How to manually download the latest definition updates for Windows Defender

[Joe Faulhaber[MSFT]]

Hi all,

First off, I hope you don't need these instructions - Windows Defender uses
Windows Update(WU) to get definition updates (or WSUS if you're on a managed
updates), and will automatically download new definitions when they're
availiable. If you're not getting definition updates, the first thing to
try is using WU directly, it may fix the issue for Windows Defender, get you
the definitions you need, or give better diagnostic information.

If WU doesn't get you definitions, these newsgroups are a great source of
peer support, and Microsoft staff do read and post help out here when we can
help. There's also the two free support incidents available to WinDefend
users.

We've written a KB with a permalink to our latest definition set and engine:
http://support.microsoft.com/kb/923159/
This is also great if you want to have a thumb drive with WinDefend and
latest engine/definitions so you can run around and clean up machines.

Please note that there's a different link for 64-bit definition set, for
those of you with 64-bit operating systems (there's tons of 64-bit capable
machines out there running 32-bit OS'es).

Also, please don't use this as a regular channel to get your definitions -
that's what WU is for. But this KB is great for problems and having
"portable" definitions.

Thanks again for using Windows Defender,
Joe

 

[Guest]

So, I think what you are saying is that after each update of WD there will be
a new mpas-fe.exe, whether or not the latest release from WU contained a new
engine or not. All engine and def/sigs would be over written by a new/full
copy.

I would have preferred a link to the latest Delta, as it seems like a 3.5 MB
download every Tue and Thur is a little over kill, but hey its a start,
assuming of course that the MPAS-FE.EXE file does not create a restore point.
I'll have to test it tommorow to see.

Thank you for addressing this issue,
let the feed back begin,

?
Tim

 

[ANONYMOUS]

This is great. So whenever somebody needs latest definition file then
just download one file from the link given in the KB and you can be sure
of an up-to-date version.

This was long time overdue.

Thanks. Joe.

 

[Bill Sanderson MVP]

Thanks - there are many, for a variety of reasons, who will find this handy.

 

[Guest]

Tim. Be grateful for small mercies. One step at a time. Its a start. Like
Bill said "There are many who will, for one reason or another, be thankful
for the HU". And from an MSFT too ! BTW. Why would one want to go this
route? Educate me !!

Perhaps the key is Amontillado? The medium thru which all successful
computing is accomplished.

Stu

 

[Guest]

Stu,

I'm sorry, did you sense sarcasm of some sort in my post?
I am grateful. Note that I said "it's a start" and "thank you".

Assuming there is an update tonight I will be one of the first to download
the new link, take it home and test it out. I see some great value in
updating and making available a "fresh" FE after each update.

I just think that the same page could also have a link to the latest Delta
update as well. I could download and install it from home, as I do with the
Engel link. With the new FE.exe I will need to download it at work and take
it home.

You asked why some people would go this route. Some are having problems
with WU/MU. Others have all updates blocked till reviewed. I've read about
firewalls and the like. Someone else could discribe these better than me.
For me it's the size of the downloads when they are a "Full" , and the fact
that even the smallest "Delta" update is triggering a System Restore point
because of the use of WU/MU.

Until they can disengage the signature updates from the System Restore
trigger this will have to do.

For me, it's a start, for others it's just what they need and have been
waiting for.
Thank you WD team for addressing this issue.

Amontillado, mmmh

?
Tim
Geek w/o DSL

 

[Robinb]

I am assuming this site's update date will change each time there is a new
update?
How will we know if it is the newest one?
robin

 

[Guest]

Tim.

Its good to see you keeping the MSFT guys informed of the requirements. I
was just wondering why (apart from the obvious WU/WSUS issues), the manual
route. Now I know for sure and thanks for giving me a different perspective.
I`m a trusting guy ; BTW. Where is Engel? Saw the post below this one. Hope
he is OK and is just taking a well earned break. Perhaps Bill S might be able
to throw some light on the subject ?

Stu

 

[Guest]

Robin,

It would be best if they indicate it at the site, but that did not happen
today and it might be to much to ask.

If you download the file mpas-fe.exe and right click on it there is a tab
which says Digital Signatures. Click on that tab and you will see the date
it was "signed".

Todays file was signed:
Wednesday, March 21, 2007 6:31:44 PM
which was yesterday evening.

I am guessing that they would put up the new Mpas-FE.exe shortly before it
is released thru the normal channels. My guess is that you would want to see
a date within the past 24 hrs of the release date [they date it starts
showing up with "the shield" or at WU/MU] but at least after the date of the
last update.

To be safe it is probably best to wait until after an "Official Announcement".
For my purposes an "Official Announcement" is posted by someone who has
actually gotten the update and opened WD to see the new info.

?
Tim

 

[Guest]

Thanks Tim.. makes sense though it is a bit tedious to keep periodically
downloading and checking signed date for the file. Unlike MSRT (Malicious
Software Removal Tool), WD engine/signature update does not have a version
number appended at the end of the file. It just maintains the same name and
that compounds the problem a bit.

Folks from MSFT, any updates/view points on this ? Or do we follow what Tim
says to figure out when the new update is available in the site ?

Nithia

Robin,

It would be best if they indicate it at the site, but that did not happen
today and it might be to much to ask.

If you download the file mpas-fe.exe and right click on it there is a tab
which says Digital Signatures. Click on that tab and you will see the date
it was "signed".

Todays file was signed:
Wednesday, March 21, 2007 6:31:44 PM
which was yesterday evening.

I am guessing that they would put up the new Mpas-FE.exe shortly before it
is released thru the normal channels. My guess is that you would want to see
a date within the past 24 hrs of the release date [they date it starts
showing up with "the shield" or at WU/MU] but at least after the date of the
last update.

To be safe it is probably best to wait until after an "Official Announcement".
For my purposes an "Official Announcement" is posted by someone who has
actually gotten the update and opened WD to see the new info.

?
Tim

I am assuming this site's update date will change each time there is a new
update?
How will we know if it is the newest one?
robin

 

[Guest]

I am running Vista Ultimate and my WU downloaded latest definition
1.21.2927.3. When I check on 'View Installed Updates", I see this exact
definition listed 3 times. Any reason for this and how can I correct this
issue? Please note that for a totally separate reason I had to perform system
restore a couple of times printer problems that were since corrected).

Thank you for your input.

Mike

 

[Bill Sanderson MVP]

System restore may well roll back Windows Defender definitions--I haven't
experience with that.

Although the definition version you cite is current for automatic update,
you can download a newer version at the Microsoft Security Portal:

http://www.microsoft.com/security/portal/

Click on 32-bit in the second black box in the right column.

One possible explanation of what you are seeing is a set of definitions
which are not properly installing, and thus repeating. This can happen with
any .MSI based update, in my experience.

However, the use of System restore might also explain it. I'd suggest
updating via the portal link above.

Then you might check after a week or more, to see if updates are progressing
normally, without repeats.