How to get Microsoft Defender to update automatically

Topic

New Reply

I’ve started to use Microsoft Defender. I’d like to keep the virus definitions updated automatically, while otherwise keeping Windows updates in general paused, but I can’t figure out how to do it. So for now, every time there’s a virus definition update, I get one of those annoying notifications telling me that I have to update something. I then have to dig into Settings | Update and Security, and manually do the download. There must be a better way.

I looked in Windows Updates | Windows Security | Virus and threat protection, and couldn’t find anything about updating. I then looked on the Microsoft website, and found instructions about how to use the group policy editor to set up automatic updates on startup. I followed the instructions, but that’s really not much of a solution, since I don’t restart my computer all that often. The MS website I found had a bunch of other stuff about MS Defender, but to the extent that it didn’t seem applicable, it was Greek to me, so here I am.

Is there a way to get the updates automatically? Is so how?

Please take into account that I’m a computer idiot.

Thanks.

Reply | Quote

Replies

Good question @BobStr.

I’m in the same position and use WUMT (Windows Update Mini Tool) periodically or when prompted by Microsoft but I’d dearly like to automate the process.

Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3208), Microsoft 365 Version 2307 (16626.20068)

Reply | Quote

Set it up in Task Scheduler using “Run as administrator” to open Task Scheduler:

Task Scheduler Library > Microsoft > Windows > Windows Defender
The Action to use is:

“C:\Program Files\Windows Defender\MpCmdRun.exe” with arguments “-SignatureUpdate -MMPC”

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

2 users thanked author for this post.

BobStr, John

Reply | Quote

[John]

Thanks @bbearren,

I tried to create the task exactly as you specified but I received a 0x2 error when run on demand. Here are screen shots.
Can you see anything wrong, or have any suggestions on where to look?

 

Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3208), Microsoft 365 Version 2307 (16626.20068)

• This reply was modified 6 months, 2 weeks ago by John. Reason: Task Run Details jpeg showing incorrect content. Replaced by Task Run Details1

Reply | Quote

John wrote:

I tried to create the task exactly as you specified but I received a 0x2 error when run on demand.

Did you open Task Scheduler using “Run as administrator”?  I’ve edited my original reply to include that.  Here are screenshots of every tab for my scheduled task:

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

1 user thanked author for this post.

John

Reply | Quote

Thanks @bbearren,

No I didn’t ‘Run as Administrator’. I will try that and report the result.

Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3208), Microsoft 365 Version 2307 (16626.20068)

Reply | Quote

Note that you can also use Task Scheduler to run PowerShell (with highest privileges and an argument of Update-MpSignature) to do the same… or do the same in an elevated PowerShell console whenever you want:

… or use a PowerShell script.

You can also use an unelevated PowerShell console to query Defender‘s status:

(Yes, I know this screenshot is of an elevated PowerShell console… but it doesn’t need to be. All you’re doing is querying info.)

… or use one of these 3 commands to just query the timestamp of the last signature updates.

(Get-MpComputerStatus).AntispywareSignatureLastUpdated
(Get-MpComputerStatus).AntivirusSignatureLastUpdated
(Get-MpComputerStatus).NISSignatureLastUpdated

You’ll notice that AntiSpyware, AntiVirus and Network Inspection System (NIS) signatures are all updated at the same time so you only need to query one signature:

Note that Windows Defender will fall-back to use the BITS service to update its definitions if, for whatever reason, Windows Update‘s Update Orchestrator Service is unavailable (for example, if disabled by a third-party tool like Windows Update Blocker, after trying Update Orchestrator three times.)

Hope this helps…

1 user thanked author for this post.

John

Reply | Quote

One can also open a Command Prompt using “Run as administrator” and run this command-line:

C:\”Program Files\Windows Defender”\mpcmdrun.exe -signatureupdate -mmpc

I very rarely use PowerShell for anything.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

1 user thanked author for this post.

wavy

Reply | Quote

That was easy.

Thanks large.

Reply | Quote

Hi BobStr:

How are you pausing your Windows Updates?

I have a Win 10 Pro v22H2 OS (I assume you also have a Pro edition if you have a Local Group Policy Editor) and if I pause Windows Updates at Settings | Updates & Security | Windows Updates | Advanced Options | Pause Updates | Pause Until (and then choose a date) I continue to receive daily virus definition updates for Microsoft Defender.

For example, some time around 10-Mar-2023 I paused my Windows Updates until 20-Mar-2023 so that I could delay the delivery of my March 2023 Patch Tuesday updates (released 14-Feb-2023) for about a week, but I’ve still been getting daily virus definition updates delivered silently in the background since 10-Mar-2023 while Windows Update is paused.

Here’s a partial list from my Settings | Updates & Security | Windows Updates | View Update History | Definition Updates:

————-
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.2604 * Firefox v111.0.0 * Microsoft Defender v4.18.2301.6-1.1.20100.6 * Malwarebytes Premium v4.5.24.248-1.0.1944 * Macrium Reflect Free v8.0.7279

Reply | Quote

I do have Win 10 Pro, and I paused updates the same way you do. The pause feature apparently is working differently for me — I guess.

When I finally got rid of McAfee (which came with the computer) and recently switched to Defender, I was irritated that I started getting notifications every few days or so. For a moment I thought that the pause had stopped working, but quickly realized that all of the notices were solely for Defender.

I can’t remember the exact wording (I last saw one yesterday), but the notifications were to the effect that “updates” required my attention; virus signatures were not specified. To find out what the updates were, each time I had to go into Settings | Update & Security | Windows Update.

In fact, I went in there just now. And there I see the pause icon (orange circle, with 2 vertical lines inside) to the left of  “Updates available Last checked: Today 1:22 pm” (which was over 4 1/2 hours ago), with the added explanation that it’s a Security intelligence Update for Windows Defender, which is “ready to download.” In order to actually update Defender, I have to hit the button for “Download.” Looking in the history for definition updates, I see that the last one was installed yesterday (which I had done manually by hitting that button).

So the long and short is that pausing Windows Updates in general pauses definition updates on my machine, but doesn’t prevent my hitting the download button to install those updates without “unpausing” everything else.

I now have to figure out what’s going on with the Task Scheduler, which I set up as instructed here. I set it for 2:00 pm local time. But I did that between 1 pm and 2 pm, so it’s not clear to me which happened first: Windows Updates getting the notice that new definitions were available, or my setting up the scheduler. Whichever, the task scheduler didn’t cause those most recent definitions to be download, but maybe that’s just because of the overlap.

So I guess that what I’m doing now is hitting that download button, and then waiting to see whether the next batch of signatures is downloaded automatically per the task scheduler, or if I’m back to square one.

Reply | Quote

BobStr wrote:

I do have Win 10 Pro, and I paused updates the same way you do. The pause feature apparently is working differently for me — I guess…

Hi BobStr:

Have you changed any settings in your Local Group Policy Editor for Windows Update? For example, is Computer Configuration | Administrative Templates | Windows Components | Windows Update | Configure Automatic Updates set to “2 – Notify before downloading and installing updates” as suggested in PKCano’s ABK2000016: Guide for Windows Update Settings for Windows 10? That Windows Update setting is “Not Configured” in my Local Group Policy Editor as shown below.

The only three Windows Update settings I’ve changed in my Local Group Policy Editor at Computer Configuration | Administrative Templates | Windows Components | Windows Update are for:

• Do Not Include Drivers With Windows Updates (which I’ve enabled)
• Windows Update for Business | Select the Target Feature Update Version (enabled and currently set to Windows 10 / 22H2)
• Windows Update for Business | Select When Preview Builds and Feature Updates Are Received (enabled and set to 1 day delay)

——————-
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.2604 * Firefox v111.0.0 * Microsoft Defender v4.18.2301.6-1.1.20100.6 * Malwarebytes Premium v4.5.24.248-1.0.1944 * Macrium Reflect Free v8.0.7279

Reply | Quote

Tried a run having setup a new task as ‘Run as Administrator” and received the same result – Error 0x2.

Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3208), Microsoft 365 Version 2307 (16626.20068)

Reply | Quote

Just a suggestion for something that might be overlooked:
Have you looked through the settings in WUMT to see if there is an exception for Defender in the blocked updates list? Or a “turn off WU except for Defender” type of setting?

Reply | Quote

Thanks @PKCano.
I’ve looked but is nothing I can see by way of settings or blocked updates.

I understand that WUMT is a stand-alone executable and haven’t been able to find anything in Autoruns etc.

Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3208), Microsoft 365 Version 2307 (16626.20068)

Reply | Quote

Hi BobStr:

Here are a few other things you can check just to make sure MS Defender is running correctly.

Are your daily MS Defender quick scans running automatically? I believe the virus definitions are automatically updated before each scan, and I assume that’s why my daily virus definitions continue to be delivered even if Windows Update is paused. From my Settings | Updates & Security | Windows Security | Virus & Threat Protection:

Is your MS Defender using the current platform and scan engine listed in the MS support article Microsoft Defender Antivirus Security Intelligence and Product Updates? To check go to Settings | Updates & Security | Windows Security | Settings and click the About link at the bottom of the window. Note that I still haven’t installed my March 2023 Patch Tuesday updates and I’m still on platform v4.18.2301.x and not the latest v4.18.2302.x released on 14-Mar-2023.

_____________________________________

You mentioned that you just started using MS Defender. What third-party antivirus were you using before, and after uninstalling did you run the manufacturer’s removal tool to ensure that any orphaned registry entries and services that might interfere with MS Defender were removed? For example, my Dell Inspiron shipped with a trial version of McAfee LiveSafe, and before I switched to MS Defender I uninstalled McAfee from the Control Panel | Programs | Programs and Features and then re-booted and and ran the McAfee Consumer Products Removal (MCPR) Tool to remove the last traces of this antivirus.

Do you still have any other security programs that launch at boot-up and run in real-time protection mode? For example, I run Malwarebytes Premium anti-malware in real-time along with with MS Defender, (I have a perpetual lifetime license for Malwarebytes so I don’t have to pay for an annual subscription) but I have DISABLED the setting in Malwarebytes Premium at Security | Windows Security Center | Always Register Malwarebytes in the Windows Security Center as advised <here> in the Malwarebytes forum.  This ensures that my Microsoft Defender antivirus is registered with Windows as my main real-time antivirus and has the primary responsibility for malware detection and remediation while Malwarebytes Premium essentially works as a secondary “backup” to look for any potential threats missed by MS Defender.
————–
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.2604 * Firefox v111.0.0 * Microsoft Defender v4.18.2301.6-1.1.20100.6 * Malwarebytes Premium v4.5.24.248-1.0.1944 * Macrium Reflect Free v8.0.7279

Reply | Quote

@barcud (John) and @BobStr –

@BobStr , I do realize that you have gone into Group Policy and established settings to have Defender check for updates upon startup, and that’s how I have had my computer set up as well for quite some time, per the instructions you followed from Microsoft.

Now that that’s out of the way, here’s something that you both may benefit from that I just discovered: Yet another setting within Group Policy.

Since you both have the Pro version of Windows 10, you both have full, unfettered access to Group Policy, especially if you run it while logged in as a member of the Administrators group. I just found a setting in there that may have been overlooked that can possibly help you both. Open GP editor and go to Computer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus>Security Intelligence Updates. This is where you probably went to establish checking for updates on startup, but there’s another policy in there that sounds like it will allow you to specify just how often you want Defender to check for updates, and you can set it to anywhere from once an hour to once every 24 hours. The policy’s name is “Specify the interval to check for security intelligence updates”, and it should be the next to the last policy listing in there, right above the one to allow Defender to check for updates on startup! Simply double click on it to bring up its settings box and click on the “Enabled” button and then click on the drop-down item to select how often you want Defender to check for updates while the computer is running. Then click the  “Apply” button and then click the “OK” button and you’re all set, I hope!

@BobStr , you said that you dumped McAfee and started using Defender. When you dumped McAfee, did you just use the uninstall option in Control Panel (or uninstall it from within the Settings>Apps & features area) and then call it a day? If so, you may wish to use McAfee’s dedicated removal tool to get what the uninstall routine may have left behind, as @lmacri says in the post right above this one! @lmacri even provides a link directly to the tool itself in the post.

@barcud (John) , I have had no nags about having Defender updates ready to download and install, and I don’t have a dedicated task in Task Scheduler as described above by @bbearren either. I have never tried to set one up and, if I tried, I would probably have results similar to yours. I’m happy with my current setting of having it check once immediately upon startup of the computer, and I’ve got that set within Group Policy in the aforementioned location.

One other setting within Defender I have that may help reduce the number of notifications you get from Defender: Within Defender’s own settings, I’ve set it to not notify me of its more mundane activities such as having completed a scan. To do this, I opened Defender and clicked on the item in the lower left corner of the window that says, obviously, “Settings” and then under the “Notification” section, I’ve clicked on “Manage notifications” and then, in the resulting window, cleared the check box labeled “Recent activity and scan results”. That may help reduce the number of notices about “hey, there’s an update available” that you get.

1 user thanked author for this post.

wavy

Reply | Quote

Bob99 wrote:

I don’t have a dedicated task in Task Scheduler as described above by @bbearren either.

I created three tasks for Microsoft Defender.

I have created multiple  tasks in Task Scheduler to take care of nearly all routine Windows maintenance.  Any app or utility that I use that (where appropriate) is capable of scheduling, I have scheduled.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

Bob99 wrote:

One other setting within Defender I have that may help reduce the number of notifications you get from Defender: Within Defender’s own settings, I’ve set it to not notify me of its more mundane activities such as having completed a scan. To do this, I opened Defender and clicked on the item in the lower left corner of the window that says, obviously, “Settings” and then under the “Notification” section, I’ve clicked on “Manage notifications” and then, in the resulting window, cleared the check box labeled “Recent activity and scan results”. That may help reduce the number of notices about “hey, there’s an update available” that you get.

‘Recent activity and scan results’ is one of three types of Windows Defender informational notifications, the equivalent of toggling the SummaryNotificationDisabled DWORD value from 0 (On) to 1 (Off) in the Virus and threat protection registry key:

You can turn all three types of informational notifications off at once using the Get infomational notifications toggle switch, the equivalent of toggling the DisableEnhancedNotifications DWORD value from 0 (On) to 1 (Off) in the Notifications registry key:

I’ve included two .REG files (with comments) from the screenshots above in a defender_notifications .ZIP file for those who prefer to make these changes without opening Settings or the Registry Editor. As always, I suggest downloading, unblocking, unzipping then reading the contents of each .REG file in a text editor like Notepad before merging either.

defender_notifications

Hope this helps…

1 user thanked author for this post.

wavy

Reply | Quote