Feb 02 2024 03:20 AM
Feb 02 2024 03:20 AM
I have an issue where Security Intelligence update is being delayed by a number of days and can't figure out why.
Currently testing migrating from another AV product to Defender for Endpoint(3rd Party AV has been uninstalled) current set up is;
Device Hybrid Joined
Co-management with SCCM / Intune. SCCM handling Windows Update. Intune managing Defender. (AV, Firewall, ASR, Web Content Filtering) all this works apart from Security Intelligence updates every hour as configured in Intune!
Signature Updates appear to wait until they are over 72hrs before updating, and I can't force the update as I get the following:
C:\Program Files\Windows Defender>MpCmdRun.exe -SignatureUpdate
Signature update started . . .
Signature update finished. No updates needed
Amended SCCM default Antimalware policy sources to WinUpdate and MMPC and to update every 1hr incase these somehow are impacting
Can anyone help what could be causing this delay please?
SecurityIntelligenceVersion Please note that this machine is running with outdated security intelligence version. It is recommended to apply the most recent security intelligence version to ensure optimal protection and compatibility.
Defender AV Service Status Running
Windows Security Center Service Status Running
Windows Security Health Service Status Running
Defender AV mode Active
Defender Network Protection Service Running
Defender Network Protection Driver Running
Defender AV Platform Version 4.18.23110.3-0
Defender AV Security Intelligence Version 1.403.2882.0
Defender AV engine Version 1.1.23110.2
Defender Is Tamper Protected True
Defender Tamper Protection Source Intune
Defender Is Tamper Protection Exclusions Enabled False
Defender Network Protection Mode Block Mode
Enrollment Status Device is managed by MDM Agent (3)
Domain Joined YES
Azure AD Joined YES
Workplace Joined NO
MDM Enrollment state MDM enrolled
System-wide WinHTTP proxy Direct access (no proxy server).
Device has internet access and we'd like the device to update direct from the cloud, no Firewall blocks, device has access and does update sometime after 72hrs..
SignatureFallbackOrder : MicrosoftUpdateServer|MMPC
SignatureFirstAuGracePeriod : 120
SignatureScheduleDay : 8
SignatureScheduleTime : 01:45:00
SignatureUpdateCatchupInterval : 1
SignatureUpdateInterval : 1
SubmitSamplesConsent : 1
NISSignatureAge : 4
Intune setting from AV Policy:
Feb 06 2024 08:16 AM
Feb 06 2024 09:01 AM - edited Feb 06 2024 09:02 AM
@The4thLegacy thanks for the reply, if you do get a fix on your Sev ticket please could you let us know here?