Signature updates block by GPO

G

Guest

** First posted my comments in the general security group but have now found
this one.

This is a message for the Defender Development Team.

Was using Ansispyware beta 1 but downloaded Defender today.

After install it informed me that it could not update the signatures (giving
a 0x8... error - but I didn't write it down). On looking at the read-me I
noticed it uses Windows updates to get the signatures.

I run out systems with "Windows Updates/Microsoft Updates" blocked by GPO
and push out approved updates via SMS periodically.

I poked the registry to remove the GPO block and the signatures updated
sucessfully (and then reset the block to conform to our corporate policy).

I hope this gets to the relevant team and look forward to a version that
operated in our business enviroment.

Regards,
David Gregg
 
B

Bill Sanderson

Windows Defender signature updates are available via WSUS servers, as well
as Windows Update.
 
G

Guest

Bill,

Nice to talk to you again.

Can you confirm when deployed in an environment with Windows Updates
disabled by GPO that the system will be protect with default signatures but
that the signature updates will not occur until SMS (software update tools)
push out the relevant KB package.

Dave.
 
B

Bill Sanderson

I can't.

I know that if you have deployed WSUS, you can enable the Windows Defender
signature updates to be available via that mechanism.

What I don't know is how that relates to SMS, if at all.

(pure lack of experience--not trying to hide anything!)

The program as distributed has no signatures, apparently--so I suspect that
the level of real-time protection afforded before the initial signature
package is pushed is lacking, to say the least.

Microsoft clearly states, in a variety of places, that beta software in
general, and this beta, in particular, should not be deployed on production
systems.
--
 
G

Guest

I understand fully.

As a security conscious company we run a fully managed S(D)OE with tight
policies on updates whilst maintaining a focus on stability and usability too.

We run a reference environment for pre-deployment testing and thus look at
such items as this Beta as soon as they become available to us so we can
revise policy and document procedure as early as possible.

I'll see if Defender signature updates have appeared in the SMS Microsoft
Updates tool - Software Updates list.

Thanks for your help.

Dave..
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

I have older WD sw, older engine but new signatures 6
OST, NK2 & signatures dissappear after windows updates 1
Reply Signature Blocks in Outlook 2003 3
Updating Signatures WITHOUT Windows Update 2
Outlook (2003) signatures 4
Windows Defender: Bypassing Group Policy software update settings 4
Update fails but no error. 4
Deploying Windows Defender (Beta2) via GPO on Network with WSUS? 3

Top