Windows Defender Definition Updates no longer appearing/installing

Senecio · Friday at 12:48 PM

Levitate11 said:
Interesting. Can one or both of you guys download the latest definitions direct from MS, "run" the program (As Administrator) and see what it does.

Sorry, I'm a bit late responding to this. Thanks to @kelper I found this option which I assume will download the latest definitions and run a scan. Potentially useful if an infection is suspected, but I prefer to only run one antivirus on a regular basis.

kelper · Friday at 12:51 PM

I have solved the issue, no need to do anything else

oldschool · Friday at 12:56 PM

kelper said:
Same for me. This is the last one, same date as you.

View attachment 134232

This was a Platform update, not definitions.

kelper · Friday at 12:58 PM

oldschool said:
This was a Platform update, not definitions.

I know, but there were no definition updates after this. Anyway, it's resolved as I keep posting.

Levitate11 · Friday at 1:07 PM

Latest updates to the updates:

I logged on as the net Admin. It might or might not be worth noting that although I've used the net admin account before on this machine, it treated me a bit like a new-ish user on the first login and reinstalled Copilot, tried to get me to use OneDrive Backup, etc. I got this similar behavior on my main user account after the May 13 KB5058411 install via my user account.

However, after running Windows Update as Admin... no change. I logged on and off as Admin a couple times and still nothing changed.

I then logged off Admin and back on again in my user account to come update this thread. Ran Windows Update one more time for kicks. It updated to the later May 16 definitions!

As a side note, per @garlin 's previous suggestion I reran the version command and I now get this latest May 16 version.

So, what "fixed" it?

- I've logged on and off as "me" plenty of times and nothing changed previously.
- Nothing changed while logged on / off / on as Admin but perhaps running Update as Admin changed something that needed to ferment
- Perhaps logging in as Admin and having the "new user" cycle run changed something.
- Could have been the change @kelper suggested (to run a manual scan) although that had no immediate effect. Perhaps it takes a few log on/off cycles to settle in.

Too many variables for me to determine anything at this point. I'm going to let it sit in this configuration for a few days and see if it starts downloading auto-updates for Defender again in the morning. I'll let that gel a few days (assuming it works) and then setup the Group Policy to notify only again and see where that goes. Then I'll probably shut manual/occasional Defender back off and watch the resulting behavior over some days.

I'll keep the thread updated.

Senecio · Friday at 1:37 PM

kelper said:
I have solved the issue, no need to do anything else

Indeed you have, but I was responding to @Levitate11 's specific question directed at me. I felt it would be rude to ignore it.

oldschool · Friday at 5:44 PM

Levitate11 said:
Too many variables for me to determine anything at this point. I'm going to let it sit in this configuration for a few days and see if it starts downloading auto-updates for Defender again in the morning.

If you experience the problem again, one option is to run this as a batch file. It will force a clean signature update package.

Code:

cd %ProgramFiles%\Windows Defender

MpCmdRun.exe -removedefinitions -dynamicsignatures

MpCmdRun.exe -SignatureUpdate

Windows Defender not updating automatically in Windows 11/10
Another option is to
Automatically fix Windows security issues - Microsoft Support

What it fixes
Checks the following Windows security features and enables them if needed

Phishing Filter or Smartscreen Filter

User Account Control (UAC)

Data Execution Prevention (DEP)

Windows Firewall

Antivirus protection status and updates

BTW, the only options I use in GPO to control Defender are:

Select channel for Defender monthly engine updates > Beta channel
Select channel for Defender monthly platform updates > Beta channel
Specify interval for security intelligence updates > Set to your desired interval. I use 4 hours.

Cheers!

SIW2 · Friday at 6:31 PM

I could not update the Microsoft Security Essentials definitions in our Windows 7 computer at work.

needs update

https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/updt/2016/04/windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu

https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/updt/2016/04/windows6.1-kb3140245-x86_cdafb409afbe28db07e2254f40047774a0654f18.msu

and either ms easy fix

https://download.microsoft.com/download/0/6/5/0658B1A7-6D2E-474F-BC2C-D69E5B9E9A68/MicrosoftEasyFix51044.msi

or do it with reg file

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisableByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisableByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a00

Levitate11 · Saturday at 1:48 PM

Day 2 - After booting this morning, I went into Windows Update to check for Definition Updates.

There was nothing listed. Running "Check for Updates" revealed a new Definition update that was immediately installed.

Seems a little odd still... that should have auto-installed AFAIK as it was a security update. I do not currently have Policies set for option 2 (Notify me) and I didn't get a notification at login. I don't have any Policies set right now.

This mode is OK with me, but I'm not sure how I got here.

garlin · Saturday at 2:33 PM

Defender updates don't require permission to install. Those include the Platform update (about every month), and Definitions (at least once per day).

Other security updates that may require permission to install include the Monthly (not Preview) Update, MSRT (about every month), and occasional UEFI or CPU fixes outside of the Monthly Update.

Levitate11 · Saturday at 3:49 PM

garlin said:
Defender updates don't require permission to install. Those include the Platform update (about every month), and Definitions (at least once per day).

Other security updates that may require permission to install include the Monthly (not Preview) Update, MSRT (about every month), and occasional UEFI or CPU fixes outside of the Monthly Update.

I wouldn't disagree... when it's working properly. Clearly my updates were not.

All I have is speculation on what might have fixed it. So I'll throw this out as a possibility: Whatever was wrong require a priv elevation to correct. So running as Admin while hacking at it allowed a process to fix it that otherwise could now. Again, just speculation. Who knows.

garlin · Saturday at 3:54 PM

A lot of strange permissions errors will break WU and/or Defender, because both operate at the highest trust levels. Sometimes you can find a suggested fix that happens to work, or in the worst case perform a repair reinstall.

What's interesting about your case, is the Definitions looked like they disappeared for a while. If updates were broken, we'd expect an outdated copy of them to stay indefinitely on the PC.

Levitate11 · Saturday at 6:56 PM

garlin said:
A lot of strange permissions errors will break WU and/or Defender, because both operate at the highest trust levels. Sometimes you can find a suggested fix that happens to work, or in the worst case perform a repair reinstall.

What's interesting about your case, is the Definitions looked like they disappeared for a while. If updates were broken, we'd expect an outdated copy of them to stay indefinitely on the PC.

I know. Odd. And the behavior even now isn't quite "right". But I'll watch how it settles out.

Levitate11 · Tuesday at 12:11 PM

Well... as of yesterday, I still have the same behavior. No auto-install of Definition updates at morning sign-on. No notice that they're available (expected). Manually Checking for Updates does now get me a Definition update, reliably.

Last night I changed the Policy Computer>Admin>Windows Components>Windows Update> End User Experience > Configure Automatic Updates to Option 2 - "Notify before Download and Install". When I originally set that (pre-problems) that would result in a notification at morning sign-on that a Definition Update was waiting. But it had no effect. I have already forced the policy changes and rebooted.

I don't believe there's any other Policy I need to set in order to set that policy, but if you know differently, please advise. There was no additional change needed originally.

I had set the "Display Options for Update Notifications" to "0", which enforces "Windows Defaults" a couple days ago (no effects). I've set that back to "Not Configured" to see if it helps.

oldschool · Tuesday at 2:01 PM

Levitate11 said:
Last night I changed the Policy Computer>Admin>Windows Components>Windows Update> End User Experience > Configure Automatic Updates to Option 2 - "Notify before Download and Install".

AFAIK, Defender updates install regardless of Windows Update settings in order to maintain system security. Logon does not trigger definition updates, but rather they happen automatically at default interval, or at your specified interval, if you have it configured.

Levitate11 · Tuesday at 11:48 PM

oldschool said:
AFAIK, Defender updates install regardless of Windows Update settings in order to maintain system security. Logon does not trigger definition updates, but rather they happen automatically at default interval, or at your specified interval, if you have it configured.

1) Not mine

. With my original configuration, setting the Group Policy "Configure Automatic Updates" to Option 2 definitely caused windows to notify me of Security Updates and not install them. However, clicking Check Updates would definitely auto install those that were waiting in the queue.

2) Agreed that login itself is not the trigger. But that follows boot up or power on so Windows would typically notify me in the morning. It no longer appears to do that but I'll be watching it for a few days to verify.

Levitate11 · 2025-05-21T10:15:15-0400

As Alice said, "curiouser and curiouser".

Current state is Computer> Admin> Windows Components> Windows Update> End User Experience > Configure Automatic Updates set to Option 2: Notify before Download and Install.

That seems to mostly be working. I went into Windows Update and there was a Definition update there waiting, 1.429.99.0, and a "Download and Install" button to click. I did that.

I then clicked "Check Updates" just to be sure, and there was another Definition update available, 1.429.107.0, which it proceeded to update and install as expected. You'd think it would have both listed... or the latest. A little odd.

As mentioned up above somewhere, I used to get a Windows Pop-Up Notification at morning login that I had updates waiting. Those have not come back. Anyone else get those at all?

Levitate11 · 2025-05-22T10:53:29-0400

So, I think I'm making progress on this... maybe.

Recent Results Recap:

On Monday, I set the "Policy Computer>Admin>Windows Components>Windows Update> End User Experience > Configure Automatic Updates" to Option 2 (Notify before Download / Install).

On Tuesday morning at initial logon (should be a daily 5AM update waiting), I didn't get any "notifications" as in pop-ups. I did find Defender updates waiting by going into Windows Updates. The button was "Download and Install". Clicked. installed updates.

Yesterday (Wednesday), there was again an update waiting. OK. Installed it. I "Checked for Updates" immediately after and it found a second Defender update. Odd, you would have thought it would list both, but OK.

In the afternoon Wednesday, I again enabled the policy "Display Options for Update Notifications" and set it to "0". That should enforce "Windows Defaults".

Current:

This morning (Thursday), there were no updates waiting. I "Checked for Updates". Nothing, "You're up to date".

I then changed the "Policy Computer>Admin>Windows Components>Windows Update> End User Experience > Configure Automatic Updates" to Option 3 (Windows Default). I also changed the "Display Options for Update Notifications" back to "Not configured". I went back in immediately and "Checked for Updates".

The result was that it now found two updates: KB2267602 (Daily 5AM Definitions update) and KB4052623 (A Defender core update). Both downloaded and installed.

Color me shocked.

I'm going to leave it this way for a couple days and see if updates continue to show up. Then I'll flip those two settings back, one at a time, and exercise each over several days. I don't know if having both set is the issue or if just one triggers the no-updates problem.

oldschool · 2025-05-22T11:01:39-0400

Levitate11 said:
I'm going to leave it this way for a couple days and see if updates continue to show up. Then I'll flip those two settings back, one at a time, and exercise each over several days. I don't know if having both set is the issue or if just one triggers the no-updates problem.

After this test, why don't you try leaving all GPO settings to "Not configured", as a test?

Levitate11 · 2025-05-22T11:45:04-0400

oldschool said:
After this test, why don't you try leaving all GPO settings to "Not configured", as a test?

That's an option I thought of too. Ideally, it's what I have now, i.e. with Configure Automatic Updates set back to Option 3. But I have little confidence that "Not configured" is the same as "Windows Default" at this point.

I originally started down this path because I do want Option 2 like behavior i.e. "Don't install anything without telling me about it first".

I'll add your suggestion into the rotation first... see what happens... then proceed to the others.

Windows Defender Definition Updates no longer appearing/installing

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Active member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Active member

My Computer

Well-known member

My Computer

Active member

My Computer

Well-known member

My Computer

Active member

My Computer

Active member

My Computer

Well-known member

My Computer

Active member

My Computer

Active member

My Computer

Active member

My Computer

Well-known member

My Computer

Active member

My Computer

Similar threads