Hi, I get the above error durin attempting to run a definition update.

windows update works fine, just cannot update the definitions for defender.

thank you

Does Autoupdate work? Are you on a managed network with a SUS server?

--

"PhoenixUK" <(E-Mail Removed)> wrote in message
news:82B6E694-758A-4728-8112-(E-Mail Removed)...
> Hi, I get the above error durin attempting to run a definition update.
>
> windows update works fine, just cannot update the definitions for
> defender.
>
> thank you

Auto update works fine. I am NAT'ed and PROXY'd but i assume that defender
taked the IE connection settings, which are all setup fine. There is no SUS
server.

Thanks for your continued help !

Dave.

"Bill Sanderson" wrote:

> Does Autoupdate work? Are you on a managed network with a SUS server?
>
> --
>
> "PhoenixUK" <(E-Mail Removed)> wrote in message
> news:82B6E694-758A-4728-8112-(E-Mail Removed)...
> > Hi, I get the above error durin attempting to run a definition update.
> >
> > windows update works fine, just cannot update the definitions for
> > defender.
> >
> > thank you
>
>
>

Windows Defender should be using autoupdate if you manually trigger an
update. You can also manually acquire updates by going to WindowsUpdate or
MicrosoftUpdate. It should be using the IE settings.

I've had some success with balky machines by either checking or unchecking
"automatically detect" on the proxy settings, but that may well not be
appropriate in your setting--in my case I was behind a transparent ISA-2000
proxy. (and one machine responded to unchecking, and another to
checking--strange.)

--

"PhoenixUK" <(E-Mail Removed)> wrote in message
news:B0060BAC-AF07-4283-B11E-(E-Mail Removed)...
> Auto update works fine. I am NAT'ed and PROXY'd but i assume that defender
> taked the IE connection settings, which are all setup fine. There is no
> SUS
> server.
>
> Thanks for your continued help !
>
> Dave.
>
> "Bill Sanderson" wrote:
>
>> Does Autoupdate work? Are you on a managed network with a SUS server?
>>
>> --
>>
>> "PhoenixUK" <(E-Mail Removed)> wrote in message
>> news:82B6E694-758A-4728-8112-(E-Mail Removed)...
>> > Hi, I get the above error durin attempting to run a definition update.
>> >
>> > windows update works fine, just cannot update the definitions for
>> > defender.
>> >
>> > thank you
>>
>>
>>

Thanks for the suggestions, i have left work for the week now (alright for
some!! ha!) i shall try it on my return on tuesday, and update the thread
then.

Thanks for your help !

Dave.


"Bill Sanderson" wrote:

> Windows Defender should be using autoupdate if you manually trigger an
> update. You can also manually acquire updates by going to WindowsUpdate or
> MicrosoftUpdate. It should be using the IE settings.
>
> I've had some success with balky machines by either checking or unchecking
> "automatically detect" on the proxy settings, but that may well not be
> appropriate in your setting--in my case I was behind a transparent ISA-2000
> proxy. (and one machine responded to unchecking, and another to
> checking--strange.)
>
> --
>
> "PhoenixUK" <(E-Mail Removed)> wrote in message
> news:B0060BAC-AF07-4283-B11E-(E-Mail Removed)...
> > Auto update works fine. I am NAT'ed and PROXY'd but i assume that defender
> > taked the IE connection settings, which are all setup fine. There is no
> > SUS
> > server.
> >
> > Thanks for your continued help !
> >
> > Dave.
> >
> > "Bill Sanderson" wrote:
> >
> >> Does Autoupdate work? Are you on a managed network with a SUS server?
> >>
> >> --
> >>
> >> "PhoenixUK" <(E-Mail Removed)> wrote in message
> >> news:82B6E694-758A-4728-8112-(E-Mail Removed)...
> >> > Hi, I get the above error durin attempting to run a definition update.
> >> >
> >> > windows update works fine, just cannot update the definitions for
> >> > defender.
> >> >
> >> > thank you
> >>
> >>
> >>
>
>
>

If Defender has an option to "download updates before performing a scan" then
it should be able to autonomously do so. I have received this error from
every XPSP2 machine that I installed it on which wasn't already current on
the MS AntiSpyware definitions. Yes, it was updatable from MSUS or
update.microsoft.com/microsoftupdate, but don't you think it should work from
the application too?

- Eric McWhorter

"PhoenixUK" wrote:

> Thanks for the suggestions, i have left work for the week now (alright for
> some!! ha!) i shall try it on my return on tuesday, and update the thread
> then.
>
> Thanks for your help !
>
> Dave.
>
>
> "Bill Sanderson" wrote:
>
> > Windows Defender should be using autoupdate if you manually trigger an
> > update. You can also manually acquire updates by going to WindowsUpdate or
> > MicrosoftUpdate. It should be using the IE settings.
> >
> > I've had some success with balky machines by either checking or unchecking
> > "automatically detect" on the proxy settings, but that may well not be
> > appropriate in your setting--in my case I was behind a transparent ISA-2000
> > proxy. (and one machine responded to unchecking, and another to
> > checking--strange.)
> >
> > --
> >
> > "PhoenixUK" <(E-Mail Removed)> wrote in message
> > news:B0060BAC-AF07-4283-B11E-(E-Mail Removed)...
> > > Auto update works fine. I am NAT'ed and PROXY'd but i assume that defender
> > > taked the IE connection settings, which are all setup fine. There is no
> > > SUS
> > > server.
> > >
> > > Thanks for your continued help !
> > >
> > > Dave.
> > >
> > > "Bill Sanderson" wrote:
> > >
> > >> Does Autoupdate work? Are you on a managed network with a SUS server?
> > >>
> > >> --
> > >>
> > >> "PhoenixUK" <(E-Mail Removed)> wrote in message
> > >> news:82B6E694-758A-4728-8112-(E-Mail Removed)...
> > >> > Hi, I get the above error durin attempting to run a definition update.
> > >> >
> > >> > windows update works fine, just cannot update the definitions for
> > >> > defender.
> > >> >
> > >> > thank you
> > >>
> > >>
> > >>
> >
> >
> >

Are you on a managed network with a solution such as SUS or WSUS in place?
That's what the options internal to the program leverage--they go to
AutoUpdate. In the wide world, that works--via autoupdate.

In a network with WSUS in place, and where the admin has enabled the new
class of Windows Defender signature updates, that should pull in the sigs
from the WSUS server.

In a network with SUS in place, I believe this falls flat at the moment.

Would you prefer that they had provided a mechanism that does an end run
around the managements chosen control of updates?

--

"loraXXarol" <(E-Mail Removed)> wrote in message
news:78DCC057-C56E-492D-9472-(E-Mail Removed)...
> If Defender has an option to "download updates before performing a scan"
> then
> it should be able to autonomously do so. I have received this error from
> every XPSP2 machine that I installed it on which wasn't already current on
> the MS AntiSpyware definitions. Yes, it was updatable from MSUS or
> update.microsoft.com/microsoftupdate, but don't you think it should work
> from
> the application too?
>
> - Eric McWhorter
>
> "PhoenixUK" wrote:
>
>> Thanks for the suggestions, i have left work for the week now (alright
>> for
>> some!! ha!) i shall try it on my return on tuesday, and update the thread
>> then.
>>
>> Thanks for your help !
>>
>> Dave.
>>
>>
>> "Bill Sanderson" wrote:
>>
>> > Windows Defender should be using autoupdate if you manually trigger an
>> > update. You can also manually acquire updates by going to
>> > WindowsUpdate or
>> > MicrosoftUpdate. It should be using the IE settings.
>> >
>> > I've had some success with balky machines by either checking or
>> > unchecking
>> > "automatically detect" on the proxy settings, but that may well not be
>> > appropriate in your setting--in my case I was behind a transparent
>> > ISA-2000
>> > proxy. (and one machine responded to unchecking, and another to
>> > checking--strange.)
>> >
>> > --
>> >
>> > "PhoenixUK" <(E-Mail Removed)> wrote in message
>> > news:B0060BAC-AF07-4283-B11E-(E-Mail Removed)...
>> > > Auto update works fine. I am NAT'ed and PROXY'd but i assume that
>> > > defender
>> > > taked the IE connection settings, which are all setup fine. There is
>> > > no
>> > > SUS
>> > > server.
>> > >
>> > > Thanks for your continued help !
>> > >
>> > > Dave.
>> > >
>> > > "Bill Sanderson" wrote:
>> > >
>> > >> Does Autoupdate work? Are you on a managed network with a SUS
>> > >> server?
>> > >>
>> > >> --
>> > >>
>> > >> "PhoenixUK" <(E-Mail Removed)> wrote in message
>> > >> news:82B6E694-758A-4728-8112-(E-Mail Removed)...
>> > >> > Hi, I get the above error durin attempting to run a definition
>> > >> > update.
>> > >> >
>> > >> > windows update works fine, just cannot update the definitions for
>> > >> > defender.
>> > >> >
>> > >> > thank you
>> > >>
>> > >>
>> > >>
>> >
>> >
>> >

Hi, Bill -

I'm running WSUS to push out the updates, yes. However, there was a time
between the install of Defender and the install window of the WSUS updates.

But, the question "Would you prefer that they had provided a mechanism that
does an end run around the managements chosen control of updates?" doesn't
address the point that Defender *itself* was doing the end run - by a>
telling me that its definitions were old, b> trying to update itself BY
itself, and then c> failing.

So, no...I wouldn't prefer that - it just seems that's the way it is.

But, it *is* interesting that you bring up "a mechanism that does an end run
arount the managements' chosen control of updates." It turns out - and I
have posted this elsewhere - that Defender has been asking my employees if
they want to disallow the firewall port exceptions that I've pushed out using
AD GPO. While there IS a workaround available for this, it seems a little
out of whack compared to general MS permissioning methodology to have a piece
of software behave that way.

It *is* a beta, I understand that. That's one of the reasons why I am
posting, to try to bring these things to light prior to production release.

- Eric


"Bill Sanderson" wrote:

> Are you on a managed network with a solution such as SUS or WSUS in place?
> That's what the options internal to the program leverage--they go to
> AutoUpdate. In the wide world, that works--via autoupdate.
>
> In a network with WSUS in place, and where the admin has enabled the new
> class of Windows Defender signature updates, that should pull in the sigs
> from the WSUS server.
>
> In a network with SUS in place, I believe this falls flat at the moment.
>
> Would you prefer that they had provided a mechanism that does an end run
> around the managements chosen control of updates?
>
> --
>
> "loraXXarol" <(E-Mail Removed)> wrote in message
> news:78DCC057-C56E-492D-9472-(E-Mail Removed)...
> > If Defender has an option to "download updates before performing a scan"
> > then
> > it should be able to autonomously do so. I have received this error from
> > every XPSP2 machine that I installed it on which wasn't already current on
> > the MS AntiSpyware definitions. Yes, it was updatable from MSUS or
> > update.microsoft.com/microsoftupdate, but don't you think it should work
> > from
> > the application too?
> >
> > - Eric McWhorter
> >
> > "PhoenixUK" wrote:
> >
> >> Thanks for the suggestions, i have left work for the week now (alright
> >> for
> >> some!! ha!) i shall try it on my return on tuesday, and update the thread
> >> then.
> >>
> >> Thanks for your help !
> >>
> >> Dave.
> >>
> >>
> >> "Bill Sanderson" wrote:
> >>
> >> > Windows Defender should be using autoupdate if you manually trigger an
> >> > update. You can also manually acquire updates by going to
> >> > WindowsUpdate or
> >> > MicrosoftUpdate. It should be using the IE settings.
> >> >
> >> > I've had some success with balky machines by either checking or
> >> > unchecking
> >> > "automatically detect" on the proxy settings, but that may well not be
> >> > appropriate in your setting--in my case I was behind a transparent
> >> > ISA-2000
> >> > proxy. (and one machine responded to unchecking, and another to
> >> > checking--strange.)
> >> >
> >> > --
> >> >
> >> > "PhoenixUK" <(E-Mail Removed)> wrote in message
> >> > news:B0060BAC-AF07-4283-B11E-(E-Mail Removed)...
> >> > > Auto update works fine. I am NAT'ed and PROXY'd but i assume that
> >> > > defender
> >> > > taked the IE connection settings, which are all setup fine. There is
> >> > > no
> >> > > SUS
> >> > > server.
> >> > >
> >> > > Thanks for your continued help !
> >> > >
> >> > > Dave.
> >> > >
> >> > > "Bill Sanderson" wrote:
> >> > >
> >> > >> Does Autoupdate work? Are you on a managed network with a SUS
> >> > >> server?
> >> > >>
> >> > >> --
> >> > >>
> >> > >> "PhoenixUK" <(E-Mail Removed)> wrote in message
> >> > >> news:82B6E694-758A-4728-8112-(E-Mail Removed)...
> >> > >> > Hi, I get the above error durin attempting to run a definition
> >> > >> > update.
> >> > >> >
> >> > >> > windows update works fine, just cannot update the definitions for
> >> > >> > defender.
> >> > >> >
> >> > >> > thank you
> >> > >>
> >> > >>
> >> > >>
> >> >
> >> >
> >> >
>
>
>

I see what you're saying - that Defender should have gone to my WSUS server
for the update, regardless of the installation window usually reserved for
the update installations.

.....and the reason it didn't? Because this was during my brief period AFTER
I installed WSUS and BEFORE I transitioned from SUS...

So, Defender was looking to my SUS server, which didn't have the update.
Now I understand.

Sorry for my confusion.

- Eric McWhorter

"loraXXarol" wrote:

> Hi, Bill -
>
> I'm running WSUS to push out the updates, yes. However, there was a time
> between the install of Defender and the install window of the WSUS updates.
>
> But, the question "Would you prefer that they had provided a mechanism that
> does an end run around the managements chosen control of updates?" doesn't
> address the point that Defender *itself* was doing the end run - by a>
> telling me that its definitions were old, b> trying to update itself BY
> itself, and then c> failing.
>
> So, no...I wouldn't prefer that - it just seems that's the way it is.
>
> But, it *is* interesting that you bring up "a mechanism that does an end run
> arount the managements' chosen control of updates." It turns out - and I
> have posted this elsewhere - that Defender has been asking my employees if
> they want to disallow the firewall port exceptions that I've pushed out using
> AD GPO. While there IS a workaround available for this, it seems a little
> out of whack compared to general MS permissioning methodology to have a piece
> of software behave that way.
>
> It *is* a beta, I understand that. That's one of the reasons why I am
> posting, to try to bring these things to light prior to production release.
>
> - Eric
>
>
> "Bill Sanderson" wrote:
>
> > Are you on a managed network with a solution such as SUS or WSUS in place?
> > That's what the options internal to the program leverage--they go to
> > AutoUpdate. In the wide world, that works--via autoupdate.
> >
> > In a network with WSUS in place, and where the admin has enabled the new
> > class of Windows Defender signature updates, that should pull in the sigs
> > from the WSUS server.
> >
> > In a network with SUS in place, I believe this falls flat at the moment.
> >
> > Would you prefer that they had provided a mechanism that does an end run
> > around the managements chosen control of updates?
> >
> > --
> >
> > "loraXXarol" <(E-Mail Removed)> wrote in message
> > news:78DCC057-C56E-492D-9472-(E-Mail Removed)...
> > > If Defender has an option to "download updates before performing a scan"
> > > then
> > > it should be able to autonomously do so. I have received this error from
> > > every XPSP2 machine that I installed it on which wasn't already current on
> > > the MS AntiSpyware definitions. Yes, it was updatable from MSUS or
> > > update.microsoft.com/microsoftupdate, but don't you think it should work
> > > from
> > > the application too?
> > >
> > > - Eric McWhorter
> > >
> > > "PhoenixUK" wrote:
> > >
> > >> Thanks for the suggestions, i have left work for the week now (alright
> > >> for
> > >> some!! ha!) i shall try it on my return on tuesday, and update the thread
> > >> then.
> > >>
> > >> Thanks for your help !
> > >>
> > >> Dave.
> > >>
> > >>
> > >> "Bill Sanderson" wrote:
> > >>
> > >> > Windows Defender should be using autoupdate if you manually trigger an
> > >> > update. You can also manually acquire updates by going to
> > >> > WindowsUpdate or
> > >> > MicrosoftUpdate. It should be using the IE settings.
> > >> >
> > >> > I've had some success with balky machines by either checking or
> > >> > unchecking
> > >> > "automatically detect" on the proxy settings, but that may well not be
> > >> > appropriate in your setting--in my case I was behind a transparent
> > >> > ISA-2000
> > >> > proxy. (and one machine responded to unchecking, and another to
> > >> > checking--strange.)
> > >> >
> > >> > --
> > >> >
> > >> > "PhoenixUK" <(E-Mail Removed)> wrote in message
> > >> > news:B0060BAC-AF07-4283-B11E-(E-Mail Removed)...
> > >> > > Auto update works fine. I am NAT'ed and PROXY'd but i assume that
> > >> > > defender
> > >> > > taked the IE connection settings, which are all setup fine. There is
> > >> > > no
> > >> > > SUS
> > >> > > server.
> > >> > >
> > >> > > Thanks for your continued help !
> > >> > >
> > >> > > Dave.
> > >> > >
> > >> > > "Bill Sanderson" wrote:
> > >> > >
> > >> > >> Does Autoupdate work? Are you on a managed network with a SUS
> > >> > >> server?
> > >> > >>
> > >> > >> --
> > >> > >>
> > >> > >> "PhoenixUK" <(E-Mail Removed)> wrote in message
> > >> > >> news:82B6E694-758A-4728-8112-(E-Mail Removed)...
> > >> > >> > Hi, I get the above error durin attempting to run a definition
> > >> > >> > update.
> > >> > >> >
> > >> > >> > windows update works fine, just cannot update the definitions for
> > >> > >> > defender.
> > >> > >> >
> > >> > >> > thank you
> > >> > >>
> > >> > >>
> > >> > >>
> > >> >
> > >> >
> > >> >
> >
> >
> >

"loraXXarol" <(E-Mail Removed)> wrote in message
news:CE72AA13-1759-4BC5-B076-(E-Mail Removed)...
> Hi, Bill -
>
> I'm running WSUS to push out the updates, yes. However, there was a time
> between the install of Defender and the install window of the WSUS
> updates.

WSUS should work for you--I see that it is for others in these groups.

> But, the question "Would you prefer that they had provided a mechanism
> that
> does an end run around the managements chosen control of updates?" doesn't
> address the point that Defender *itself* was doing the end run - by a>
> telling me that its definitions were old, b> trying to update itself BY
> itself, and then c> failing.

If Defender is mandated on your desktops, then presumably you want it to be
current, so notification of that state is important. Windows Defender will
be part of a subscription product--Microsoft Client Protection:

http://www.microsoft.com/windowsserv...n/default.mspx

This will have heavy duty central management capabilities--and may be worth
your consideration. If your enterprise has a Microsoft contact person--ask
them about this product and whether beta testing opportunities may be
available later in the year.

>
> So, no...I wouldn't prefer that - it just seems that's the way it is.
>
> But, it *is* interesting that you bring up "a mechanism that does an end
> run
> arount the managements' chosen control of updates." It turns out - and I
> have posted this elsewhere - that Defender has been asking my employees if
> they want to disallow the firewall port exceptions that I've pushed out
> using
> AD GPO. While there IS a workaround available for this, it seems a little
> out of whack compared to general MS permissioning methodology to have a
> piece
> of software behave that way.

And this was highlighted by KB articles written before Beta1 was released.
In beta2, I believe that there should be policy settings for this kind of
issue, but that the required templates are not yet available. So--you're
deploying unsupported beta code on production machines--something many of us
do--but there's always a risk, and what you mention is one such risk.

>
> It *is* a beta, I understand that. That's one of the reasons why I am
> posting, to try to bring these things to light prior to production
> release.

And I appreciate the posts--they are helpful to others who are considering
the same actions--That's what newsgroups are all about. Thanks!