Manual install of Microsoft Defender Antivirus update

Anonymous

Hello,

I have a laptop that does not have access to internet. I still need to scan it and update antivirus definition file.

I download the file from PC that has access to internet, then transfer it to laptop and try to install update. I do it using command line and running this:

"C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate -Path C:\Users\Admin\Downloads\mpam-fe.exe

It did not work for me but when I connected laptop to internet it worked fine.

Hence my question: when I want to install Defender update file ... should laptop be connected to internet? Or manual update should also work when laptop is isolated?

Here are results from the log:

With internet connection:

------------------------------------------------------------------------------------- MpCmdRun: Command Line: "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate -Path C:\Users\Admin\Downloads\mpam-fe.exe Start Time: ‎Fri ‎Feb ‎11 ‎2022 18:25:35 MpEnsureProcessMitigationPolicy: hr = 0x1 Start: MpSignatureUpdate() Calling MpUpdateStartEx with option 0x1 Update started Search Started (MU/WU update) (Path: https://fe2cr.update.microsoft.com/v6/)... Search Completed Download Started... Download Completed Download Completed Installation Started... Installation Completed Update completed succesfully. (hr:0x00000000) Finish: MpSignatureUpdate() MpCmdRun: End Time: ‎Fri ‎Feb ‎11 ‎2022 18:25:42 -------------------------------------------------------------------------------------

Without internet connection: MpCmdRun: Command Line: "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate -Path C:\Users\Admin\Downloads\mpam-fe.exe Start Time: ‎Fri ‎Feb ‎11 ‎2022 18:30:59 MpEnsureProcessMitigationPolicy: hr = 0x1 Start: MpSignatureUpdate() Calling MpUpdateStartEx with option 0x1 Update started Search Started (MU/WU update) (Path: https://fe2cr.update.microsoft.com/v6/)... Search Completed Update failed with hr: 0x80240438 Update completed with hr: 0x80240438 ERROR: Signature Update failed with hr=80240438 MpCmdRun: End Time: ‎Fri ‎Feb ‎11 ‎2022 18:31:08 -------------------------------------------------------------------------------------

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

11 answers

Anonymous

2022-02-12T14:22:05+00:00
Thanks again for trying to resolve my issue but still I don't have a luck.

Here's what I did:
1. run in PowerShell - Get-MpComputerStatus
2. realized my current version of AntivirusSignatureVersion is 1.359.59.0
3. copy mpam-fe.exe to C:\Temp
4. execute mpam-fe.exe and check Get-MpComputerStatus that version did not change !!! i.e. it did not have effect
5. execute as Admin: "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions and checked that now version is 1.359.45.0
6. execute again as Admin mpam-fe.exe but version did not change
7. created UNC share like this: net share UNC=C:\temp. file mpam-fe.exe is located in C:\temp
8. execute "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate -UNC - Update failed with hr=80070490
9. execute "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate -UNC -Path C:\Temp\mpam-fe.exe - Update failed with hr=80070002
Well ... when I connect to my Wi-Fi and run -SignatureUpdate it does change the version but using it offline ( as I have to ) and trying all options I mentioned above ... no luck,

Any clue?

Appreciate your help
Was this answer helpful?

2 people found this answer helpful.

0 comments No comments
Anonymous

2022-02-12T05:26:31+00:00

Hello, thank you for your reply.

The SignatureUpdate option requires you to specific UNC or MMPC sources to check for new Security intelligence updates. There is not a "Path" flag.

You can refer to the documentation here on creating a UNC source: https://docs.microsoft.com/microsoft-365/securi...

Please let me know if I can help you further!
Was this answer helpful?

2 people found this answer helpful.

0 comments No comments
Anonymous

2022-02-12T03:42:50+00:00

Hi, thanks for reaching out! Sorry about the frustration encountered and please allow me to assist you.

I assumed you have downloaded latest Security intelligence updates from this link: https://www.microsoft.com/wdsi/defenderupdates

To install the update, you can double click on downloaded "mpam-fe.exe" file once it's copied to the laptop that is offline. There is no need to execute MpCmdRun to apply the update.

Please let me know if I can help you further!
Was this answer helpful?

2 people found this answer helpful.

0 comments No comments
Anonymous

2022-02-12T04:53:25+00:00

Hello, thank you for your reply.

The laptop does not need to be online to apply "mpam-fe.exe". You should script to execute mpam-fe.exe and not pass it through MpCmdRun.

For example, if mpam-fe.exe is in C:\Temp, you should run "C:\Temp\mpam-fe.exe".

By the way, there is no output with the update. You can check if the update is applied succcessful via GUI or log file.

Please let me know if I can help you further!
Was this answer helpful?

1 person found this answer helpful.

0 comments No comments
Anonymous

2022-02-12T04:37:02+00:00

Hi Tianxiang,

Thanks for replying

You are correct and I downloaded the file from the link you posted

My goal is to automate update and scan processes hence I have to script it.

FYI: I tried to run this file as administrator and it didn’t work either when my laptop was off-line.

Hence my concern is: should laptop be on-line when try to install the file?

Note: my laptop is located behind the VLAN and doesn’t have access to internet. Hence I have to update Defender offline

You could see in the log successful and failed update cases depending of online vs. offline

Any clue?

Thanks
Was this answer helpful?

1 person found this answer helpful.

0 comments No comments

Share via

Manual install of Microsoft Defender Antivirus update

11 answers