This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 15%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Hello,
I have working on a solution where I need to control the defender updates by disabling the auto updates and triggering the updates via a custom logic. I see there are 3 options in Set-MpPreference's signaturefallbackorder (i.e Update server, wsus, mmc) and one additional setting where we can update the definitions from an UNC share. I was wondering if we can configure the MpPreference to a custom url (like S3) from where the updates can be downloaded by the defender service when I put it there. Is this something possible?
Thank you!
Regards
Hello there,
Microsoft Defender relies on Windows Update for the latest virus definitions and keeps it up-to-date.
The Set-MpPreference cmdlet configures preferences for Windows Defender scans and updates.
You can schedule updates for your endpoints by:
Specifying the day of the week to check for protection updates
Specifying the interval to check for protection updates
Specifying the time to check for protection updates
By default, "SignatureScheduleDay" is set as "8" and "SignatureUpdateInterval" is set as "0" so Microsoft Defender Antivirus will not schedule protection updates. Enabling these settings will override that default and you can change the settings to configure the update interval.
------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--
The signaturefallbackorder as you know, can control the sources and order of signature update deployment. Basically Windows Update, MECM, WSUS, or local file share. This is used mainly by customers that want to control the update process. They want to manage the timing and testing more closely or they have systems without direct access to Windows Update. I am not aware of an option to substitute additional locations like a custom URL.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 23%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
The Set-MpPreference cmdlet configures preferences for Windows Defender scans and updates. You can modify exclusion file name extensions, paths, or processes, and specify the default action for high, moderate, and low threat levels.
Check it here