Windows Defender

[Guest]

Hello,
I am trying to inquire about Windows Defender. In our LAN environment we
have been using the MS Antispyware for our users and this software has seemed
to do a good job keeping the spyware at bay. However, as Antispyware become
outdated, we would like to migrate everyone to Defender. So I have
downloaded Defender to my PC - (Windows XP - SP2) - however, I am unable to
hit the update servers, etc.
I am not sure why - does it not run behind a firewall? To we need to open a
special TCP.UDP port so we can find the update servers? It goes through the
motions but then gives the error "unable to complete update . . . "Need to
know what I can do to get the software to work in a LAN environment.

 

[Bill Sanderson]

http://support.microsoft.com/kb/915597

describes how Windows Defender definitions are made available.
Specifically, on a corporate network, where AutoUpdate is restricted, you'll
need to be running WSUS, and the administrator needs to take several
settings steps within WSUS to enable the Windows Defender definitions to be
available to the users.

 

[Guest]

Thanks for the info - will check it out.
--
LCD

http://support.microsoft.com/kb/915597

describes how Windows Defender definitions are made available.
Specifically, on a corporate network, where AutoUpdate is restricted, you'll
need to be running WSUS, and the administrator needs to take several
settings steps within WSUS to enable the Windows Defender definitions to be
available to the users.

 

[Bill Sanderson]

There's not much "meat" in that article, I'm afraid. Basically, if your
network is controlling patching through a central server, you need to be
running WSUS, rather than the soon-to-be-retired SUS, and the administrator
needs to take several steps to enable Windows Defender definitions to be
pushed. If you are running a third-party patch management solution, I don't
know what is or is not possible--I haven't seen any public statements by
such vendors--except Shavlik, who stated that they would look at whether or
not this would be possible when Windows Defender is a released product.

--

 

[Guest]

Would anyone care to elaborate on the "several steps" required to allow
Defender updates? I am running WSUS, what else do I need to do?

 

[Bill Sanderson]

I've never even seen a WSUS admin screen--but there's a good post here--let
me see if I can find it:
-------------------------------------------------------------------------------
If your windows update is pointing to your local WSUS, then you must include
the Windows Defender in synchronization setting.
In Products selection, please include Windows Defender
In Update classifications, please include Definition Updates

You must synchronize the server and approve the definition for clients to
get the latest definition.

Regards,
Cheong

 

[Guest]

Thanks Bill,

I had just fired up WSUS and "Defender" was already checked but the
"definitions" selection was not checked. I was wondering if there was
anything else to do, so your post is very timely.

Thanks,

 

[Bill Sanderson]

Glad it helped. I've got an SBS-2000 server I need to upgrade to SBS-2003,
at which point I think I can run WSUS my self and learn how to do this
properly!

--