Updating Windows Defender Antivirus fails with Error 0x80070643

Jan Peter Lindner 21 Reputation points
2022-05-12T10:03:37.34+00:00

Hello,

I have trouble keeping a server of our company up-to-date when it comes to windows defender definition files. It installs other security updates as normal, but it seems I am stuck with a very old definition of the the windows defender. Whenever I check windows update, I see this error:

Security Intelligence-Update for Windows Defender Antivirus - KB915597 (Version 1.363.1679.0) – Error 0x80070643

The system is a Windows Server 2019 Standard (Version 1809 Build 17763.2928) runninng in Hyper-V. Kaspersky is running as an antivirus software on the system. We do not use a local WSUS server.

I have tried using the tips of several websites, like clearing out the temp files of windows in general or the software distribution path, restarting the update service afterwards.

In the CBS.log, I see this entry, I don't know if this is related: "Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]"

In the WindowsUpdate.log, I can see this part, ending with a "FAILED" message, maybe this helps with the investigation?:

2022.05.12 11:13:25.3903228 7188 4464 ComApi QUEUED Updates to install = 1
2022.05.12 11:13:25.3903278 7188 4464 ComApi Install ClientId = UpdateOrchestrator (cV: /F63IHkXVU2TpdwD.5.0.0)
2022.05.12 11:13:25.3951398 5632 5624 Agent Title = Security Intelligence-Update f??r Windows Defender Antivirus - KB915597 (Version 1.363.1679.0)
2022.05.12 11:13:25.3951459 5632 5624 Agent UpdateId = 347426ED-0457-4A6B-99E3-7C722AFF2405.200
2022.05.12 11:13:25.3951475 5632 5624 Agent Bundles 7 updates:
2022.05.12 11:13:25.3951520 5632 5624 Agent D24B570A-714A-4783-B8CD-39589895831A.200
2022.05.12 11:13:25.3951562 5632 5624 Agent D93D1252-6F2B-4909-B663-BD8E9B077C2C.200
2022.05.12 11:13:25.3951602 5632 5624 Agent 860E6BA4-B55B-40FA-A0A8-58AAEF4100E3.200
2022.05.12 11:13:25.3951639 5632 5624 Agent 7D78E3C3-F78C-4BB3-84B9-3249C6D7E08D.200
2022.05.12 11:13:25.3951673 5632 5624 Agent 42B5983F-B24D-4BFC-8F06-3AE66494227C.200
2022.05.12 11:13:25.3951710 5632 5624 Agent EA2A0C1A-555A-43FA-9BDE-ADD7FD539C49.200
2022.05.12 11:13:25.3951797 5632 5624 Agent 53CEC3E3-D1B8-410E-A857-2DC9A5AD9B71.200
2022.05.12 11:13:25.3956986 5632 5624 Agent Validating updates before Install
2022.05.12 11:13:25.5174250 5632 5624 Agent Pre-install check complete
2022.05.12 11:13:25.5175801 5632 5624 DataStore Failed to find update with global id of D93D1252-6F2B-4909-B663-BD8E9B077C2C.200 (sessiondata = (null))
2022.05.12 11:13:25.5176256 5632 5624 Agent WU client starts install in local system context
2022.05.12 11:13:25.5213894 5632 5624 Handler Attempting to create remote handler process as KILIAN\Administrator in session 1
2022.05.12 11:13:25.5547647 5632 5624 DownloadManager Preparing update for install, updateId = 7D78E3C3-F78C-4BB3-84B9-3249C6D7E08D.200.
2022.05.12 11:13:25.6046703 5632 5624 DownloadManager ExtractUpdateFiles
2022.05.12 11:13:25.6050307 2136 6840 Handler * START * Command Line Install Updates to install = 1
2022.05.12 11:13:27.0054143 2136 6840 Handler Command line install completed. Return code = 0x80070645, Result = Failed, Reboot required = false
2022.05.12 11:13:27.0057756 2136 6840 Handler * END * Command Line Install 0x8024200b
2022.05.12 11:13:27.0060680 5632 5624 Agent FAILED [8024200B] Method failed [CAgentUpdateManager::InstallUpdate:11739]

I have no clue where to go next in investigation. Can someone help?

Kind Regards,

JP

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,404 questions
0 comments No comments
{count} votes

Accepted answer
  1. Rita Hu -MSFT 9,641 Reputation points
    2022-05-13T07:26:12.787+00:00

    @Jan Peter Lindner
    It seems that you haven't enable the Windows Defender Antivirus feature in the Server. Please try to follow the below steps to enable the feature and scan for updates automatically.
    Turn on the GUI using the **Add Roles and Features Wizard:**

    1. See Install roles, role services, and features by using the add Roles and Features Wizard, and use the Add Roles and Features Wizard.
    2. When you get to the Features step of the wizard, under Windows Defender Features, select the GUI for Windows Defender option.

    Turn on the GUI using PowerShell:
    Also we could run the followig PowerShell command to enable the feature:

    Install-WindowsFeature -Name Windows-Defender-GUI  
    

    Note that don't forget to open the PowerShell as an administrator before running the command.

    Best regards,
    Rita


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. Rita Hu -MSFT 9,641 Reputation points
    2022-05-13T05:57:40.257+00:00

    @Jan Peter Lindner
    Thanks for your posting on Q&A.

    I found the following error tips in the log files:
    201597-5.png

    It seems that there are something wrong with Windows Defender Antivirus update files. Please follow the below link to clear the current cache and trigger an update. ]
    https://www.microsoft.com/en-us/wdsi/defenderupdates

    cd %ProgramFiles%\Windows Defender  
    MpCmdRun.exe -removedefinitions -dynamicsignatures  
    MpCmdRun.exe -SignatureUpdate  
    

    Hope the above will be helpful. Wish you have a great weekend.

    Best regards,
    Rita


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.