! Check for new definitions

G

Guest

when i click the "Check for Updates Now" button i get--
"No new definition files or updates for Windows Defender are available."

i then have to manually go to windows update and get the update. is this a
bug with the application? is there something i can do to get it to find the
new definitions from with Defender?

thanks,
burke
 
B

Bill Sanderson MVP

This may be an oddity of your network environment. Can you describe the
network your machine connects to--is it a corporate network?

Windows Defender will go to the same servers that AutoUpdate is set to
connect to--and in the case of a managed network, these may be internal
corporate servers that dispense only patches which have been tested in
advance.

However, if group policy settings have not been applied to prevent the user
from going directly to Microsoft's servers, via WindowsUpdate, the user may
be able to manually apply any patches offered from that source, which will
include Windows Defender definitions.

It's also possible that there's some remnant of settings from previous usage
of your machine on a corporate network causing this--we've seen a couple of
examples of that sort--and the diagnostic is to look at:

notepad %windir%\windowsupdate.log

(put that in start, run)

Do this: Check the clock, then do a check for updates within Windows
Defender.

Then open the log in notepad using the above command, and delete all but the
very tail end entries which will relate to that check from within Windows
Update. Let's see what servers are being connected to.
 
G

Guest

sorry for the delay, i manually updated the definition with windows update
after my original inquiry. i am on a corporate network. today the icon
shows its out of date so i ran the diagnostic, here are the entries---

2007-02-21 17:16:33 3472 17e0 COMAPI -------------
2007-02-21 17:16:33 3472 17e0 COMAPI -- START -- COMAPI: Search [ClientId =
Windows Defender]
2007-02-21 17:16:33 3472 17e0 COMAPI ---------
2007-02-21 17:16:33 3472 17e0 COMAPI - Online = Yes; Ignore download
priority = No
2007-02-21 17:16:33 3472 17e0 COMAPI - Criteria = "(IsInstalled = 0 and
IsHidden = 0 and CategoryIDs contains '0a487050-8b0f-4f81-b401-be4ceacd61cd')
or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-02-21 17:16:33 3472 17e0 COMAPI - ServiceID =
{00000000-0000-0000-0000-000000000000}
2007-02-21 17:16:34 3472 17e0 COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:34 1136 184 Agent *************
2007-02-21 17:16:34 1136 184 Agent ** START ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:34 1136 184 Agent *********
2007-02-21 17:16:34 1136 184 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-02-21 17:16:34 1136 184 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:35 1136 184 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2007-02-21 17:16:35 1136 184 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:35 1136 184 Agent * Found 0 updates and 8 categories in
search
2007-02-21 17:16:36 1136 184 Agent *********
2007-02-21 17:16:36 1136 184 Agent ** END ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:36 1136 184 Agent *************
2007-02-21 17:16:36 3472 1270 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:36 3472 1270 COMAPI - Updates found = 0
2007-02-21 17:16:36 3472 1270 COMAPI ---------
2007-02-21 17:16:36 3472 1270 COMAPI -- END -- COMAPI: Search [ClientId =
Windows Defender]
2007-02-21 17:16:36 3472 1270 COMAPI -------------
2007-02-21 17:16:40 1136 54c Report REPORT EVENT:
{49CCE918-994F-4D3B-95E6-0F33EDBACEF4} 2007-02-21
17:16:35-0600 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows
Defender Success Software Synchronization Agent has finished detecting items.
2007-02-21 17:16:40 1136 54c Report REPORT EVENT:
{ED3A81E1-A027-4D78-863A-FFA3E7E2D1BC} 2007-02-21
17:16:35-0600 1 153 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows
Defender Success Pre-Deployment Check Reporting client status.
2007-02-21 17:16:57 3472 1324 COMAPI -------------
2007-02-21 17:16:57 3472 1324 COMAPI -- START -- COMAPI: Search [ClientId =
Windows Defender]
2007-02-21 17:16:57 3472 1324 COMAPI ---------
2007-02-21 17:16:57 3472 1324 COMAPI - Online = Yes; Ignore download
priority = No
2007-02-21 17:16:57 3472 1324 COMAPI - Criteria = "(IsInstalled = 0 and
IsHidden = 0 and CategoryIDs contains '0a487050-8b0f-4f81-b401-be4ceacd61cd')
or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-02-21 17:16:57 3472 1324 COMAPI - ServiceID =
{00000000-0000-0000-0000-000000000000}
2007-02-21 17:16:57 3472 1324 COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:57 1136 608 Agent *************
2007-02-21 17:16:57 1136 608 Agent ** START ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:57 1136 608 Agent *********
2007-02-21 17:16:58 1136 608 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-02-21 17:16:58 1136 608 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:59 1136 608 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2007-02-21 17:16:59 1136 608 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:59 1136 608 Agent * Found 0 updates and 8 categories in
search
2007-02-21 17:16:59 1136 608 Agent *********
2007-02-21 17:16:59 1136 608 Agent ** END ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:59 1136 608 Agent *************
2007-02-21 17:16:59 3472 1270 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:59 3472 1270 COMAPI - Updates found = 0
2007-02-21 17:16:59 3472 1270 COMAPI ---------
2007-02-21 17:16:59 3472 1270 COMAPI -- END -- COMAPI: Search [ClientId =
Windows Defender]
2007-02-21 17:16:59 3472 1270 COMAPI -------------
 
B

Bill Sanderson MVP

Near as I can tell--it's been a while since I looked at one of these, and I
haven't looked at many, this is the relevant bit:

{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx


The URL indicates something on an intranet--i.e. not across the Internet.

I can't get much more out of it than that, however. Googling on
ClientWebService may indicate that this is a WSUS server, in which case it
is capable of distributing Windows Defender definitions if the
administrators so choose. However, checking on that long unique ID number
gets hits for both WSUS and SUS. When beta2 was released, Microsoft stated
that they weren't going to enable Windows Defender definitions to be
installed via SUS, because SUS had an end-of-life date at approximately the
possible release date of Windows Defender. However, that end-of-life has
been extended, as I understand it, and I am not clear whether this
restriction has changed.

At any rate--you are on a corporate network whose administrators have chosen
not to distribute Windows Defender definitions. If they are using WSUS to
do patch distribution, it is possible for them to choose to do this, if they
wish. If they are using the older SUS, I'm not sure whether it is possible,
at this point. I suspect not.

Microsoft planned the update mechanism in Windows Defender to intentionally
abide by corporate policy--if the administrators choose not to distribute
definitions, the app won't update.

Your situation is somewhat unusual in that they've left you a
loophole--although AutoUpdate is going to this corporate server, you are
able to go to Windows Update manually, and apply what you find there.

If you are able to influence the administrators, you may be able to get them
to carry Windows Defender definitions:

http://support.microsoft.com/kb/919772

shows how to enable this on a WSUS server.

Otherwise, I think you'll have to continue as you have--watch for Engels
messages and update either using the URLs he publishes, or using Windows
Update.




--

burkecrosby said:
sorry for the delay, i manually updated the definition with windows update
after my original inquiry. i am on a corporate network. today the icon
shows its out of date so i ran the diagnostic, here are the entries---

2007-02-21 17:16:33 3472 17e0 COMAPI -------------
2007-02-21 17:16:33 3472 17e0 COMAPI -- START -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:33 3472 17e0 COMAPI ---------
2007-02-21 17:16:33 3472 17e0 COMAPI - Online = Yes; Ignore download
priority = No
2007-02-21 17:16:33 3472 17e0 COMAPI - Criteria = "(IsInstalled = 0 and
IsHidden = 0 and CategoryIDs contains
'0a487050-8b0f-4f81-b401-be4ceacd61cd')
or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-02-21 17:16:33 3472 17e0 COMAPI - ServiceID =
{00000000-0000-0000-0000-000000000000}
2007-02-21 17:16:34 3472 17e0 COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:34 1136 184 Agent *************
2007-02-21 17:16:34 1136 184 Agent ** START ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:34 1136 184 Agent *********
2007-02-21 17:16:34 1136 184 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-02-21 17:16:34 1136 184 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:35 1136 184 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2007-02-21 17:16:35 1136 184 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:35 1136 184 Agent * Found 0 updates and 8 categories in
search
2007-02-21 17:16:36 1136 184 Agent *********
2007-02-21 17:16:36 1136 184 Agent ** END ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:36 1136 184 Agent *************
2007-02-21 17:16:36 3472 1270 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:36 3472 1270 COMAPI - Updates found = 0
2007-02-21 17:16:36 3472 1270 COMAPI ---------
2007-02-21 17:16:36 3472 1270 COMAPI -- END -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:36 3472 1270 COMAPI -------------
2007-02-21 17:16:40 1136 54c Report REPORT EVENT:
{49CCE918-994F-4D3B-95E6-0F33EDBACEF4} 2007-02-21
17:16:35-0600 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows
Defender Success Software Synchronization Agent has finished detecting
items.
2007-02-21 17:16:40 1136 54c Report REPORT EVENT:
{ED3A81E1-A027-4D78-863A-FFA3E7E2D1BC} 2007-02-21
17:16:35-0600 1 153 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows
Defender Success Pre-Deployment Check Reporting client status.
2007-02-21 17:16:57 3472 1324 COMAPI -------------
2007-02-21 17:16:57 3472 1324 COMAPI -- START -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:57 3472 1324 COMAPI ---------
2007-02-21 17:16:57 3472 1324 COMAPI - Online = Yes; Ignore download
priority = No
2007-02-21 17:16:57 3472 1324 COMAPI - Criteria = "(IsInstalled = 0 and
IsHidden = 0 and CategoryIDs contains
'0a487050-8b0f-4f81-b401-be4ceacd61cd')
or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-02-21 17:16:57 3472 1324 COMAPI - ServiceID =
{00000000-0000-0000-0000-000000000000}
2007-02-21 17:16:57 3472 1324 COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:57 1136 608 Agent *************
2007-02-21 17:16:57 1136 608 Agent ** START ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:57 1136 608 Agent *********
2007-02-21 17:16:58 1136 608 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-02-21 17:16:58 1136 608 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:59 1136 608 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2007-02-21 17:16:59 1136 608 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:59 1136 608 Agent * Found 0 updates and 8 categories in
search
2007-02-21 17:16:59 1136 608 Agent *********
2007-02-21 17:16:59 1136 608 Agent ** END ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:59 1136 608 Agent *************
2007-02-21 17:16:59 3472 1270 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:59 3472 1270 COMAPI - Updates found = 0
2007-02-21 17:16:59 3472 1270 COMAPI ---------
2007-02-21 17:16:59 3472 1270 COMAPI -- END -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:59 3472 1270 COMAPI -------------
------------------------------------------------------------------
thanks for any insight you can provide.

burke


Bill Sanderson MVP said:
This may be an oddity of your network environment. Can you describe the
network your machine connects to--is it a corporate network?

Windows Defender will go to the same servers that AutoUpdate is set to
connect to--and in the case of a managed network, these may be internal
corporate servers that dispense only patches which have been tested in
advance.

However, if group policy settings have not been applied to prevent the
user
from going directly to Microsoft's servers, via WindowsUpdate, the user
may
be able to manually apply any patches offered from that source, which
will
include Windows Defender definitions.

It's also possible that there's some remnant of settings from previous
usage
of your machine on a corporate network causing this--we've seen a couple
of
examples of that sort--and the diagnostic is to look at:

notepad %windir%\windowsupdate.log

(put that in start, run)

Do this: Check the clock, then do a check for updates within Windows
Defender.

Then open the log in notepad using the above command, and delete all but
the
very tail end entries which will relate to that check from within Windows
Update. Let's see what servers are being connected to.
Click to expand...
Click to expand...
 
B

Bill Sanderson MVP

Hmm - STOP PRESS.

As I read the KB article I cited, it is newly revised--as of January 5,
2007, and, although the text speaks only about WSUS, the "applies to"
section at the bottom mentions both SUS and WSUS.

So--it is possible that SUS can now carry Windows Defender definitions--I'll
see if I can get this clarified, but the best place to find out more would
be a support newsgroup or forum for Windows Update services, which I could
refer you to if you felt this was worth pursuing.



--

burkecrosby said:
sorry for the delay, i manually updated the definition with windows update
after my original inquiry. i am on a corporate network. today the icon
shows its out of date so i ran the diagnostic, here are the entries---

2007-02-21 17:16:33 3472 17e0 COMAPI -------------
2007-02-21 17:16:33 3472 17e0 COMAPI -- START -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:33 3472 17e0 COMAPI ---------
2007-02-21 17:16:33 3472 17e0 COMAPI - Online = Yes; Ignore download
priority = No
2007-02-21 17:16:33 3472 17e0 COMAPI - Criteria = "(IsInstalled = 0 and
IsHidden = 0 and CategoryIDs contains
'0a487050-8b0f-4f81-b401-be4ceacd61cd')
or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-02-21 17:16:33 3472 17e0 COMAPI - ServiceID =
{00000000-0000-0000-0000-000000000000}
2007-02-21 17:16:34 3472 17e0 COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:34 1136 184 Agent *************
2007-02-21 17:16:34 1136 184 Agent ** START ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:34 1136 184 Agent *********
2007-02-21 17:16:34 1136 184 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-02-21 17:16:34 1136 184 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:35 1136 184 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2007-02-21 17:16:35 1136 184 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:35 1136 184 Agent * Found 0 updates and 8 categories in
search
2007-02-21 17:16:36 1136 184 Agent *********
2007-02-21 17:16:36 1136 184 Agent ** END ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:36 1136 184 Agent *************
2007-02-21 17:16:36 3472 1270 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:36 3472 1270 COMAPI - Updates found = 0
2007-02-21 17:16:36 3472 1270 COMAPI ---------
2007-02-21 17:16:36 3472 1270 COMAPI -- END -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:36 3472 1270 COMAPI -------------
2007-02-21 17:16:40 1136 54c Report REPORT EVENT:
{49CCE918-994F-4D3B-95E6-0F33EDBACEF4} 2007-02-21
17:16:35-0600 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows
Defender Success Software Synchronization Agent has finished detecting
items.
2007-02-21 17:16:40 1136 54c Report REPORT EVENT:
{ED3A81E1-A027-4D78-863A-FFA3E7E2D1BC} 2007-02-21
17:16:35-0600 1 153 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows
Defender Success Pre-Deployment Check Reporting client status.
2007-02-21 17:16:57 3472 1324 COMAPI -------------
2007-02-21 17:16:57 3472 1324 COMAPI -- START -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:57 3472 1324 COMAPI ---------
2007-02-21 17:16:57 3472 1324 COMAPI - Online = Yes; Ignore download
priority = No
2007-02-21 17:16:57 3472 1324 COMAPI - Criteria = "(IsInstalled = 0 and
IsHidden = 0 and CategoryIDs contains
'0a487050-8b0f-4f81-b401-be4ceacd61cd')
or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-02-21 17:16:57 3472 1324 COMAPI - ServiceID =
{00000000-0000-0000-0000-000000000000}
2007-02-21 17:16:57 3472 1324 COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:57 1136 608 Agent *************
2007-02-21 17:16:57 1136 608 Agent ** START ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:57 1136 608 Agent *********
2007-02-21 17:16:58 1136 608 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-02-21 17:16:58 1136 608 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:59 1136 608 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2007-02-21 17:16:59 1136 608 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:59 1136 608 Agent * Found 0 updates and 8 categories in
search
2007-02-21 17:16:59 1136 608 Agent *********
2007-02-21 17:16:59 1136 608 Agent ** END ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:59 1136 608 Agent *************
2007-02-21 17:16:59 3472 1270 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:59 3472 1270 COMAPI - Updates found = 0
2007-02-21 17:16:59 3472 1270 COMAPI ---------
2007-02-21 17:16:59 3472 1270 COMAPI -- END -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:59 3472 1270 COMAPI -------------
------------------------------------------------------------------
thanks for any insight you can provide.

burke


Bill Sanderson MVP said:
This may be an oddity of your network environment. Can you describe the
network your machine connects to--is it a corporate network?

Windows Defender will go to the same servers that AutoUpdate is set to
connect to--and in the case of a managed network, these may be internal
corporate servers that dispense only patches which have been tested in
advance.

However, if group policy settings have not been applied to prevent the
user
from going directly to Microsoft's servers, via WindowsUpdate, the user
may
be able to manually apply any patches offered from that source, which
will
include Windows Defender definitions.

It's also possible that there's some remnant of settings from previous
usage
of your machine on a corporate network causing this--we've seen a couple
of
examples of that sort--and the diagnostic is to look at:

notepad %windir%\windowsupdate.log

(put that in start, run)

Do this: Check the clock, then do a check for updates within Windows
Defender.

Then open the log in notepad using the above command, and delete all but
the
very tail end entries which will relate to that check from within Windows
Update. Let's see what servers are being connected to.
Click to expand...
Click to expand...
 
G

Guest

Thanks for your help and explanation, I know how/where to proceed now.

burke

Bill Sanderson MVP said:
Hmm - STOP PRESS.

As I read the KB article I cited, it is newly revised--as of January 5,
2007, and, although the text speaks only about WSUS, the "applies to"
section at the bottom mentions both SUS and WSUS.

So--it is possible that SUS can now carry Windows Defender definitions--I'll
see if I can get this clarified, but the best place to find out more would
be a support newsgroup or forum for Windows Update services, which I could
refer you to if you felt this was worth pursuing.



--

burkecrosby said:
sorry for the delay, i manually updated the definition with windows update
after my original inquiry. i am on a corporate network. today the icon
shows its out of date so i ran the diagnostic, here are the entries---

2007-02-21 17:16:33 3472 17e0 COMAPI -------------
2007-02-21 17:16:33 3472 17e0 COMAPI -- START -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:33 3472 17e0 COMAPI ---------
2007-02-21 17:16:33 3472 17e0 COMAPI - Online = Yes; Ignore download
priority = No
2007-02-21 17:16:33 3472 17e0 COMAPI - Criteria = "(IsInstalled = 0 and
IsHidden = 0 and CategoryIDs contains
'0a487050-8b0f-4f81-b401-be4ceacd61cd')
or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-02-21 17:16:33 3472 17e0 COMAPI - ServiceID =
{00000000-0000-0000-0000-000000000000}
2007-02-21 17:16:34 3472 17e0 COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:34 1136 184 Agent *************
2007-02-21 17:16:34 1136 184 Agent ** START ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:34 1136 184 Agent *********
2007-02-21 17:16:34 1136 184 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-02-21 17:16:34 1136 184 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:35 1136 184 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2007-02-21 17:16:35 1136 184 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:35 1136 184 Agent * Found 0 updates and 8 categories in
search
2007-02-21 17:16:36 1136 184 Agent *********
2007-02-21 17:16:36 1136 184 Agent ** END ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:36 1136 184 Agent *************
2007-02-21 17:16:36 3472 1270 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:36 3472 1270 COMAPI - Updates found = 0
2007-02-21 17:16:36 3472 1270 COMAPI ---------
2007-02-21 17:16:36 3472 1270 COMAPI -- END -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:36 3472 1270 COMAPI -------------
2007-02-21 17:16:40 1136 54c Report REPORT EVENT:
{49CCE918-994F-4D3B-95E6-0F33EDBACEF4} 2007-02-21
17:16:35-0600 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows
Defender Success Software Synchronization Agent has finished detecting
items.
2007-02-21 17:16:40 1136 54c Report REPORT EVENT:
{ED3A81E1-A027-4D78-863A-FFA3E7E2D1BC} 2007-02-21
17:16:35-0600 1 153 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows
Defender Success Pre-Deployment Check Reporting client status.
2007-02-21 17:16:57 3472 1324 COMAPI -------------
2007-02-21 17:16:57 3472 1324 COMAPI -- START -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:57 3472 1324 COMAPI ---------
2007-02-21 17:16:57 3472 1324 COMAPI - Online = Yes; Ignore download
priority = No
2007-02-21 17:16:57 3472 1324 COMAPI - Criteria = "(IsInstalled = 0 and
IsHidden = 0 and CategoryIDs contains
'0a487050-8b0f-4f81-b401-be4ceacd61cd')
or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-02-21 17:16:57 3472 1324 COMAPI - ServiceID =
{00000000-0000-0000-0000-000000000000}
2007-02-21 17:16:57 3472 1324 COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:57 1136 608 Agent *************
2007-02-21 17:16:57 1136 608 Agent ** START ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:57 1136 608 Agent *********
2007-02-21 17:16:58 1136 608 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-02-21 17:16:58 1136 608 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:59 1136 608 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2007-02-21 17:16:59 1136 608 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:59 1136 608 Agent * Found 0 updates and 8 categories in
search
2007-02-21 17:16:59 1136 608 Agent *********
2007-02-21 17:16:59 1136 608 Agent ** END ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:59 1136 608 Agent *************
2007-02-21 17:16:59 3472 1270 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:59 3472 1270 COMAPI - Updates found = 0
2007-02-21 17:16:59 3472 1270 COMAPI ---------
2007-02-21 17:16:59 3472 1270 COMAPI -- END -- COMAPI: Search [ClientId
=
Windows Defender]
2007-02-21 17:16:59 3472 1270 COMAPI -------------
------------------------------------------------------------------
thanks for any insight you can provide.

burke


Bill Sanderson MVP said:
This may be an oddity of your network environment. Can you describe the
network your machine connects to--is it a corporate network?

Windows Defender will go to the same servers that AutoUpdate is set to
connect to--and in the case of a managed network, these may be internal
corporate servers that dispense only patches which have been tested in
advance.

However, if group policy settings have not been applied to prevent the
user
from going directly to Microsoft's servers, via WindowsUpdate, the user
may
be able to manually apply any patches offered from that source, which
will
include Windows Defender definitions.

It's also possible that there's some remnant of settings from previous
usage
of your machine on a corporate network causing this--we've seen a couple
of
examples of that sort--and the diagnostic is to look at:

notepad %windir%\windowsupdate.log

(put that in start, run)

Do this: Check the clock, then do a check for updates within Windows
Defender.

Then open the log in notepad using the above command, and delete all but
the
very tail end entries which will relate to that check from within Windows
Update. Let's see what servers are being connected to.



--

when i click the "Check for Updates Now" button i get--
"No new definition files or updates for Windows Defender are
available."

i then have to manually go to windows update and get the update. is
this
a
bug with the application? is there something i can do to get it to find
the
new definitions from with Defender?

thanks,
burke
Click to expand...
Click to expand...
Click to expand...
 
B

Bill Sanderson MVP

Good luck!

--

burkecrosby said:
Thanks for your help and explanation, I know how/where to proceed now.

burke

Bill Sanderson MVP said:
Hmm - STOP PRESS.

As I read the KB article I cited, it is newly revised--as of January 5,
2007, and, although the text speaks only about WSUS, the "applies to"
section at the bottom mentions both SUS and WSUS.

So--it is possible that SUS can now carry Windows Defender
definitions--I'll
see if I can get this clarified, but the best place to find out more
would
be a support newsgroup or forum for Windows Update services, which I
could
refer you to if you felt this was worth pursuing.



--

burkecrosby said:
sorry for the delay, i manually updated the definition with windows
update
after my original inquiry. i am on a corporate network. today the
icon
shows its out of date so i ran the diagnostic, here are the entries---

2007-02-21 17:16:33 3472 17e0 COMAPI -------------
2007-02-21 17:16:33 3472 17e0 COMAPI -- START -- COMAPI: Search
[ClientId
=
Windows Defender]
2007-02-21 17:16:33 3472 17e0 COMAPI ---------
2007-02-21 17:16:33 3472 17e0 COMAPI - Online = Yes; Ignore download
priority = No
2007-02-21 17:16:33 3472 17e0 COMAPI - Criteria = "(IsInstalled = 0
and
IsHidden = 0 and CategoryIDs contains
'0a487050-8b0f-4f81-b401-be4ceacd61cd')
or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-02-21 17:16:33 3472 17e0 COMAPI - ServiceID =
{00000000-0000-0000-0000-000000000000}
2007-02-21 17:16:34 3472 17e0 COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:34 1136 184 Agent *************
2007-02-21 17:16:34 1136 184 Agent ** START ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:34 1136 184 Agent *********
2007-02-21 17:16:34 1136 184 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-02-21 17:16:34 1136 184 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:35 1136 184 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2007-02-21 17:16:35 1136 184 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:35 1136 184 Agent * Found 0 updates and 8 categories
in
search
2007-02-21 17:16:36 1136 184 Agent *********
2007-02-21 17:16:36 1136 184 Agent ** END ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:36 1136 184 Agent *************
2007-02-21 17:16:36 3472 1270 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:36 3472 1270 COMAPI - Updates found = 0
2007-02-21 17:16:36 3472 1270 COMAPI ---------
2007-02-21 17:16:36 3472 1270 COMAPI -- END -- COMAPI: Search
[ClientId
=
Windows Defender]
2007-02-21 17:16:36 3472 1270 COMAPI -------------
2007-02-21 17:16:40 1136 54c Report REPORT EVENT:
{49CCE918-994F-4D3B-95E6-0F33EDBACEF4} 2007-02-21
17:16:35-0600 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0
Windows
Defender Success Software Synchronization Agent has finished detecting
items.
2007-02-21 17:16:40 1136 54c Report REPORT EVENT:
{ED3A81E1-A027-4D78-863A-FFA3E7E2D1BC} 2007-02-21
17:16:35-0600 1 153 101 {00000000-0000-0000-0000-000000000000} 0 0
Windows
Defender Success Pre-Deployment Check Reporting client status.
2007-02-21 17:16:57 3472 1324 COMAPI -------------
2007-02-21 17:16:57 3472 1324 COMAPI -- START -- COMAPI: Search
[ClientId
=
Windows Defender]
2007-02-21 17:16:57 3472 1324 COMAPI ---------
2007-02-21 17:16:57 3472 1324 COMAPI - Online = Yes; Ignore download
priority = No
2007-02-21 17:16:57 3472 1324 COMAPI - Criteria = "(IsInstalled = 0
and
IsHidden = 0 and CategoryIDs contains
'0a487050-8b0f-4f81-b401-be4ceacd61cd')
or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-02-21 17:16:57 3472 1324 COMAPI - ServiceID =
{00000000-0000-0000-0000-000000000000}
2007-02-21 17:16:57 3472 1324 COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:57 1136 608 Agent *************
2007-02-21 17:16:57 1136 608 Agent ** START ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:57 1136 608 Agent *********
2007-02-21 17:16:58 1136 608 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-02-21 17:16:58 1136 608 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:59 1136 608 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2007-02-21 17:16:59 1136 608 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://tmamon/ClientWebService/client.asmx
2007-02-21 17:16:59 1136 608 Agent * Found 0 updates and 8 categories
in
search
2007-02-21 17:16:59 1136 608 Agent *********
2007-02-21 17:16:59 1136 608 Agent ** END ** Agent: Finding updates
[CallerId = Windows Defender]
2007-02-21 17:16:59 1136 608 Agent *************
2007-02-21 17:16:59 3472 1270 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = Windows Defender]
2007-02-21 17:16:59 3472 1270 COMAPI - Updates found = 0
2007-02-21 17:16:59 3472 1270 COMAPI ---------
2007-02-21 17:16:59 3472 1270 COMAPI -- END -- COMAPI: Search
[ClientId
=
Windows Defender]
2007-02-21 17:16:59 3472 1270 COMAPI -------------
------------------------------------------------------------------
thanks for any insight you can provide.

burke


:

This may be an oddity of your network environment. Can you describe
the
network your machine connects to--is it a corporate network?

Windows Defender will go to the same servers that AutoUpdate is set to
connect to--and in the case of a managed network, these may be
internal
corporate servers that dispense only patches which have been tested in
advance.

However, if group policy settings have not been applied to prevent the
user
from going directly to Microsoft's servers, via WindowsUpdate, the
user
may
be able to manually apply any patches offered from that source, which
will
include Windows Defender definitions.

It's also possible that there's some remnant of settings from previous
usage
of your machine on a corporate network causing this--we've seen a
couple
of
examples of that sort--and the diagnostic is to look at:

notepad %windir%\windowsupdate.log

(put that in start, run)

Do this: Check the clock, then do a check for updates within Windows
Defender.

Then open the log in notepad using the above command, and delete all
but
the
very tail end entries which will relate to that check from within
Windows
Update. Let's see what servers are being connected to.



--

when i click the "Check for Updates Now" button i get--
"No new definition files or updates for Windows Defender are
available."

i then have to manually go to windows update and get the update. is
this
a
bug with the application? is there something i can do to get it to
find
the
new definitions from with Defender?

thanks,
burke
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows Defender Definitions Update 0
Windows Defender suddenly stopped to update via Microsoft Update 5
Spyware definition updates not downloading 1
Unable to Update Definitions 1
Defender updates 5
How to manually download the latest definition updates for Windows Defender 11
Check for new signature definitions fails with 0x80070003 8
Definitions WOULDN'T Update (but I Solved my Problem) FIXED!!! 3

Top