Hello,
I have trouble keeping a server of our company up-to-date when it comes to windows defender definition files. It installs other security updates as normal, but it seems I am stuck with a very old definition of the the windows defender. Whenever I check windows update, I see this error:
Security Intelligence-Update for Windows Defender Antivirus - KB915597 (Version 1.363.1679.0) – Error 0x80070643
The system is a Windows Server 2019 Standard (Version 1809 Build 17763.2928) runninng in Hyper-V. Kaspersky is running as an antivirus software on the system. We do not use a local WSUS server.
I have tried using the tips of several websites, like clearing out the temp files of windows in general or the software distribution path, restarting the update service afterwards.
In the CBS.log, I see this entry, I don't know if this is related: "Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]"
In the WindowsUpdate.log, I can see this part, ending with a "FAILED" message, maybe this helps with the investigation?:
2022.05.12 11:13:25.3903228 7188 4464 ComApi QUEUED Updates to install = 1
2022.05.12 11:13:25.3903278 7188 4464 ComApi Install ClientId = UpdateOrchestrator (cV: /F63IHkXVU2TpdwD.5.0.0)
2022.05.12 11:13:25.3951398 5632 5624 Agent Title = Security Intelligence-Update f??r Windows Defender Antivirus - KB915597 (Version 1.363.1679.0)
2022.05.12 11:13:25.3951459 5632 5624 Agent UpdateId = 347426ED-0457-4A6B-99E3-7C722AFF2405.200
2022.05.12 11:13:25.3951475 5632 5624 Agent Bundles 7 updates:
2022.05.12 11:13:25.3951520 5632 5624 Agent D24B570A-714A-4783-B8CD-39589895831A.200
2022.05.12 11:13:25.3951562 5632 5624 Agent D93D1252-6F2B-4909-B663-BD8E9B077C2C.200
2022.05.12 11:13:25.3951602 5632 5624 Agent 860E6BA4-B55B-40FA-A0A8-58AAEF4100E3.200
2022.05.12 11:13:25.3951639 5632 5624 Agent 7D78E3C3-F78C-4BB3-84B9-3249C6D7E08D.200
2022.05.12 11:13:25.3951673 5632 5624 Agent 42B5983F-B24D-4BFC-8F06-3AE66494227C.200
2022.05.12 11:13:25.3951710 5632 5624 Agent EA2A0C1A-555A-43FA-9BDE-ADD7FD539C49.200
2022.05.12 11:13:25.3951797 5632 5624 Agent 53CEC3E3-D1B8-410E-A857-2DC9A5AD9B71.200
2022.05.12 11:13:25.3956986 5632 5624 Agent Validating updates before Install
2022.05.12 11:13:25.5174250 5632 5624 Agent Pre-install check complete
2022.05.12 11:13:25.5175801 5632 5624 DataStore Failed to find update with global id of D93D1252-6F2B-4909-B663-BD8E9B077C2C.200 (sessiondata = (null))
2022.05.12 11:13:25.5176256 5632 5624 Agent WU client starts install in local system context
2022.05.12 11:13:25.5213894 5632 5624 Handler Attempting to create remote handler process as KILIAN\Administrator in session 1
2022.05.12 11:13:25.5547647 5632 5624 DownloadManager Preparing update for install, updateId = 7D78E3C3-F78C-4BB3-84B9-3249C6D7E08D.200.
2022.05.12 11:13:25.6046703 5632 5624 DownloadManager ExtractUpdateFiles
2022.05.12 11:13:25.6050307 2136 6840 Handler * START * Command Line Install Updates to install = 1
2022.05.12 11:13:27.0054143 2136 6840 Handler Command line install completed. Return code = 0x80070645, Result = Failed, Reboot required = false
2022.05.12 11:13:27.0057756 2136 6840 Handler * END * Command Line Install 0x8024200b
2022.05.12 11:13:27.0060680 5632 5624 Agent FAILED [8024200B] Method failed [CAgentUpdateManager::InstallUpdate:11739]
I have no clue where to go next in investigation. Can someone help?
Kind Regards,
JP