News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Automatic virus definition updates for Defender

    Home Forums AskWoody support Windows Windows 10 Questions: Win10 Automatic virus definition updates for Defender

    • This topic has 8 replies, 3 voices, and was last updated 1 month ago.
    Viewing 4 reply threads
    • Author
      Posts
      • #2348456
        TonyC
        AskWoody Lounger

        In #2348367, @Bob99 wrote:

        You can use GP to edit the behavior of Windows Defender in terms of automatically updating itself, so that it automatically updates itself after each time the computer starts and the Windows Defender service starts.

        However, I haven’t seen an entry that would dictate that Windows Defender should check for updates, say, every 2 or 4 hours. If that type of setting exists, I’d be very interested in seeing it and just maybe tweaking it a bit.

        If you’re confident in looking into the group policy editor, I can tell you just where the entry lies that will allow your copy of Windows Defender to automatically update itself every time the computer and its service restart.

        @Bob99 – I have no problem in using the group policy editor, so I would appreciate knowing where to find the setting that directs Defender to update it virus definitions automatically every time the computer starts.

        However, if Defender already receives virus definition updates automatically and regularly even when GP=2 (Configure Automatic Updates in the group policy editor set to “Enabled” with a value of “2” (Notify)), what is the point of this additional setting?

      • #2348477
        PKCano
        Manager

        However, if Defender already receives virus definition updates automatically and regularly even when GP=2 (Configure Automatic Updates in the group policy editor set to “Enabled” with a value of “2” (Notify)), what is the point of this additional setting?

        The Group Policy setting to notify download/install (“2”) controls the action of Windows Update where it pertains to Cumulative Updates, Servicing Stacks, .Net Cumulative Updates (not necessarily Previews), updates for other MS products, etc. It prevents the automatic download of the updates from the Windows Update queue until the “Download” button (NOT “check for updates”) is clicked. The updates remain in the queue, giving the User a control of updating that the on-off function of “Pause” does not give.
        If you use this function, you should NOT also use Pause. If you use Pause in addition to “2,” when you “Resume updates,” it will ignore the “2” (notify) and immediately begin the download/install of updates. This is explained in AKB2000016.

        In my experience, the Defender updates will go ahead and install regardless of the “2” setting.

        1 user thanked author for this post.
      • #2348490
        TonyC
        AskWoody Lounger

        I wasn’t planning to use Pause anyway, and I have read AKB2000016 a number of times.

        However, the information in your last sentence was good to read. Thank you.

      • #2348521
        anonymous
        Guest

        Hi @TonyC !

        You’re going to want to go to the following location to enable Windows Defender to automatically check for updates every time the computer starts and the Windows Defender service starts:

        Local Computer Policy>Administrative Templates>Windows Components>Microsoft Defender Antivirus>Security Intelligence Updates

        All of those are folder names within Group Policy. Once you’re in the Security Intelligence Updates folder, you’ll see a list of policies/preferences. Go down the list to the very last one. It should be labeled “Check for the latest virus and spyware security intelligence on startup”. This is the only one you need to change. Double click on that policy name to bring up its properties box, and click the “Enabled” setting and then click “OK”. Then close the policy editor.

        A word of caution, though. There is a similarly-named setting a ways above the one I just mentioned, and it’s called “Initiate security intelligence update on startup”. This one should be left set to “Not configured”, as that will make things work just fine. Per the explanation that accompanies it, “If you enable or do not configure this setting, security intelligence updates will be initiated on startup when there is no antimalware engine present.”

        R/

        Bob99

        • #2348750
          TonyC
          AskWoody Lounger

          @Bob99

          Thank you. When I connect to the Internet for the first time, I just going to have to wait and see what happens. But, before I connect for the first time, I will ensure Defender’s virus definitions are up to date by running the latest mpam-fe.exe file. Then, every time I logon subsequently, I will check to see whether Defender’s virus definitions are being updated automatically.

          If it transpires that they are not being updated automatically, I will try your suggestion. If that doesn’t work, then I will have to revert to my original plan of writing a batch script to do the job and scheduling it to run on a regular basis.

          I have also glanced at the “Initiate security intelligence update on startup” setting in gpedit, but I don’t really understand its description.

          • This reply was modified 1 month ago by TonyC.
      • #2348585
        Rick Corbett
        AskWoody_MVP

        Personally I would just use the PowerShell Update-MpSignature cmdlet. That’s what it’s there for.

        Hope this helps…

        • #2348658
          TonyC
          AskWoody Lounger

          I was originally under the impression that, if GP=2 (Configure Automatic Updates in the group policy editor set to “Enabled” with the value “2” (Notify)), Defender would not receive virus definition updates automatically. I was therefore preparing to configure a scheduled task to run a batch script containing the sequence of commands documented in https://www.microsoft.com/en-us/wdsi/defenderupdates. This sequence uses the MpCmdRun.exe command, not the PowerShell cmdlet that you mentioned.

          Two queries:

          • If, as others have indicated, Defender still receives virus definition updates automatically despite the setting GP=2, what is the point of doing anything else?
          • I’m not familiar with PowerShell cmdlets. Does the use of the cmdlet that you mentioned have any distinct advantage over the MpCmdRun.exe command?
          • #2348724
            Rick Corbett
            AskWoody_MVP

            I’m not familiar with PowerShell cmdlets. Does the use of the cmdlet that you mentioned have any distinct advantage over the MpCmdRun.exe command?

            No advantage at all. Just different methods of calling the exact same functionality. If you’re more comfortable with MpCmdRun.exe and a batch script then IMO they are easier to schedule than PowerShell cmdlets.

            1 user thanked author for this post.
            • #2348731
              TonyC
              AskWoody Lounger

              Thank you for your contribution. Yes, I guess it is a matter of what you are comfortable with. I’ve written many batch scripts in my time.

    Viewing 4 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Automatic virus definition updates for Defender

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.