Share via

Windows defender clients not updating

Ian 1 Reputation point
2021-05-19T16:46:14.2+00:00

We have an ADR to deploy our Defender definitions, but it seems like at least some of our Windows 10 clients are not updating. The machines are in the same OU as others that receive updates, although I'm not sure if the successful machines are receiving from a fallback location. I've checked the ADR and the policy, and they appear to be correct. The failing machines are generating Event ID 2001 with the following error text:

Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072efd
Error description: A connection with the server could not be established

There is also a mention of the source path :

https://go.microsoft.com/fwlink/?LinkID=851034&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=77BDAF73-B396-481F-9042-AD358843EC24&ostype=0&signaturetype=0&beta=0&plat=4.18.2102.4&OsVersion=10.0.17134.2208&altlocation=0

This suggests to me that it is not looking at SCCM, but falling back and failing.

I've tried all the suggestions I could google, including resetting Internet settings, and clearing all the previous definitions. I can manually download and apply, but this is frustrating with over 400 machines not complying.

I'd be grateful for more suggestions and happy to provide any information I have missed.

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jenny Feng 14,246 Reputation points
    2021-05-20T02:15:07.807+00:00

    @Ian
    Hi,
    According to the error code, this error occurs when there is a problem updating definitions. To troubleshoot this event:
    Update definitions and force a rescan directly on the endpoint.
    Review the entries in the %Windir%\WindowsUpdate.log file for more information about this error.

    Due to security policy, community support cannot download and save user’s personal data such as dump or log files, please install WinDbg from Microsoft website and analyze crash dump files.
    https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
    If you really need crash dump files analysis support, open a support ticket with Microsoft.

    Hope above information can help you.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.