Use WSUS to deploy definition updates to computers that are running Windows Defender

This article describes how to use Microsoft Windows Server Update Services (WSUS) to deploy definition updates to computers that are running Microsoft Windows Defender.

Original product version: В Windows Server Update Services
Original KB number: В 919772

Deploy Windows Defender definition updates

To do this, follow these steps:

Open the WSUS Administrator console, and then select Options at the bottom of the console tree.

Select Products and Classifications and verify that the Windows Defender check box is selected under the Products tab.

Verify that the Definition Updates check box is selected under the Classifications tab, and then select OK.

Optional: approve the updates by using an automatic approval rule. To do this, follow these steps:

1. At the bottom of the console tree, select Options.
2. Select Automatic Approvals.
3. Under step 1, select New Rule. , and then select the When an update is in a specific classification check box and the When an update is in a specific product check box.
4. Under step 2, select Any classification >Definition Updates, then click OK.
5. Next, select Any product and clear the All Products check box, then scroll down and select Windows Defender, afterward select OK.

At the bottom of the console tree, select Synchronizations.

On the action pane on the left, select Synchronize now.

At the top of the console tree, select Updates.

Approve any Windows Defender updates that WSUS should deploy.

Используйте WSUS для развертывания обновлений определений на компьютерах, на Защитник Windows

В этой статье описывается, как использовать Microsoft cлужбы Windows Server Update Services (WSUS) для развертывания обновлений определений на компьютерах с Microsoft Защитник Windows.

Исходная версия продукта: cлужбы Windows Server Update Services
Исходный номер КБ: 919772

Развертывание Защитник Windows определений

Для этого выполните следующие действия:

Откройте консоль администратора WSUS и выберите «Параметры» в нижней части дерева консоли.

Выберите продукты и классификации и убедитесь, что Защитник Windows на вкладке «Продукты».

Убедитесь, что на вкладке «Классификации» выбрана вкладка «Обновления определений» и выберите «ОК».

Необязательно: утверждение обновлений с помощью правила автоматического утверждения. Для этого выполните следующие действия:

1. В нижней части дерева консоли выберите «Параметры».
2. Выберите «Автоматическое утверждение».
3. В шаге 1 выберите «Новое правило». и выберите «Когда обновление находится в определенном поле классификации» и «Когда обновление находится в определенном продукте».
4. В шаге 2 выберите «Обновления определений >классификации» и нажмите кнопку «ОК».
5. Затем выберите «Любой продукт» и скройте его, прокрутите вниз и выберите Защитник Windows , а затем выберите «ОК».

В нижней части дерева консоли выберите «Синхронизации».

В области действий слева выберите «Синхронизировать сейчас».

В верхней части дерева консоли выберите «Обновления».

Утвердим Защитник Windows обновления, которые должны быть развернуты в WSUS.

Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware

Microsoft continually updates security intelligence in antimalware products to cover the latest threats and to constantly tweak detection logic, enhancing the ability of Microsoft Defender Antivirus and other Microsoft antimalware solutions to accurately identify threats. This security intelligence works directly with cloud-based protection to deliver fast and powerful AI-enhanced, next-generation protection.

Microsoft security intelligence updates include software that incorporates material from third parties. Third-party notices and information

Automatic updates

To help ensure your antimalware solution detects the latest threats, get updates automatically as part of Windows Update. If you are having problems with Windows Update, use the troubleshooter.

If you don’t already use Microsoft Defender Antivirus, learn how to turn it on.

Trigger an update

A manually triggered update immediately downloads and applies the latest security intelligence. This process might also address problems with automatic updates. Microsoft Defender Antivirus and other Microsoft antimalware solutions provide a way to manually trigger an update.

In Windows 10, select Check for updates in the Windows Security Virus & threat protection screen to check for the latest updates.

Enterprise administrators can also push updates to devices in their network. To clear the current cache and trigger an update, use a batch script that runs the following commands as an administrator:

Manually download the update

You can manually download the latest update.

Latest security intelligence update

The latest security intelligence update is:

• Version: 1.335.1161.0
• Engine Version: 1.1.18000.5
• Platform Version: 4.18.2103.7
• Released: 4/18/2021 9:23:44 PM
• Documentation: Release notes

You need to download different security intelligence files for different products and platforms. Select the version that matches your Windows operating system or the environment where you will apply the update.

Note: Starting on Monday October 21, 2019, the Security intelligence update packages will be SHA2 signed.
Please make sure you have the necessary update installed to support SHA2 signing, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

Antimalware solution	Definition version
Microsoft Defender Antivirus for Windows 10 and Windows 8.1	32-bit | 64-bit | ARM
Microsoft Security Essentials	32-bit | 64-bit
Windows Defender in Windows 7 and Windows Vista	32-bit | 64-bit
Microsoft Diagnostics and Recovery Toolset (DaRT)	32-bit | 64-bit
System Center 2012 Configuration Manager	32-bit | 64-bit
System Center 2012 Endpoint Protection	32-bit | 64-bit
Windows Intune	32-bit | 64-bit

The links point to an executable file named mpam-fe.exe , mpam-feX64.exe , or mpas-fe.exe (used by older antispyware solutions). Simply launch the file to manually install the latest security intelligence.

End of life for Microsoft Forefront Client Security was on July 14, 2015. Customers are encouraged to migrate to System Center Endpoint Protection. For more information, visit the Microsoft support lifecycle website.

Network Inspection System updates

The following products leverage Network Inspection System (NIS) updates:

• Microsoft Security Essentials
• Forefront Endpoint Protection
• System Center 2012 Endpoint Protection

These updates are designed to protect you from network threats, including exploits as they are transmitted. Check the version of the Antimalware Client component on your security software and download the right version of the NIS updates for your platform.

RootUsers

Guides, tutorials, reviews and news for System Administrators.

Integrate Windows Defender with WSUS and Windows Update

It’s important for Windows Defender to stay up to date so that new known variants of malware can be detected. This can be achieved if we integrate Windows Defender with WSUS and Windows update, which we’ll show you how to do here in Windows Server 2016.

This post is part of our Microsoft 70-744 Securing Windows Server 2016 exam study guide series. For more related posts and information check out our full 70-744 study guide.

Updating Windows Defender

By default Windows Defender will update automatically. We can open the Windows Defender graphical user interface (GUI) and select the update tab, as shown below.

This window will show the virus and spyware definition versions, as well as when they were last updated. We can optionally click the “Update Definitions” button towards the right to manually initiate an update. Note that this does require the Windows update service to be running to work.

Windows Defender with WSUS

If our system is configured to receive Windows updates through a Windows Server Update Services (WSUS) server, we can configure WSUS to actually download and approve these updates for Windows Defender. When the system performs a Windows update through WSUS, the definition updates will also be updated.

In the WSUS console if we select Options > Products and Classifications, followed by the Classifications tab, we can see that Definition Updates is selected by default. This means that by Default WSUS should download definition updates for Windows Defender.

If we look at the automatic approvals under Options > Automatic Approvals however, only critical and security updates are automatically approved by default.

We can of course modify this to allow definition updates to automatically approve if we want, meaning that our servers using the WSUS server will download them when available without manual approval.

Refer to our guide if you need further information regarding configuring automatic updates with WSUS.

Summary

We have illustrated the importance of keeping Windows Defender up to date, this is done when we integrate Windows Defender with WSUS and Windows Update.

This post is part of our Microsoft 70-744 Securing Windows Server 2016 exam study guide series. For more related posts and information check out our full 70-744 study guide.

Wsus windows defender updates

Вопрос

I have a few hundred computer’s in my WSUS console that are reporting «no status» on a specific update.

Definition Update for Windows Defender — KB2267602
(Definition 1.213.832.0)

I have checked for updates several time on many of the computer’s & tried wuauclt detectnow, reportnow, downloadnow

Nothing seems to correct this issue at this point.

has anyone else seen this issue and have any suggestions on how I can fix this?

The update was automatically approved as per my settings and should be installed.

Any help would be great

Ответы

Check below link, it may helpful for windows defender issue.

Also would like to suggest if KB2267602 is not needed in your environment you can hide it from WSUS.

So that it wont be discovered again.

Regards, Krselva. Please remember to mark the replies as answers if its helps you, and unmark the answers if it is not help you.

If an update arrives WSUS server through synchronization, before the clients synchronize with WSUS server and evaluate this update, it will be marked as «no status». It’s normal. Just trigger the synchronization from the clients and wait some time.

Besides, if an update is unused, just decline it. This can reduce the workload of the WUA of the clients.

Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

Все ответы

Could you try to download the KB2267602 update manually & install on one system. Than again run the wuauclt /detectnow /reportnow

Wait for some time & check the status in WSUS.

If its success Need to select the correct update in WSUS with supporting to OS architecture.

Are these clients able to check the updates against the WSUS server successfully?

If the check failed with error, please provide the error code and windowsupdate.log.

Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

I notice that every morning, my WSUS server shows the client’s at 99%.

1 Update with no status — and the update is set to install, but has no status.

Definition Update for windows defender — KB2267602 (Definition 1.213.1837.0)

Eventually the client’s report to WSUS and show 100%

If I manually run wuauclt /reportnow on the client’s, after checking for updates and no updates are found/installed.. the WSUS console will show 100% for the client I ran wuauclt /reportnow on until the next morning.

This is on vista, win7, win8.1 and win10 machines.

WSUS Version: 6.3.9600.18057

I did apply the hotfix update that fixed win10 devices showing as vista..

Anyone else seen this issue? It is very annoying and I am not sure how to fix it at this point.

Side note: We do not use Windows defender in our environment.