question

Daniel-4868 avatar image
0 Votes"
Daniel-4868 asked saldana-msft edited

Security intelligence updates for Microsoft Defender Antivirus not getting updates N-1 on 30% clients.

Hi Team,

Working in a Comanage environment where client get update from SCCM 4 hrs and microsoft cloud 4hrs

Still many are not installed with latest N-1 Day update even when reporting to Intune.

Will Triggering update manually on those selected client via SCCM help eg:

cd %ProgramFiles%\Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdate

Is this triggering safe and it won't corrupt defender.

Also is there ny other way as signature manually pushing from intune device remote action is no full proof and takes 30 min for one push.

Pls advice if any other methods available to increase signature updation.

windows-10-securitymem-intune-device-configurations
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JarvisSun-MSFT avatar image
0 Votes"
JarvisSun-MSFT answered JarvisSun-MSFT commented

@Daniel-4868 Thanks for posting our Q&A.
For our issue, I have done some research. We can try to use CSP to push signature updation, specifies the interval (in hours) that will be used to check for signatures.

OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateInterval
Valid values: 0-24.

Please refer to: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-signatureupdateinterval



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JarvisSun-MSFT Thanks for answering I went through the documentation and also how to implement it via intune and understood concept however is there any other simpler solution that can be readily implemented as I am not that experienced in intune.

Also is running MpCmdRun.exe -SignatureUpdate from backend has some issue ?

It sometimes gives below error and sometimes work perfectly.

CmdTool: Failed with hr = 0x80501002.

Thanks for replying....

0 Votes 0 ·

@Daniel-4868 Thanks for your reply.
I am not very familiar with SCCM, so I think it is better to create an online support ticket to handle this issue. It is free. Here is the online support link and hope we can get more help.
https://docs.microsoft.com/en-us/mem/intune/fundamentals/get-support
Thanks for your understanding and have a nice day.

Best regards
Jarvis

0 Votes 0 ·