This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 84%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
We have an ADR to deploy our Defender definitions, but it seems like at least some of our Windows 10 clients are not updating. The machines are in the same OU as others that receive updates, although I'm not sure if the successful machines are receiving from a fallback location. I've checked the ADR and the policy, and they appear to be correct. The failing machines are generating Event ID 2001 with the following error text:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072efd
Error description: A connection with the server could not be established
There is also a mention of the source path :
This suggests to me that it is not looking at SCCM, but falling back and failing.
I've tried all the suggestions I could google, including resetting Internet settings, and clearing all the previous definitions. I can manually download and apply, but this is frustrating with over 400 machines not complying.
I'd be grateful for more suggestions and happy to provide any information I have missed.
@Ian
Hi,
Just checking in to see if the information provided was helpful.
If the reply helped you, please remember to accept as answer.
If no, please reply and tell us the current situation in order to provide further help.
@Ian
Hi,
We have not get information from you for several days.
If the reply is useful for you, please accept as answer. It will be helpful to other members who have same questions.
If you have any other confuse, please reply to us directly.
@Ian
Hi,
According to the error code, this error occurs when there is a problem updating definitions. To troubleshoot this event:
Update definitions and force a rescan directly on the endpoint.
Review the entries in the %Windir%\WindowsUpdate.log file for more information about this error.
Due to security policy, community support cannot download and save user’s personal data such as dump or log files, please install WinDbg from Microsoft website and analyze crash dump files.
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
If you really need crash dump files analysis support, open a support ticket with Microsoft.
Hope above information can help you.
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.