Defender Group Policies and update locations

Jason P 136 Reputation points
2024-09-09T10:56:23.0866667+00:00

Hi All,

I am trying to set up Microsoft Defender to pull signatures and updates from a file share as opposed to using windows updates.

I have set the GPO to look at a DFS share that I created and has all the permissions to allow all computers to connect to it. I have tested this with psexec and it shows up that the it is the computer account in the open files on the file share. In the GPO I set the following order FileShares|InternalDefinitionUpdateServer|MicrosoftUpdateServer

It shows up correctly when running Get-MpPreference

When I run Update-MpSignature it fails. I don't see any sessions on the share and when I look in the Event log for that update it says:

Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.417.587.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.24070.3 Error code: 0x8024500c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Anybody been able to successfully get Defender to update from a file share source ?

Thanks

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,381 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Jason P 136 Reputation points
    2024-09-09T13:27:44.67+00:00

    Fixed the issue.

    Was running the wrong script for the files. Was running the VDI one instead of the SignatureDownloadCustomTask.ps1

    Also made sure create an x64 folder in the share.

    All working now

    0 comments No comments

  2. James Hamil 24,666 Reputation points Microsoft Employee
    2024-09-16T15:36:22.6833333+00:00

    Hi @Jason P , since you can't verify your own answer I'll repost it here for others to reference. Please mark "Accept Answer" for visibility.

    Problem: Update-MpSignature fails

    Solution: Run SignatureDownloadCustomTask.ps1 instead of VDI and create an x64 folder in the share.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.