Have you reviewed the client to see what the logs say?
Windows defender definitions not updating on some clients through SCCM
Hi,
I am having issues that some clients showing having definitions older than 7 days. This is very frustrating. Kindly help me out to reduce count of "7 days old machines". Please let me know which logs needs to be check at client side.
I have configure the ADR rule and in Default Antimalware Client Policy, first source is Updates distributed from configuration manager.
3 answers
Sort by: Most helpful
-
-
Kalyan Sundar 561 Reputation points
2022-03-02T18:43:46.347+00:00 To troubleshoot missing latest definitions you have to look into few log files,
C:\programFiles\Microsoft Security Client\Antimalware or C:\programFiles\Windows Defender
MPCacheState.log
Mpdetection.log
Mplog.log
C:\Windows\CCM\Logs\EndpointProtectionAgent.log -
AllenLiu-MSFT 43,061 Reputation points Microsoft Vendor
2022-03-21T07:47:18.25+00:00 Hi, @Sarfraz Aslam
Thank you for posting in Microsoft Q&A forum.
May we know what's the definition status now? Have we fixed the issue?
I think the computers have the definitions older than 7 days should have something wrong with software updates, we may first check WuaHander.log on the computers to see if the clients can scan the updates correctly?
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.