Share via

Window Defender - File MpSigStub.exe version not updated

Anonymous
2024-04-02T02:56:51+00:00

I'm currently managing a number of servers, last week i have updated the OS on all of them but some servers got a vulnerability that said the file MpSigStub.exe is of old version. I checked and saw that the MpSigStub.exe version on these servers are 1.1.18500.10 and others are 1.1.23080.1001. There servers are all Windows server 2019 Gen 2 and running on Azure.

Could you help me to list out some causes why this file was not updated (can this be found in windows update log) and how to update them ?

Windows Server | Remote and virtual desktops

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-04-03T09:24:41+00:00

    Hello,

    The MpSigStub.exe file is a part of Windows Defender, and it is used to update the antivirus definitions. To address the outdated MpSigStub.exe versions on your Windows Server, you can open a PowerShell session on each affected server and run the following command to update the antimalware definitions: Update-MpSignature. For more details, please refer to this article: Update-MpSignature (Defender) | Microsoft Learn.

    Additionally, you can check the Windows Update logs to identify any issues related to the update process. To access the Windows Update logs: Open Event Viewer > Windows Logs > System. Look for events related to Windows Update (Event IDs: 19, 20, or 25). **** Please enable Show Analytic and Debug Logs first.

    I hope this helps.

    Regards

    0 comments
  2. Anonymous
    2024-04-05T07:27:35+00:00

    Dear Yaycen,

    What i want to know is why the file wasn't updated. I checked the event view id 19 on all of my servers, saw that the logs from the affected servers and from the normal servers were the same. So i think the OS update operations are successfull and indentical on all my servers but there are 2 servers that have the file MpSigStub.exe.

    What do you think is the root cause of this problem? Can you just provide any initial hints or ideas that come to mind?

    Thank you for your support.

    0 comments
  3. Anonymous
    2024-06-20T14:51:11+00:00

    I am also having this problem. Running Update-MpSignature -UpdateSource mmpc updates mpsigstub to v1.1.24050.5, but then as soon as Windows Update runs it resets the version to v1.1.1550.2.

    Within Settings / Windows Security is does show the engine version as v1.1.24050.5, but the file version of mpsigstub is reset to v1.1.1550.2, and this is flagged by Qualys as vulnerable.

    0 comments
  4. Anonymous
    2024-09-27T16:53:59+00:00

    I am also running into a problem. I have done the steps above and still cannot get it to update. Its still 1.1.18500.10. I am also seeing this error message in event viewer under windows defender -> operational

    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

      New security intelligence Version: 

      Previous security intelligence Version: 1.419.229.0

      Update Source: Microsoft Update Server

      Security intelligence Type: AntiVirus

      Update Type: Full

      User: NT AUTHORITY\SYSTEM

      Current Engine Version: 

      Previous Engine Version: 1.1.24080.9

      Error code: 0x80072f8f

      Error description: A security error occurred

    0 comments