MDE updates not working randomly - The server name or address could not be resolved

Damian992 20 Reputation points
2023-09-21T12:21:09.56+00:00

Hi All,

We got MDE onboarded devices via MECM. Part of machines work good, part of them throw errors while trying to gather updates - this is weird as observing one device, it can get stuck at downloading updates(from MS, not via WSUS) few times, and then randomly just download it.

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
  New security intelligence Version: 
  Previous security intelligence Version: 1.397.453.0
  Update Source: Microsoft Malware Protection Center
  Security intelligence Type: AntiSpyware
  Update Type: Full
  User: NT AUTHORITY\SYSTEM
  Current Engine Version: 
  Previous Engine Version: 1.1.23080.2005
  Error code: 0x80072ee7
  Error description: The server name or address could not be resolved

So, The error is that System account, cannot connect to MS to download the update. We have used Psexec to use System account to connect to the same link we found in logs failing previously, and it was able to download the update. I am wondering - is there something that MDE client/settings might be interfering here? At first glance it looks like network issue, however doing nothing to machine and just keeping it on lan, might trigger the update to get downloaded after half a day or a day eventually

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,892 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,352 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 32,316 Reputation points Microsoft Employee
    2023-09-22T07:11:42.43+00:00

    @Damian992 Thank you for reaching out to us, As I understand you are trying to troubleshoot Error code: 0x80072ee7 coming randomly on the windows devices while updating defender engine.

    Researched on this error, seems to be network issue which is causing the device to communicate with the Microsoft Defender Antivirus cloud service. Do you have any proxy configured on the device?

    Would recommend to run this command on the device having this issue

    MpCmdRun.exe -ValidateMapsConnection and a simultaneous network trace might give some hint on what is happening on the network layer.

    Also executing this cmd - Mpcmdrun.exe -ValidateMapsConnection -MpCmdRunWithTracing will collect etl trace (do share the etl trace (in a zip format over here email to 'AzCommunity@microsoft.com' with Sub - Attn: Givary ).

    Download the Microsoft Defender for Endpoint client analyzer - this will help to troubleshoot network connectivity issues.

    Let me know if you have any further questions, feel free to reach out to me over email we can connect offline for further troubleshooting.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.