Are Windows Defender updates getting paused by the Windows Update Pause setting?

Topic

New Reply

I don’t think so, but I may be wrong. Karl claims that the Pause setting kept a Microsoft Defender update from getting installed. I’m scratching my he
[See the full post at: Are Windows Defender updates getting paused by the Windows Update Pause setting?]

Reply | Quote

Replies

[Mark]

I think he’s correct.  I have my system set to metered connection and also blocked via policy and registry and I do believe I have not been getting the definition updates due to this.  Yes, I have trust issues…specifically with Microsoft.
I have found the best way is to go to the Defender definitions download and just download and install them myself.  The link to the downloads is: https://www.microsoft.com/en-us/wdsi/defenderupdates

Windows 10 Pro x64 v1909, Windows 7 Home Premium x64, Windows Vista Home Premium x64

• This reply was modified 2 years, 9 months ago by Mark.

2 users thanked author for this post.

BigFatBoy, KP

Reply | Quote

Nice to see the command line in the previous post.

I have everything turned off so I may not have the same Windows settings and I do not get Window Defender definition updates.

I have Metered Connection On and the following two ways update the definitions:

1) right-click on the Windows Security icon in the System Tray (or WhatEverItIsCalledNow) –> Check for protection updates
2) Settings –> Windows Security –> Virus & threat protection –> Virus & threat protection updates –> Check for updates

Reply | Quote

Running Version 1909 Home, I have Updates Paused, but no other restrictions. I get definition updates as expected, but I only get engine updates (I think they call them platform updates with Defender) when I lift the pause. At least, that seems to me to be how it operates.

1 user thanked author for this post.

rc primak

Reply | Quote

That’s what I’m doing and Really MS needs to detach It’s Security Software update apparatus from the Windows 10 update system so folks are not rendered insecure because they have paused Windows 10’s Updates and/or set a metered connection and are using Windows Defender.  I’m on 1909 Home as well. The AV software itself should update its on engine and definitions and keep Windows Update for OS related patching.

1 user thanked author for this post.

BigFatBoy

Reply | Quote

I am using the settings recommended by the AKB article on Windows 10 update settings, including the group policy settings PKCano has, I think I’m mirroring his own settings.  I don’t get automatic Defender updates likely due to the group policy settings, but I do get a popup alerting me that “Your PC needs some updates” and it’s usually a new definition update or engine update for Defender.

Reply | Quote

I am running Pro 1909 and have updates set on Pause for 15 and 90 days depending on whether it is a quality update or the big one.  Windows Defender appears to be updating just fine with the latest update this morning.  Maybe the group policy affects things for others as I do not use that.

1 user thanked author for this post.

rc primak

Reply | Quote

I am running Win 10 pro, ver. 1909 and I have updates paused through group policy. I don’t use Defender as my primary security program. Up to recently, I used to get Defender update notices on the Win Updates page. However, within the last month or so, the notices haven’t been showing up. I now get them through Settings/Update & Security/Windows Security/Virus and threat protection and turn on the also scan with Windows Defender switch. When this is done additional options show. Either Defender has been updated by turning this switch on or you now can click on “Update”. Interestingly, I didn’t have to do this until recently.

Reply | Quote

Defender updates have been driving me nuts for ages.  I have Windows Update set to “notify” so I don’t get automatic updates (at least I don’t think I get them.)  So my solution is a scheduled task that runs MpCmdRun.exe once a day to get updates.

But when I look in the Event Viewer, along with that task-driven update, I see a second signature update that occurs every 24 hours.  The Windows Update logs don’t show these updates, so I can’t figure out where they’re coming from.  The MS docs are pretty useless on it, as they are geared to corporate environments with update servers.  (I’m running Pro on home systems.)

I agree with the earlier post that MS should separate the Defender signature update settings from the regular Windows Update settings.

Reply | Quote

I turned off definition updates somewhere because, if I remember correctly, they still happened if a third party AV was installed.  Also killed Defender in group policy, tasks, settings, et al.  Makes sense to keep Defender updated but the incessant downloading, uploading, checking, stealing data or whatever its contribution to telemetry may be makes it slooooooow.

We’ve never used any MS security tool on any version of Windows, way back to Win 3.1.  Not sure when MS started including AV’s.

Reply | Quote

Hmmm, W10 Pro 1909 updated to July’s updates.

I pause for 35 days after updating and get the windows Defender daily updates (usually 2 per day) and I get the engine/platform updates also. No problem here.

After they download/install, I look in Reliability monitor and it shows that they successfully install.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

[formack]

Allow for the fact that I am an old man, and technically maladroit. However, with updates paused,  and system (10 Pro 1909) set to “metered,” I have noticed that Defender updates are not installing. Belarc advisor seems to confirm this. Just looked at Update and Security. Last Defender update 5 days ago, 16 Aug. Pressed “check for updates” button. Endless circling, no change. This, perhaps, due to metered setting.

• This reply was modified 2 years, 9 months ago by formack.
• This reply was modified 2 years, 9 months ago by formack.

1 user thanked author for this post.

rc primak

Reply | Quote

Metered connection with a task scheduled to run MpCmdRun.exe gets me daily defender updates. I do not see any defender updates installed outside of my scheduled task.

Reply | Quote

To run the task minimized I used these settings.

Action: Start a program
Program/Script: %comspec%
Add arguments: /c start “” /min “C:\Program Files\Windows Defender\MpCmdRun.exe” -SignatureUpdate

cheers, Paul

Reply | Quote

In addition to the update from my scheduled MpCmdRun.exe task, I also see an update from the “Dynamic Signature Service” (Defender event ID 2010).  It happens every 24 hours, although the time of day shifts every few weeks for reasons unknown.  I’ve found some info about this service, but it’s in Win8.1 documentation, and I never know whether to believe info about older operating systems.

Reply | Quote

On both my 1903 Home boxes with metered connection the update check hadn’t been run for 3 days, despite daily use. Previously they were updating themselves with a user notification.
Adding a scheduled task run at unlock seems to work nicely.

cheers, Paul

Reply | Quote

Same thing on my W8.1 box.

cheers, Paul

Reply | Quote

My W8.1 box doesn’t have metered connection but isn’t updating Defender within 3 days – it may happen every 4 but I didn’t wait that long.
It looks like a change to the Defender update schedule rather than a metered connection issue – maybe saves bandwidth for MS.

I set up a scheduled task that fires on workstation unlock to run this PowerShell command. I wanted a daily schedule but couldn’t work out how to run if missed – if machine is not on at the scheduled time.

powershell -WindowStyle Hidden -Command Update-MpSignature

cheers, Paul

Reply | Quote

I found the “run if missed” option in the settings tab. Now have it scheduled daily at 0800.

cheers, Paul

Reply | Quote

After a week of checking, none of my boxes is auto updating Defender. The most recent update is: “Antivirus Signature Last Updated 24 August 2020 05:43:40”. That was after a manual update.

I have now set up scheduled PowerShell jobs on them.

cheers, Paul

Reply | Quote

I followed PKCano’s advice also, and I now see a defender update listed as one I need, something I’ve not seen before. But the wording suggests it’s an engine update, not a definition update.

I’m thinking I’m going to switch back to deferring after this month, though. Because I don’t like getting a notification every day telling me to install, but I do not want to disable all such notifications in case I forget to check the MS-DEFCON and update in time.

I’ve encountered people with problems with their browser not saving cookies, and they think it might be because of the current updates. I’m suggesting how to uninstall the updates, and will get back to you if they say it works, so we’ll know that’s the problem.

1 user thanked author for this post.

rc primak

Reply | Quote

Does,  getting ONLY the latest defender update, bring you up to date or if you missed three, do you have to get them all applied?

 

Reply | Quote

Defender will update all that are required. Whether they are done as one large or several smaller you’ll have to ask MS – I’d put money on several smaller to save everyone loading one large update every time.

cheers, Paul

2 users thanked author for this post.

rc primak, PFC

Reply | Quote

Paul T wrote:

Defender will update all that are required.

I’m hoping it works as per your first sentence. I changed some gpedit settings and left only the #2 response configured. Removed ones I had configured by dbl clicking on Windows Updates for Business folder (I saw a response saying these were necessary then I saw a response saying ONLY response #2 for automatic updates was necessary).  Anyway, after these changes, on the next reboot (yesterday)  I got the notification that I required updates, only the latest of the ones I missed (6) got installed. Today, another notification and only today’s got installed.

This is so much fun.

 

Reply | Quote

[mpw]

I get Defender definition updates through pause.  I cannot get defender updates with metered connection on.

Windows Update has been on pause since August 5, 2020.  Metered connection is off.  These definition updates have successfully installed.

see attachment

HP Pavilion Desktop TP01-0050 – 64 bit
Windows 10 Home Version 22H2
OS build 19045.2965
Windows Defender and Windows Firewall
Microsoft Office Home and Business 2019
-Version 2303(Build 16227.20258 C2R)

• This reply was modified 2 years, 9 months ago by mpw.

2 users thanked author for this post.

rc primak, PFC

Reply | Quote

If necessary, install protection updates manually.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox115.0b2 MicrosoftDefender

1 user thanked author for this post.

rc primak

Reply | Quote

1909 Home here.

With updates paused I wasn’t seeing definition updates so I was manually updating.  Eventually I decided to login is admin and put it in the scheduler.

1 user thanked author for this post.

rc primak

Reply | Quote

I have a routine. Daily or twice daily, when I log into Windows I just run the Defender Check For Updates from the Shield Icon. It’s just one more set of clicks to control behaviors of Tray Area items which otherwise might interrupt a Windows session or worse yet, a Zoom session.  I don’t care what MS Updates does with Windows Defender, unless it’s an engine update. Those seem to list but not install with the Group Policies set the way PK Cano advises.  Which is as it should be.

-- rc primak

Reply | Quote

Win 10 Pro, 1909

I’m using PKCano’s recommended “Notify, don’t install” Group Policy setting, along with 365-day Feature Update deferral and 21-day Quality Update deferral.

I get daily notifications about “Security Intelligence Update for Microsoft Defender Antivirus” being available, which can be a bit annoying.  I also became concerned that perhaps Defender isn’t being updated with my GP settings the way they are.  However, the Event Viewer shows that Windows Update downloads and installs Defender updates regularly:

Application and Service Logs > Microsoft > Windows > Windows Defender > Operational

Event ID: 2000
Logged: 8/25/2020 3:27:51 PM

“Windows Defender Antivirus Security intelligence version has been updated.”
Current security intelligence Version: 1.321.2036.0
Previous security intelligence Version: 1.321.1981.0
Security intelligence Type: AntiVirus
Update Type: Delta
User: NT AUTHORITY\SYSTEM
Current Engine Version: 1.1.17300.4
Previous Engine Version: 1.1.17300.4

“Windows Defender Antivirus Security intelligence version has been updated.”
Current security intelligence Version: 1.321.2188.0
Previous security intelligence Version: 1.321.2184.0
Security intelligence Type: AntiSpyware
Update Type: Delta
User: NT AUTHORITY\SYSTEM
Current Engine Version: 1.1.17300.4
Previous Engine Version: 1.1.17300.4

————-

Application and Service Logs > Microsoft > Windows > WindowsUpdateClient > Operational

Event ID: 41
Logged: 8/25/2020 3:27:51 PM
Task Category: Windows Update Agent

“An update was downloaded.”

updateTitle: Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.321.2188.0)

The same day, Windows Update notified me that “Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.321.2205.0)” was available, but did not install it without my permission.

My guess is that WU runs a check and gets the latest Defender update on or after boot, but a few hours later finds a more current version and pops up a notification.

Note again, this behavior likely only applies to those with “Notify, don’t install” GP setting on Win10 Pro.

Reply | Quote

anonymous wrote:

Security Intelligence Update for Microsoft Defender Antivirus

This is an update to Defender’s engine and should be installed.

Reply | Quote

Still getting updates.  Metered connection off.  Pause still on.  Here are some places to look to check for Defender Updates.

 First – Start > Settings > Windows Update and Security > Windows Security > Virus and Threat Protection > Settings gear in lower left corner > About

Shows definition platform and updates version and you can see them change usually daily.

Second – Control Panel > Security and Maintenance > Maintenance > Report Problems (must be on) > View reliability history

Best way to see history, chart shows daily updates from 1 – 4 a day.  Yeah really, there were 4 updates on August 26.

Third – Start > Settings > Windows Update and Security > View Update History > Definition Updates

Least useful option.  Always late.  Eventually catches up reporting, but misses some and never reports more than one a day.  Can be three days before update appears in this history.

I still have not gotten the new Defender Platform (4.18.2008.4) and my event viewer is filling up with Event ID 7000 and 7001, several a day.  I don’t know if that is because platforms can’t make it through pause or because it is still being tested and has not been released yet.  But on my computer Definitions get through daily.

HP Pavilion Desktop TP01-0050 – 64 bit
Windows 10 Home Version 22H2
OS build 19045.2965
Windows Defender and Windows Firewall
Microsoft Office Home and Business 2019
-Version 2303(Build 16227.20258 C2R)

Reply | Quote

Windows Defender Antimalware platform 4.18.2008.9 is available for manual download from the catalog (KB4052623). Additional help (KB) here.

1 user thanked author for this post.

mpw

Reply | Quote

Got it last night.  Windows sent it through pause.  So Definitions and Defender Antimalware platforms both get through pause.  Good to know.

Thanks though.

HP Pavilion Desktop TP01-0050 – 64 bit
Windows 10 Home Version 22H2
OS build 19045.2965
Windows Defender and Windows Firewall
Microsoft Office Home and Business 2019
-Version 2303(Build 16227.20258 C2R)

Reply | Quote