Security intelligence updates for Microsoft Defender Antivirus not getting updates N-1 on 30% clients.

Daniel 1 Reputation point
2021-08-12T21:43:36.747+00:00

Hi Team,

Working in a Comanage environment where client get update from SCCM 4 hrs and microsoft cloud 4hrs

Still many are not installed with latest N-1 Day update even when reporting to Intune.

Will Triggering update manually on those selected client via SCCM help eg:

cd %ProgramFiles%\Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdate

Is this triggering safe and it won't corrupt defender.

Also is there ny other way as signature manually pushing from intune device remote action is no full proof and takes 30 min for one push.

Pls advice if any other methods available to increase signature updation.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,780 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,751 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jarvis Sun-MSFT 10,176 Reputation points Microsoft Vendor
    2021-08-13T07:20:56.98+00:00

    @Daniel Thanks for posting our Q&A.
    For our issue, I have done some research. We can try to use CSP to push signature updation, specifies the interval (in hours) that will be used to check for signatures.

    OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateInterval
    Valid values: 0-24.

    Please refer to: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-signatureupdateinterval


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.