Defender Behind Company LAN


Jim Dodd

I have Defender on my Company XP Pro machine. I can't get updates
due to the security implemented on the company WAN and LAN.

Is it possible to manually download new definitions and update?



Bill Sanderson MVP

There's no supported method except going to Windows Update, which may be
blocked for you.

Take a look at messages from Engel in this group and announcements, with new
def numbers as the subject. He's been including the URL for the download
from WindowsUpdate--and that seems to work for many.

Jim Dodd

Thanks Bill for the reply,

You are right, Windows Update is blocked for network users on the Company
The IT Dept. runs Microsoft updates and patches manually through the

I was able to locate an Engel post and use the URL to download the small
file. I extracted the contents of the executable and got three files:


Are these files to be copied to the C:\Program Files\Windows Defender
Trying to execute the MPSigStub.exe does nothing.

Thanks in advance,

Jim Dodd

Bill Sanderson MVP

I probably just gave you the same thing Engel posted--it's too small.

I suspect to do this right, we are going to have to maintain a VPC with a
fresh download (i.e. no definitions) and go to Windows Update and thus be
assured that the URL we are grabbing is a full-file update, and not a delta.

At present, I'm not certain whether a URL for a non-delta version of the
current update has been posted or not--will try to check as the day goes on.


Bill Sanderson MVP

I wasn't able to spot any published url except the ones which lead to the
delta update.

I'm not sure when I'll be able to do what's needed to try to acquire such a
URL--but I'll see if I can get to it, perhaps this evening.



OK - let's see whether this does the trick. I started a Windows 2000 VPC
which it turned out hadn't been updated for 25 days. Here's the URL from the
update session:


Jim - I spent some time digging into this tonight but without a complete
result. Here's part of what I did:

C:\Program Files\Windows Defender>mpcmdrun -removedefinitions -all

Service Version: 1.1.1347.0
Engine Version: 1.1.1441.0
AntiSpyware Base Signature Version: 1.14.1288.0
AntiSpyware Delta Signature Version: 1.14.1503.8

Staring engine and signature rollback to default...Done!

Service Version: 1.1.1347.0
Engine Version: 1.1.1303.0
AntiSpyware Base Signature Version:
AntiSpyware Delta Signature Version:

So--you can see the version identifiers of the base signatures needed, along
with the final delta that will bring that base up to current. However, I
wasn't able to get the download URL for that base signature version--I
apparently have missed where it is cached, and didn't succeed in getting it
pulled in. There's a good chance you could find it with a search on the
announcements or signature groups here, though.

So my theory is that combining the base download with the delta download you
should come out current--but I haven't managed to test it properly, and have
run out of time tonight.

Jim Dodd

Thanks Bill for the information and the time spent.

I will see if I can try this as well.

Have a great day,

Jim Dodd

Bill Sanderson MVP

There are at least thee possible cache locations that I suspect are
involved, one used by AU, and two in the user profile directly related to
Windows Defender. I'm not sure about the safest way to clear them all--will
experiment further, but maybe not soon.


OK - I think this is what we need:

I haven't gone the whole route, which would involve removing defs and
reinstating them using just this file and one of the incrementals, but I
think this is the base version needed.

I'm not sure, in your case, how/whether the incrementals will install on top
of this--but this should be a starting point at any rate.

Let me know what this shows up as when you apply it--I think we'll need to
modify the "new version" posts to include the base URL (i.e. above) and the

(I don't have the incremental URL for the current update handy I'm
afraid--probably someone will post it before I manage to dig it out and get
it posted.)


This finaly solved my problem too - Very many thanks! Why can they not build
this into a simple routine for everyone?

Question - will I have to do this for every update?

Jim Dodd

Thanks Bill,

I will try this today and let you know how it works.

Have a great day,

Jim Dodd

Bill Sanderson MVP

If you are on a managed network, Microsoft is trying to be a good corporate
citizen and not provide an easy end-run around corporate policies that are
in place.

I know that there are situations in which this phrasing doesent perfectly
match the situation, though--and there were some messages earlier on
indicating that there was still room for change.

Switching to delta signatures complicated the issue--there's now a base
signature file which is quite large, and a much smaller delta, to get
completely up to date.

It'd probably be of interest to Microsoft if you are able to describe your
situation--do you know why the update process doesn't work for you now?

Within Windows Defender, the autoupdate client is used. In a managed
network, this client may be directed to a corporate server. If that server
is running WSUS, and the server administrator has configured it to deliver
windows defender signatures, that should all just work.

Windows Defender definitions are also available via Windows Update.
However, in a carefully controlled corporate network, access to Windows
Update may also be restricted.




At the moment my copy of Windows Defender has a current signature file as a
result of using the fix you detailed in this thread and all is OK. I use
Windows Update for all the other normal things and get the same good results
that I get at home.

Before the solution, clicking on the Update button in Win. Def. produced no
reaction of any kind and the signature version stayed at Jan or
similar. Now it is 1.14.1506.7 19/Jun/2006.

My concern now is that Win Def will automaticaly update when a new signature
file is available. I have discussed this problem in general terms with my
systems manager and he is certainly not specificaly blocking it.

Anyway - thanks again for the fix.

Chris Dart

Bill Sanderson MVP

Chris - given what you've posted, I don't believe that Windows Defender will
automatically update in future.

If you are able to go to Windows Update, Windows Defender definitions are
available there, and that would be the manual alternative.

In terms of what is happening, I believe that your company has a server set
up to distribute Windows Patches. If this is a SUS server, Windows Defender
definitions won't be available from it (nor will other Windows patches after
December of 2006.) If it is a WSUS server, the administrator can make
Windows Defender definitions available. If it is a third-party product, I
don't know of any that carry these definitions.


Jim Dodd

Good afternoon Bill,

I applied the update from the new link that you provided and
it worked. The Defender on my office machine is now happy.

My company network is a very secure one and will not allow
users to run Windows Update. Patches and updates are installed
over the network by the IT or IS Department weekly. Defender is not
included in the weekly updates.

Thanks for the research time and help.

Have a great evening,

Jim Dodd

Bill Sanderson MVP

I'm glad that worked and happy to help out, but I'd be remiss if I didn't
point out that there are risks to running any anti-malware product.

Everyone concerned with Windows Defender intends it to be trustworthy and to
have a real impact on the problem it addresses. However, false positives
have happened, at least with the predecessor beta1 version, which can
adversely affect security--for example disabling a corporate antivirus

So--be careful out there!


Forgive me if I should have put this in another post, but the idea is

I also would be very much interested in a manual means of updating
signatures, mainly for these two scenarios:
1. A computer with a slow internet connection (dialup, etc), or
2. A computer with no internet connection.

This is different from the "company LAN" scenario in that the computers I
work on are typically standalone SOHO-type machines.
I keep and carry with me the installers and update files for about 4
different antispyware softwares, and it is sometimes aggravating that I can
only manually install the absolute base of WD.
Any suggestions?


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question