Windows Defender Definition Updates no longer appearing/installing

Well, this is interesting: This morning's post-logon check. All Group Policy options set to "Not Configured" except for "Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates set to "3 = Default - Auto download and notify for install".

This would actually be what I'd expect based on the text of the option. Could my system be working normally? LOL.

Levitate11 said:

This would actually be what I'd expect based on the text of the option. Could my system be working normally? LOL.

Click to expand...

Glad it working for you. Hope it continues.

oldschool said:

If you experience the problem again, one option is to run this as a batch file. It will force a clean signature update package.
cd %ProgramFiles%\Windows Defender

MpCmdRun.exe -removedefinitions -dynamicsignatures

MpCmdRun.exe -SignatureUpdate

Click to expand...

Silly question but how would you create a batch file for this?

cheaterslick said:

Silly question but how would you create a batch file for this?

Click to expand...

Start Notepad and type in these four lines with spacing as shown:

cd "\Program Files\Windows Defender"
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdate
pause

Save the file as something like UpdateVirSigs.bat in a convenient location.
The .bat extension is needed to make it a batch file.

If you save it to your Desktop, you can just double click it and it will run. The "pause" command I added is for that reason: It will stop the run process after everything runs so that you can see the results. Otherwise it will flash quickly and be gone.

You can also save it to another directory like your documents directory, which Notepad will select by default. If you want to run it from there, you'll need to do this:

Start a Command Prompt
At the c:\> prompt, type in: cd %USERPROFILE%\documents
Your command prompt will now say C:\Users\YourAccount\Documents>
Type the name of your batch file then hit enter, i.e. UpdateVirSigs.bat

cheaterslick said:

Silly question but how would you create a batch file for this?

Click to expand...

I just run the commands individually. I have to laugh and admit that batch files are above my pay grade.The batch file would only be useful if you performed this action frequently.

Latest status:

Started Windows Update by itself late last night. It immediately went to check for updates without me having to click the Check Updates. Not really "preferred" behavior but I guess it's like an automated Task Scheduler run of the Update mechanism... maybe if it hasn't run in 12 hours, it kicks off the check on its own.

It found one update (Definitions) and posted it in the Update window. It did not install. I assume it downloaded as that was not an open question.

So far, Option 3 appears to be holding course.

Levitate11 said:

The "pause" command I added is for that reason: It will stop the run process after everything runs so that you can see the results. Otherwise it will flash quickly and be gone.

Click to expand...

Yeah, that's what threw me. I've made batch files before but it's been a long time and those extra command lines like "@echo" or "pause" is why I asked.

Thanks!

Yesterday I set the "Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates back to "2 = Notify before downloading and installing any updates.".

This morning there was no notification in Windows Update that there was a Definition Update waiting as there should have been. Running Check Updates told me I was up to date. A quick check at MS showed me that my Definitions were definitely not up to date.

I set the policy back to "3 = Default - Auto download and notify for install". Still no updates.

On a whim, I then checked the Windows Defender setting that allows "occasional" scans. I had set this to "on" back about ten days ago at the suggestion of @kelper. To my surprise, it was now set back to "off".

After turning it on, I "Checked Updates". Update was there. Downloaded and Installed.

So, at some point Windows appears to have shut off the "occasional scans". Odd. MS must have decided I didn't need that. Or maybe Avast did.

I'm going to run with Option 3 for a few days and keep and eye on the Defender setting. Then I'll switch back to option 2 and again watch the Defender settings for a few days.