80004002 No Such Interface Supported .. durin definition update

[Guest]

Hi, I get the above error durin attempting to run a definition update.

windows update works fine, just cannot update the definitions for defender.

thank you

 

[Bill Sanderson]

Does Autoupdate work? Are you on a managed network with a SUS server?

 

[Guest]

Auto update works fine. I am NAT'ed and PROXY'd but i assume that defender
taked the IE connection settings, which are all setup fine. There is no SUS
server.

Thanks for your continued help !

Dave.

 

[Bill Sanderson]

Windows Defender should be using autoupdate if you manually trigger an
update. You can also manually acquire updates by going to WindowsUpdate or
MicrosoftUpdate. It should be using the IE settings.

I've had some success with balky machines by either checking or unchecking
"automatically detect" on the proxy settings, but that may well not be
appropriate in your setting--in my case I was behind a transparent ISA-2000
proxy. (and one machine responded to unchecking, and another to
checking--strange.)

--

 

[Guest]

Thanks for the suggestions, i have left work for the week now (alright for
some!! ha!) i shall try it on my return on tuesday, and update the thread
then.

Thanks for your help !

Dave.

 

[Guest]

If Defender has an option to "download updates before performing a scan" then
it should be able to autonomously do so. I have received this error from
every XPSP2 machine that I installed it on which wasn't already current on
the MS AntiSpyware definitions. Yes, it was updatable from MSUS or
update.microsoft.com/microsoftupdate, but don't you think it should work from
the application too?

- Eric McWhorter

 

[Bill Sanderson]

Are you on a managed network with a solution such as SUS or WSUS in place?
That's what the options internal to the program leverage--they go to
AutoUpdate. In the wide world, that works--via autoupdate.

In a network with WSUS in place, and where the admin has enabled the new
class of Windows Defender signature updates, that should pull in the sigs
from the WSUS server.

In a network with SUS in place, I believe this falls flat at the moment.

Would you prefer that they had provided a mechanism that does an end run
around the managements chosen control of updates?

--

 

[Guest]

Hi, Bill -

I'm running WSUS to push out the updates, yes. However, there was a time
between the install of Defender and the install window of the WSUS updates.

But, the question "Would you prefer that they had provided a mechanism that
does an end run around the managements chosen control of updates?" doesn't
address the point that Defender *itself* was doing the end run - by a>
telling me that its definitions were old, b> trying to update itself BY
itself, and then c> failing.

So, no...I wouldn't prefer that - it just seems that's the way it is.

But, it *is* interesting that you bring up "a mechanism that does an end run
arount the managements' chosen control of updates." It turns out - and I
have posted this elsewhere - that Defender has been asking my employees if
they want to disallow the firewall port exceptions that I've pushed out using
AD GPO. While there IS a workaround available for this, it seems a little
out of whack compared to general MS permissioning methodology to have a piece
of software behave that way.

It *is* a beta, I understand that. That's one of the reasons why I am
posting, to try to bring these things to light prior to production release.

- Eric

 

[Guest]

I see what you're saying - that Defender should have gone to my WSUS server
for the update, regardless of the installation window usually reserved for
the update installations.

.....and the reason it didn't? Because this was during my brief period AFTER
I installed WSUS and BEFORE I transitioned from SUS...

So, Defender was looking to my SUS server, which didn't have the update.
Now I understand.

Sorry for my confusion.

- Eric McWhorter

 

[Bill Sanderson]

Hi, Bill -

I'm running WSUS to push out the updates, yes. However, there was a time
between the install of Defender and the install window of the WSUS
updates.

WSUS should work for you--I see that it is for others in these groups.

But, the question "Would you prefer that they had provided a mechanism
that
does an end run around the managements chosen control of updates?" doesn't
address the point that Defender *itself* was doing the end run - by a>
telling me that its definitions were old, b> trying to update itself BY
itself, and then c> failing.

If Defender is mandated on your desktops, then presumably you want it to be
current, so notification of that state is important. Windows Defender will
be part of a subscription product--Microsoft Client Protection:

http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx

This will have heavy duty central management capabilities--and may be worth
your consideration. If your enterprise has a Microsoft contact person--ask
them about this product and whether beta testing opportunities may be
available later in the year.

So, no...I wouldn't prefer that - it just seems that's the way it is.

But, it *is* interesting that you bring up "a mechanism that does an end
run
arount the managements' chosen control of updates." It turns out - and I
have posted this elsewhere - that Defender has been asking my employees if
they want to disallow the firewall port exceptions that I've pushed out
using
AD GPO. While there IS a workaround available for this, it seems a little
out of whack compared to general MS permissioning methodology to have a
piece
of software behave that way.

And this was highlighted by KB articles written before Beta1 was released.
In beta2, I believe that there should be policy settings for this kind of
issue, but that the required templates are not yet available. So--you're
deploying unsupported beta code on production machines--something many of us
do--but there's always a risk, and what you mention is one such risk.

It *is* a beta, I understand that. That's one of the reasons why I am
posting, to try to bring these things to light prior to production
release.

And I appreciate the posts--they are helpful to others who are considering
the same actions--That's what newsgroups are all about. Thanks!

 

[Bill Sanderson]

No problem--I can see from the experience of others here that this should be
working as designed--so I was assuming it was a timing issue in your case.

 

[SteveC]

I have problem on one PC at school. I tried to bring up autoupdate settings
in My Computer and it froze. I am downloading updates now from
WindowsUpdate. I don't know if this will fix the problem. Is there a way
to reinstall Autoupdate? I will do a search.

 

[SteveC]

Apparently WindowsUpdate downloaded the right files and fixed it.

 

[Bill Sanderson]

Good!

--

Apparently WindowsUpdate downloaded the right files and fixed it.