Use of WSUS to update Defender network wide

[Guest]

It appears that currently the only way to update Defender is to manually
update the product via the MS update website...is this correct? We are
running a WSUS update server and I have selected the appropriate selections
so that in theory it should be updating Defender along with the other updates
overnight. It is not currently doing so and I am not getting any error
messages; however it appears the updates are not being pushed down. Thank
you in advance for any suggestions you may have.

 

[Guest]

Disregard, I just saw the post under the networking section of this
discussion group pointing me to the following notice:

http://blogs.technet.com/wsus/archive/2006/01/16/417545.aspx

Josh

 

[Guest]

Hello Josh,

More here:
http://technet2.microsoft.com/WindowsServer/en/Library/ace052df-74e7-4d6a-b5d4-f7911bb06b401033.mspx

 

[Guest]

Engel,

Thanks for the reply...my question may have been vague, WSUS is working
fine for all other updates...it was just the defender updates, thanks for the
info on loading it and configuring it but we are way beyond that stage the
WSUS servers here are running great it was just with Defender the issue that
we had, but according to the blog that I listed in the other message...we
will have to continue to update manually since it appears vista beta is the
only OS that will pull the updates down from WSUS until hopefully this
changes after Defender comes out of Beta, because we are going to have XP for
quite some time.

Thanks again for your reply though I appreciate it.

Josh

 

[Bill Sanderson]

Josh--if this was confusing to you, it is probably confusing to others--it
might help if you laid out just what you needed to do to make this work--and
why it was confusing, if you can.

Here and/or in Networking would be terrific--if you're willing?

--

 

[Guest]

Bill,

Nothing confusing I don't think, just my first question may have not
been specific enough and Engel sent me to a website on setting up WSUS. WSUS
setup isn't the issue we are having. GPO's are in place, WSUS is setup and
synch options set (including for Defender), XP, Srv2003, Exchange, ISA, SQL
and Office updates are synch'd/pushed/pulled/installed fine overnight on a
schedule, other then when we introduced Defender on the workstations. The
issue is that Defender is not being updated via WSUS and only manually (which
means we have to stay on top of the users to make sure they update Defender
instead of the piece of mind that it is happening overnight), but after
reading the blog at:
http://blogs.technet.com/wsus/archive/2006/01/16/417545.aspx
it appears that Defender is only supported with use of WSUS while the
workstations are utilizing Vista Beta. Which answered my original question
in a round about way by informing me that no Defender will not update with
WSUS if we are using XP machines and Server 2003 boxes which we are if I
understood the technet blog correctly. I was hoping to find that Defender
would update via WSUS, but hopefully in the future it may in our
configuration of XP pro and Srv2k3.

I do really appreciate everyones input and again thank you both for
replying, but unless there is a way to get WSUS to update XP pro boxes then
we shall keep updating manually I gather...If I miss understood the technet
blog, and there is a fix to getting Defender to update in our situation let
me know...and we'll implement it at this end.

Thank you,

Josh

 

[Bill Sanderson]

Josh--I don't think that is correct. I believe that WSUS should be
distributing definition updates for any Windows Defender install--not just
Vista. At the time that blog entry was written, Vista installs were the
only available versions of Windows Defender.

--

 

[Bill Sanderson]

Bill,

Nothing confusing I don't think, just my first question may have not
been specific enough and Engel sent me to a website on setting up WSUS.
WSUS
setup isn't the issue we are having. GPO's are in place, WSUS is setup
and
synch options set (including for Defender), XP, Srv2003, Exchange, ISA,
SQL
and Office updates are synch'd/pushed/pulled/installed fine overnight on a
schedule, other then when we introduced Defender on the workstations. The
issue is that Defender is not being updated via WSUS and only manually
(which
means we have to stay on top of the users to make sure they update
Defender
instead of the piece of mind that it is happening overnight), but after
reading the blog at:
http://blogs.technet.com/wsus/archive/2006/01/16/417545.aspx
it appears that Defender is only supported with use of WSUS while the
workstations are utilizing Vista Beta. Which answered my original
question
in a round about way by informing me that no Defender will not update with
WSUS if we are using XP machines and Server 2003 boxes which we are if I
understood the technet blog correctly. I was hoping to find that Defender
would update via WSUS, but hopefully in the future it may in our
configuration of XP pro and Srv2k3.

I do really appreciate everyones input and again thank you both for
replying, but unless there is a way to get WSUS to update XP pro boxes
then
we shall keep updating manually I gather...If I miss understood the
technet
blog, and there is a fix to getting Defender to update in our situation
let
me know...and we'll implement it at this end.

I don't read that blog entry the same way you do--and I'm reasonably sure
that I've seen other WSUS administrators in these groups--particularly the
..network one--posting success.

At the time the blog entry was written, the only Windows Defender
implementation available was the Vista version. I believe that ALL Windows
Defender installs should be able to update via WSUS--but I don't have any
first-hand experience in the settings changes needed to make this happen.

I do note that the blog entry talks about both categories and
classifications--two separate options dialogs. I believe that the
definitions need to be enabled in both of these dialogs for the update
process to complete. I'll see if I can find a post I believe I recall from
another WSUS admin with some more precise language.

OK - here's a post which may help:
-------------------------------------------------------
If your windows update is pointing to your local WSUS, then you must include
the Windows Defender in synchronization setting.
In Products selection, please include Windows Defender
In Update classifications, please include Definition Updates

You must synchronize the server and approve the definition for clients to
get the latest definition.

Regards,
Cheong

 

[Guest]

Bill,

You are a life saver and your post came at a good time...yesturday was
a long Mt. Dew Caffine day for me to the point where I started to realize I
shouldn't be working on things anymore and get some shut eye. What our (my
WSUS let me take the blame for my own miss doings!) had been missing was the
auto approval for the definition installations...I had set the Synch settings
for Defender, but had not set the definition portion of it....thank you very
much for your help, and I will smack myself on the back of the head for you.

Thanks again,

Josh aka: "the miss configuration idiot"

 

[Bill Sanderson]

Reading that message about the number of different places that need changing
to make this work--I'm not surprised that it isn't immediately evident to
every administrator. Glad you got it going!
--