Disabling windows defender auto updates

Pawan Singh 1 Reputation point


I have working on a solution where I need to control the defender updates by disabling the auto updates and triggering the updates via a custom logic. I see there are 3 options in Set-MpPreference's signaturefallbackorder (i.e Update server, wsus, mmc) and one additional setting where we can update the definitions from an UNC share. I was wondering if we can configure the MpPreference to a custom url (like S3) from where the updates can be downloaded by the defender service when I put it there. Is this something possible?

Thank you!


Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,780 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Limitless Technology 39,436 Reputation points

    Hello there,

    Microsoft Defender relies on Windows Update for the latest virus definitions and keeps it up-to-date.

    The Set-MpPreference cmdlet configures preferences for Windows Defender scans and updates.

    You can schedule updates for your endpoints by:

    Specifying the day of the week to check for protection updates
    Specifying the interval to check for protection updates
    Specifying the time to check for protection updates

    By default, "SignatureScheduleDay" is set as "8" and "SignatureUpdateInterval" is set as "0" so Microsoft Defender Antivirus will not schedule protection updates. Enabling these settings will override that default and you can change the settings to configure the update interval.

    More info here https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus?view=o365-worldwide


    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

  2. Andrew Blumhardt 9,586 Reputation points Microsoft Employee

    The signaturefallbackorder as you know, can control the sources and order of signature update deployment. Basically Windows Update, MECM, WSUS, or local file share. This is used mainly by customers that want to control the update process. They want to manage the timing and testing more closely or they have systems without direct access to Windows Update. I am not aware of an option to substitute additional locations like a custom URL.

    0 comments No comments

  3. S.Sengupta 15,766 Reputation points MVP

    The Set-MpPreference cmdlet configures preferences for Windows Defender scans and updates. You can modify exclusion file name extensions, paths, or processes, and specify the default action for high, moderate, and low threat levels.
    Check it here

    0 comments No comments