cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Manual Microsoft Defender update not working

Hi !

We are trying to manually update Windows Defender by using official Standalone-Update packages provided by Microsoft. By manually I mean to run the packages using 3rd party patch/software management. There is no WSUS and running standalone update packages is the intended way if you do not use WSUS.

 

As long as ENS is active, the Windows Defender service do not start, but it is necessary for the standalone update package to run sucessfully. Did anyone else had the same problem and found a solution that do not include to deinstall ENS completely to have the update run ?

6 Replies
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Manual Microsoft Defender update not working

Hi @warlord711,

Thank you for your post. As long as ENS is active, under ideal conditions, it is going to be ENS that will be taking care of your anti malware needs. hence May I know why you are trying to update Windows Defender.

However, I have never tried running an update for Windows Defender with ENS present. Since you have mentioned offline packages being used here, Have you tried a direct update form the internet?

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: Manual Microsoft Defender update not working

Sure you can ask. There is a known vulnerability in outdated WIndows Defender version. We are running Tenable NEssus Scanner vs every machine to find and to mitigate those vulns. For WIndows Defender we found no good way to do it automaticially.

McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: Manual Microsoft Defender update not working

Hi @warlord711,

Thank you for your prompt response. Sorry about the delay. Kindly please point me to the source where I can download this update file and check. Is this a KB update that can be done via Windows update?

If that's the case, Does running Windows update help you here?

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: Manual Microsoft Defender update not working

Hi ! Thanks for your response.

THe update file mentioned is the Security INtelligence Update for Windows Defender Antivirus, to be found under https://www.microsoft.com/en-us/wdsi/defenderupdates

In detail, the mpam-fe.exe https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64

Running Windows Update is no option since alle devices got GPO in place that points to 3rd party Patch Management, including all Windows patches+KBs BUT excluding Windows Defender updates. This is not an issue of the 3rd party vendor but microsoft policies.

 

This is the CVE we try to mitigate:

 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161

 

 

McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: Manual Microsoft Defender update not working

Hi @warlord711

Thank you for your response. Ideally since McAfee ENS has taken over the Anti Malware responsibility, there should be no requirement for MpSigStub.exe to run which would eliminate the possibility of this attack. However, I shall give this a try in my lab environment and get back to you with an update on the same.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: Manual Microsoft Defender update not working

Hi @warlord711,

Thank you for your time and patience with us on this. I am afraid the result is same with me as well. And we may have to go with Microsoft's suggestion on this:

"The definitions are not updating on my system. What do I do?

This security update is delivered only through definition updates. This cannot happen if Defender is in a disabled state (such as in the case of a third-party antivirus product providing real time protection). If Defender is disabled, you can delete the vulnerable file from the system: C:\WINDOWS\System32\MpSigStub.exe.

If Defender is re-enabled at a later time, MpSigStub.exe will be replaced only when updating signatures via Microsoft Update or WSUS. MpSigStub.exe will not be replaced via the standalone Mpam-fe.exe install or via UNC Path installs."

Source: Based on this Threat Advisory you have provided for this issue.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community