some of MDE update definition update url was blocked by firewall, now Microsoft security intelligence got update is working as normal. Just to verify about GPO that shared with you as attached picture there's correct or not?

Good to hear that you was able to fix the problem.

I do not see any problem with your GPOs.
Just to confirm, have you been able to update the antivirus platform version as well?
The platform version updates is usually done through the regular OS windows updates, so if you use WSUS or SCCM etc to manage normal OS updates, you will need to setup those resources to distribute platform updates.

If you just update the OS straight from the internet, and do not manage it internally, there should not be any problems.