sccm endpoint protection client update manually

toca poca 1 Reputation point
2020-10-15T13:51:57.31+00:00

OK guys, so i've been struggling with this issue for 2 now, at a total loss at the moment.

we received an audit stating our antivirus client version is at risk.

"The engine version of Microsoft Windows Defender installed on the remote Windows host is prior to
4.18.2001.112. It is, therefore, affected by a hard link elevation of privilege vulnerability which could allow an
attacker who successfully exploited this vulnerability to elevate privileges on the system."

I ran a Endpoint protection report and roughly half the servers in the environment is on version 4.10.2xxxx and the other half 4.18.2xxx

most docs states the if im using sccm i should just make sure that I've selected the correct products and classifications in wsus

The classifications i have selected are: critical updates, Definition Updates, Security Updates, Updates, Upgrades.
The products for AV that are selected: Forefront Client Security, System Center Endpoint Protection, Microsoft Security Essentials, Microsoft Defender Antivirus.

I tried manually installing the scepinstall.exe (found in the client install folder) on the servers but it just fails stated the version installed on the server is newer.

I tried totally cleaning the sccm agent and reinstalling but that did not help.

I tried searching for an offline version of the client and the closest i came was the link below.

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623
I downloaded the file and ried to install them but but that did not work.

All i want to do is just update this client; does anyone file a solution or had this issue before?

All servers are fully patched in the environment.

Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
922 questions
{count} votes

3 answers

Sort by: Most helpful
  1. toca poca 1 Reputation point
    2020-10-15T13:55:52.277+00:00

    I've added some screenshots if it helps

    32630-classifications.png

    32615-products1.png

    32616-products2.png

    32695-products3.png

    32685-avreport.png

    0 comments No comments

  2. AllenLiu-MSFT 38,006 Reputation points Microsoft Vendor
    2020-10-16T07:31:19.257+00:00

    @toca poca
    Thank you for posting in Microsoft Q&A forum.
    Here are many ways to update antimalware definitions:

    1. Updates distributed from Configuration Manager
    2. Updates distributed from Windows Server Update Services (WSUS)
    3. Updates distributed from Microsoft Update
    4. Updates distributed from Microsoft Malware Protection Center
    5. Updates from UNC file shares
      https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/endpoint-definition-updates

    To confirm with you, are you using SUP to deploy the updates, can you see the latest definitions of All software updates in your console? If so, you may try to create an ADR use method 1.
    Or you can manually download the latest definition updates from Microsoft and then configure clients to download these definitions from a shared folder on the network use method 5.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. toca poca 1 Reputation point
    2020-10-16T09:18:29.617+00:00

    Thanks man, Yes im using SUP and all the definitions are upto date, its the client version that i need to increase to version 4.18xxx from 4.10xxx

    32798-avreport.png

    0 comments No comments