This will require some more deep dive. Have you checked in updatesdeployment log if the assignment is coming through on the devices in question? Also, Defender updates have a fallback process for installing updates. Is pulling for updates from internet allowed?
WUAHandler.log and Defender updates
Hi,
We were recently made aware that a large number of Windows 10 clients are not updating the latest Defender definition file. About half stopped updating on 23rd July according to WUAHandler.log. I have checked the latest definition version number and it is indeed from the 22nd July for these computers.
Definition updates are deployed via Config Manager using an ADR.
The ADR runs successfully. I can see the latest definition file from today in the Software update group.
If there was a problem with the ADR then why are the other half of win10 machines updating successfully every day?
The other weird thing is looking at the WUAHandler.log file of a computer that updated its definition today. It also shows the last entry for Defender definitions on 23 July.
It would appear that WUAHandler.log no longer shows definition updates?
The only thing I can think of is to recreate the ADR.
Any ideas?
Thanks
David Z
4 answers
Sort by: Most helpful
-
-
Amandayou-MSFT 11,136 Reputation points
2022-08-04T07:27:56.827+00:00 Hi,
It may be that the ADR's scan conflicts with software update point synchronization. Please navigate to to ADR's evaluation schedule, check the option 'run the rule after any software update point synchronization'.
And navigate to the latest ADR, the update in the software update group tab is available, the iron is green, not yellow and gray.
Besides, please check the definition version on windows 10 , is the date is latest?
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
David Zemdegs 1,586 Reputation points
2022-08-04T22:08:34.153+00:00 Updatesdeployment.log shows the update coming through. We have a secure system where interent access for updates is not permitted so CM (SUP) is the only source.
The ADR is fine - no errors - half of the computers install the update successfully.
-
David Zemdegs 1,586 Reputation points
2022-10-24T02:37:37.02+00:00 I opened a MS support case. They advised to change the client setting 'Allow clients to download delta content when the option is available' to 'No'. We had it as 'Yes'.
Seems to have fixed the problem.