Using WSUS to deploy Windows Defender definition updates started to fail on Win10
Hi experts.
I am only looking for confirmation, so if you don't even use WSUS to deploy windows defender definition updates, please don't participate.
The last update that succeeded was on friday, march 31st: 1.239.494.0
All newer ones fail to install only on win10. The updates still work on win2016 and on win8.1.
Please confirm.
Versions: Win10 v1607, WSUS on server 2012 R2, updated.
Error: "Definition Update for Windows Defender - KB2267602 (Definition 1.239.677.0) - Error 0x80070643"
I am only looking for confirmation, so if you don't even use WSUS to deploy windows defender definition updates, please don't participate.
The last update that succeeded was on friday, march 31st: 1.239.494.0
All newer ones fail to install only on win10. The updates still work on win2016 and on win8.1.
Please confirm.
Versions: Win10 v1607, WSUS on server 2012 R2, updated.
Error: "Definition Update for Windows Defender - KB2267602 (Definition 1.239.677.0) - Error 0x80070643"
Last Comment
On one of these computers click "Check Online" or download definition manual as a test, please
I did that on two machines (above) during this weekend (after Friday) and that did not work.
ASKER
Hi.
I know that the updates had problems. I am trying to find out if it still has problems. We have no direct online connection for the clients, Shaun. So I won't be able and won't need to test the online connection. Just looking for confirmation by someone else that uses WSUS to distribute those updates.
I know that the updates had problems. I am trying to find out if it still has problems. We have no direct online connection for the clients, Shaun. So I won't be able and won't need to test the online connection. Just looking for confirmation by someone else that uses WSUS to distribute those updates.
I have tried several solutions from the Microsoft Blog, and I have a good sturdy connection. I will try again this evening while you await someone with the same issue who uses WSUS.
The actual error message is an installation error, not a download error.
The actual error message is an installation error, not a download error.
ASKER
"The actual error message is an installation error, not a download error." - that is correct.
I had already tried and downloaded the standalone installer from http://go.microsoft.com/fwlink/?LinkID=121721&arch=x64 - that works. So definitely the packages on the wsus server are the problem. I only wonder why it would work on win8.1, because those packages should be identical for those 2 OS'.
I had already tried and downloaded the standalone installer from http://go.microsoft.com/fwlink/?LinkID=121721&arch=x64 - that works. So definitely the packages on the wsus server are the problem. I only wonder why it would work on win8.1, because those packages should be identical for those 2 OS'.
I don't have Windows 8.1 any more (even virtual). I understand about the identical packages. I am continuing to look for a reason to try to help.
I will try your link this evening to see if that works. Thank you for that.
The error is affecting machines beyond WSUS as well.
I will try your link this evening to see if that works. Thank you for that.
The error is affecting machines beyond WSUS as well.
ASKER
Removing HKLM\SOFTWARE\Microsoft\Mp
Maybe you saw this explanation but it makes sense
https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_updating/windows-defender-update-failing/8921304f-b710-4180-91e4-44f38b3a819e?page=4
https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_updating/windows-defender-update-failing/8921304f-b710-4180-91e4-44f38b3a819e?page=4
I guess the error is related to DropLocation mentioned in HKEY_LOCAL_MACHINE\SOFTWARE\Microsof t\MpSigStu b. Some kind problem was there with accessing that folder (or files in that folder). That's why deleting that folder may have worked. Generally, this folder is created while updating and deleted afterwards, created again when updating again and then deleted. But, maybe something prevented it from getting deleted (Tuesday updates?). Phew! Tough task to guess. But good news is that clearing Temp is working. :-)
If error happens again, try clearing Temp once more. Observe it for some days. If error occurs repeatedly then upload MpCmdRun.log and MpSigStub.log on OneDrive and post links here.
Did your solution or Shaun's solution permanently solve your issue?
Defender has turned into a big problem for Microsoft. It continues (after the fixes above) not to be working for me or many other persons.
I stuck this in Windows Insider Feedback Hub and got more up votes in 60 minutes than in the past two weeks.
Defender has turned into a big problem for Microsoft. It continues (after the fixes above) not to be working for me or many other persons.
I stuck this in Windows Insider Feedback Hub and got more up votes in 60 minutes than in the past two weeks.
ASKER
Yes, deleting that registry key has solved it - will make sure to double check if it hasn't returned for some only.
ASKER
I object to my own request for closure. It is not solved but the issue is reappearing for some, so deleting the registry key needs to be repeated and therefore it cannot be called a solution but only a temporary fix.
By this time, I have found two win8.1 stations that also had that problem, so it's not win10 exclusive after all, it's just that we have much more 10 compared to 8.1.
Open for new info on the matter.
By this time, I have found two win8.1 stations that also had that problem, so it's not win10 exclusive after all, it's just that we have much more 10 compared to 8.1.
Open for new info on the matter.
Microsoft is definitely aware of the issue and last night (my time) it was still not fixed. I am fairly sure it is not a WSUS issue (or at the least broader than WSUS).
When will they fix it? April 11 Patch Tuesday ? I am not sure (no information posted).
When will they fix it? April 11 Patch Tuesday ? I am not sure (no information posted).
I would create a GPO with WMI day filter (say Mondays) and just delete the key automatically
ASKER
"I would create a GPO with WMI day filter (say Mondays) and just delete the key automatically" - We use a scheduled task that does it daily.
"...it is not a WSUS issue (or at the least broader than WSUS). " - could be.
"...it is not a WSUS issue (or at the least broader than WSUS). " - could be.
I took a client machine just now that is Windows 10 Pro and runs Symantec Endpoint Protection. I enabled Windows Defender (but not Real Time), updated and restart and Windows Defender downloaded and installed!
I then took my own business X1 Laptop (Windows 10 Pro Symantec Endpoint Protection) and enabled Windows Defender. It updated and installed.
This is two machine and just this morning, but it does look like Microsoft has put in a fix. All normal so far as I can see.
I then took my own business X1 Laptop (Windows 10 Pro Symantec Endpoint Protection) and enabled Windows Defender. It updated and installed.
This is two machine and just this morning, but it does look like Microsoft has put in a fix. All normal so far as I can see.
ASKER
Look, it's not sure. Monday, our WSUS reported 45 machines as having update problems - all were windows defender. Then I deployed the "fix" that deleted that registry key and it worked anywhere. Now it returned but not everywhere. Still, 10 machines have that problem as of now (with the newest updates). I know I can fix it again the same way, but I will wait for a Microsoft statement.
Monday and Tuesday Defender was not installing. Today Wednesday it is smoothly installing.
I did not apply any fixes above to the two machines that are now working.
Yes, I know that two machines does not make it conclusive at all. But no fixes and it starts working is at least a very positive sign.
I did not apply any fixes above to the two machines that are now working.
Yes, I know that two machines does not make it conclusive at all. But no fixes and it starts working is at least a very positive sign.
I just fired up my X230 Windows 10 Insider laptop (15063) and Defender installed and started working normally. 2 updates on my X1 Carbon today.
So all machines we have are working as of today, no registry changes.
So all machines we have are working as of today, no registry changes.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
It seems you found just the right thread which confirms it and confirms it's been fixed by now. Will keep an eye on WSUS statistics.
ASKER
Updating is back to normal. It seems John has found just the right thread and MS has fixed it. The workaround, to delete the registry key mpsigstub is worth noting.
Thanks all.
Thanks all.
You are very welcome. All is now well with Defender. I do not know why it took Microsoft 5 days to fix it
Windows 10
Windows 10 is a personal computer operating system featuring the "universal application architecture" (UAP); apps can be designed to run across multiple devices with nearly identical code, including PCs, tablets, smartphones, embedded systems, Xbox One, Surface Hub and HoloLens. Windows 10 also includes a virtual desktop system, a window and desktop management feature called Task View, the Microsoft Edge web browser, support for fingerprint and face recognition login, voice-based search (Cortana), new security features for enterprise environments, and DirectX 12 and WDDM 2.0 to improve the operating system's graphics capabilities for games.
20K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
It appears to be a Microsoft issue.
On the Windows Insider machine, I deleted the registry key (per Microsoft Blog notes) to permit new builds to update but that did not fix Defender.
I won't get back to it until tonight to start up the Insider machine and check.
I do not think it is a WSUS issue.