Got a server in our estate that keeps drifting for its AV updates. No changes except routine patching, problem started maybe a week ago
These commands pretty much sum it up, fails against windows update, succeeds against MMPC. Anyone tell me what the technical difference is between how it retrieves updates from these two? All others clients are fine and can talk to MicrosoftUpdatesServer for definitions.
PS C:\temp> Update-MpSignature -UpdateSource MicrosoftUpdateServer
Update-MpSignature : Virus and spyware definitions update was completed with errors.
At line:1 char:1
+ Update-MpSignature -UpdateSource MicrosoftUpdateServer
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature) [Update-MpSignature],
CimException
+ FullyQualifiedErrorId : HRESULT 0x8024500c,Update-MpSignature
PS C:\temp> Update-MpSignature -UpdateSource MMPC
Maybe of slight interest is that if I remove the definitions completely then MicrosoftUpdateServer works ok
P
S C:\temp> & 'C:\Program Files\Windows Defender\MpCmdRun.exe' -removedefinitions -all
Service Version: 4.18.2203.5
Engine Version: 1.1.19100.5
AntiSpyware Signature Version: 1.363.23.0
AntiVirus Signature Version: 1.363.23.0
Starting engine and signature rollback to none...
Done!
PS C:\temp> Update-MpSignature -UpdateSource MicrosoftUpdateServer
PS C:\temp> Update-MpSignature -UpdateSource MicrosoftUpdateServer
Update-MpSignature : Virus and spyware definitions update was completed with errors.
At line:1 char:1
+ Update-MpSignature -UpdateSource MicrosoftUpdateServer
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature) [Update-MpSignature],
CimException
+ FullyQualifiedErrorId : HRESULT 0x8024500c,Update-MpSignature
PS C:\temp> Update-MpSignature -UpdateSource mmpc
PS C:\temp>