We deploy Microsoft patches to our Window servers and workstations using Configuration Manager.
Recently Microsoft released a buggy Defender engine (version 1.1.18100.5) that generated millions of files and filled-up hard drives & slowed-down our computers. I manually downloaded the fixed/updated Defender engine version 1.1.18100.6 and started deploying it to workstations as a package on Friday using ConfigMgr.
Since then I can see that many of our workstations have already updated their Defender engine version. Many of these are systems that I did not target with the update package that I created.
How are systems that I am not targeting getting the updated engine version? I did not run our ADR so I don't think it is being deployed by ConfigMgr since the update would not be in our repository. I know that AV definition updates will fall-back to Windows Update after X days to keep AV definitions up to date even without access to a Distribution Point. Is the same true for the Defender engine versions? If so, how often will a managed computer go out and check for Engine updates on the web?
If someone can point me to documentation that explains this I would appreciate it.
Also, I downloaded the workstation update from this link https://www.microsoft.com/en-us/wdsi/defenderupdates It lists the update for Windows 8 and Windows 10. No server OS are listed. Where can I obtain the source for different server OS versions?
Thanks



