Windefender AV Signature Updates Cannot be Scheduled

Copper Contributor

Hey all!

We have some workstations that we'd like to schedule WD AV Signature Updates on, rather than having them scanned/DL'd/installed on the standard frequency, and we've run into some trouble.

 

We've used Microsoft's documentation to Enable the following three settings in LGPO editor, to match our needs:

1. Specify the day of the week to check for definition updates

2. Specify the interval to check for definition updates

3. Specify the time to check for definition updates

 

After turning on and editing those settings, nothing has changed. We're still getting Signature updates multiple times per day, and ideally we'd like them to be Checked/DL'd/Installed once per day, after business hours.

 

Has anyone else run into this issue? It seems that Windows will not respect the LGPO settings, even though they're all showing as Enabled in the list. I have been sifting through articles and forum posts, but nothing seems to stand out...

 

These workstations are on Win10 Enterprise LTSC 64-bit, not part of any domain, and we always stay updated. 

 

Any thoughts/assistance would be greatly appreciated! If there's questions, I'll be glad to answer.

 

Thanks in advance!

8 Replies
your users are licensed with a license that includes Intune features ?

@eliekarkafy 

 

Not sure what you mean by this, could you elaborate? How does this relate to Windefender AV Sig scheduling?

with Intune you can control the defender AV sig scheduling, please refer to the below link for more details
https://learn.microsoft.com/en-us/mem/intune/protect/antivirus-microsoft-defender-settings-windows

Oh I see! Thank you for that, there's quite a bit to go through. I'll let you know if this helps, and we appreciate it!

@jduclos 

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

So after reading through the linked article, I can say we've already tried that, and it hasn't had any effect. We don't use Windows Intune, we're on Win10 Enterprise for these terminals.

We set the " Specify the interval to check for definition updates" GPO to 24, to have it check once per day, and set the "Specify the time to check for definition updates" to 60 (for 01:00), but it still seems to check at random times during the day, and installs the updates at that time.
do you have any windows update configuration in place using SCCM or WSUS ?
there are some additional settings regarding updates, such as updating before a scheduled scan or update on startup and so forth.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-event-based-update...

I suppose these could be the reason for the out of band updates.
The ad-hoc updates listed happen dynamically when deemed necessary by cloud protection, but this will not affect the signature version. So assuming you mean the signature version goes up, the ad-hoc updates are not related.

Other than that regular OS windows update checks will download signatures as well, in case those run regularly.