question

CWilliams-4952 avatar image
0 Votes"
CWilliams-4952 asked

Server 2019 - Windows Defender definition updates suddenly failing

Got a server in our estate that keeps drifting for its AV updates. No changes except routine patching, problem started maybe a week ago

These commands pretty much sum it up, fails against windows update, succeeds against MMPC. Anyone tell me what the technical difference is between how it retrieves updates from these two? All others clients are fine and can talk to MicrosoftUpdatesServer for definitions.

 PS C:\temp> Update-MpSignature -UpdateSource MicrosoftUpdateServer
 Update-MpSignature : Virus and spyware definitions update was completed with errors.
 At line:1 char:1
 + Update-MpSignature -UpdateSource MicrosoftUpdateServer
 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : NotSpecified: (MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature) [Update-MpSignature],
     CimException
     + FullyQualifiedErrorId : HRESULT 0x8024500c,Update-MpSignature
    
 PS C:\temp> Update-MpSignature -UpdateSource MMPC

Maybe of slight interest is that if I remove the definitions completely then MicrosoftUpdateServer works ok

P
S C:\temp> & 'C:\Program Files\Windows Defender\MpCmdRun.exe' -removedefinitions -all

 Service Version: 4.18.2203.5
 Engine Version: 1.1.19100.5
 AntiSpyware Signature Version: 1.363.23.0
 AntiVirus Signature Version: 1.363.23.0
    
 Starting engine and signature rollback to none...
 Done!
 PS C:\temp> Update-MpSignature -UpdateSource MicrosoftUpdateServer
 PS C:\temp> Update-MpSignature -UpdateSource MicrosoftUpdateServer
 Update-MpSignature : Virus and spyware definitions update was completed with errors.
 At line:1 char:1
 + Update-MpSignature -UpdateSource MicrosoftUpdateServer
 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : NotSpecified: (MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature) [Update-MpSignature],
     CimException
     + FullyQualifiedErrorId : HRESULT 0x8024500c,Update-MpSignature
    
 PS C:\temp> Update-MpSignature -UpdateSource mmpc
 PS C:\temp>

windows-serverwindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers