Windows Defender suddenly stopped to update via Microsoft Update

[pegas]

Hi folks,
Having Vista Business in Czech language. I was receiving the update
definitions regularly via Microsoft Update, so I didn't need to take care for
the Windows Defender until last week when I got info from the defender icon
in systray that the definitions are outdated. I checked the history of
microsoft updates and the defender definitions were updated cca every five
days. So I manually triggered Microsoft Update to update them but got nothing
related to the defender. In the next step I tried to update from the defender
GUI which ended with info that no updates are available. Finally I downloaded
the latest definition from the Microsoft security portal. After that the
defender icon disappeared from systray due to a successful definition update.
So my questions are:
1) Does it mean that from now on I will have to update definitions manually
from the security portal?
2) Why the definition updates were deployed via Microsoft update only weekly
while there are 2 definition updates per day at least available for manual
update on security portal?
3) How can I get the definition updates back via Microsoft update? It's
quite annoying to be catching updates manually.
Apart problem with the defender definition updates, Microsoft/Windows update
works flawlessly and I am not aware of any updates or upgrades on my PC which
might be a root for the reported hitches.
Thanks and regards,
pegas

 

[Bill Sanderson]

1) wait and see. From past experience here, I think you will be OK--i.e.
things will be back to automatic.
2) I can't really answer this authoritatively--but you are correct that
there are frequent updates that are not pushed out to the whole world via
autoupdate. My sense is that this is a matter of weighing the costs versus
the benefits--if there were a serious and/or fast spreading bug that were
covered by a new definition, we'd see defs pushed.
3) see 1!
The timeframe around the recent out of band security update might provide a
case in point, but I sure didn't monitor the definition updates---and I'm
not sure that exploits related to that vulnerability would be Defenders
province---or antivirus's.

A definition set pushed to everyone, even if it is a delta set and
relatively small, still incurs significant costs in terms of bandwidth for
both Microsoft and its customers. I don't know how they calculate what to
push and what to simply make available via the portal, but I am sure that
they weigh this carefully and with the broad interests of their customers in
mind.

 

[pegas]

Thanks Bill for your comprehensive reply. I will leave the defender
unattended to do its job unless the notice for outdated definitions will jump
up again in systray. If that happens I will repeat my procedure described
below. However I hope that things will get back to automatic as soonest.
Regards,
pegas

 

[Bill Sanderson]

I would take a look at it in about a week. You can also watch the
announcements group here, where definition updates are posted regularly.

 

[pegas]

Bill, it seems it is back to normal as today morning Microsoft update
automatically brought definition update 1.45.1246.

If may I have another question ... do you think it has sence to have enabled
an option "Check definition updates before scan starts" in WD settings? I ask
because the definition 1246 isn't the latest but WD didn't downloaded the
latest (actually 1277) before scan. It looks like this option in WD settings
is connected to the Microsoft update and not to their security portal where
the latest definitions are available for donwload.

 

[Bill Sanderson]

I would leave that option checked.

Forefront can be set to scan very frequently--hourly or every two hours, for
example. In that situation, I might be tempted to uncheck the update option
because it is somewhat processor intense and might delay the scans a
bit--but I wouldn't be scanning that frequently except on a server which
ought to have the resources to handle the updates.

(this is really irrelevant to Windows Defender, but the apps are related in
a family way.)

Yes, I believe that update process works via AutoUpdate, and thus is only
going to get definitions that are release that way. You never know when a
new bug will be found which is spreading fast, and for which defs might be
pushed via AU. Getting those defs ahead of your scan might just catch an
existing infection early--so I'd leave it checked, even though most of the
time those AU defs are older than those at the portal.

If the check for updates doesn't find anything new, it is pretty quick and
doesn't eat a lot of resources--so leaving it checked doesn't have a high
cost, and might just be good medicine at some point.