Kaseya Community

Windows Defender definition updates

  • Hi,

    With Windows 8 becoming more and more common we nowadays have some customers that we keep Windows Defender active on (since KAV yet does not support Windows 8 until the new KSC is released).

    What we have noticed is that Windows Defender relies on Windows Automatic Update to function properly to recieve new AV-definitions. This is a hassle since we use Kaseya Patch Management to push out updates on all of our customers agents they never recieve the AV-definitions automaticly.

    I have created a script that can be run manually on the client to retrieve and install the lates definitions on a client. But we would like the client to perform this action themselves and not to having to rely on "another" script to manually install theese updates.

    Has anyone else encountered this issue, and how are you handling this? What is Kaseyas suggested solution to this?

    /Jon

  • I have a scheduled script that runs on all my Windows 8 / Server 2012 machines each day and initiates a signature update. This way it ends up in the exec report.

    However...both OS's already have a task scheduler setup under windows defender to run the update at 3am. Why not just tweak that to run every 4 hours or so?

  • Jon,

    Can I get a copy of the script you use to update windows defender for windows 8?

    Rooney

  •  I cant seem to find the existing scheduler. But thats one way to to it script it to activate it there. I find it easier letting Kaseya doing it though.

     Ofc here you go. (as always... use at own risk :) )

    I forgot how to embed the script in this forum. Perhaps someone with experience can tell me for future posts.

    This XML file does not appear to have any style information associated with it. The document tree is shown below.

    <ScriptExport xmlns:xsi="www.w3.org/.../XMLSchema-instance" xmlns:xsd="www.w3.org/.../XMLSchema" xmlns="www.kaseya.com/.../Scripting">

    <Procedure name="JB - W8 - Windows Defender - definition update" treePres="3" id="1672610066" folderId="34177673157167229741112352" treeFullPath="Atrox.Computer Management">

    <Body description="">

    <Statement name="WriteScriptLogEntry" continueOnFail="false">

    <Parameter xsi:type="StringParameter" name="Comment" value="Attempting update in Windows Defender definitions updates"/>

    </Statement>

    <If description="">

    <Condition name="Windows 32 or 64 Bit Check">

    <Parameter xsi:type="EnumParameter" name="Condition" value="Exists"/>

    </Condition>

    <Then>

    <Statement name="ExecuteShellCommand" continueOnFail="false" osType="Windows">

    <Parameter xsi:type="StringParameter" name="Command" value=""C:\Program Files\Windows Defender"\MpCmdRun.exe -SignatureUpdate"/>

    <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System"/>

    <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="True"/>

    </Statement>

    </Then>

    <Else>

    <Statement name="ExecuteShellCommand" continueOnFail="false" osType="Windows">

    <Parameter xsi:type="StringParameter" name="Command" value=""C:\Program Files\Windows Defender"\MpCmdRun.exe -SignatureUpdate"/>

    <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System"/>

    <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False"/>

    </Statement>

    </Else>

    </If>

    <Statement name="WriteScriptLogEntry" continueOnFail="false" osType="Windows">

    <Parameter xsi:type="StringParameter" name="Comment" value="Windows Defender update command completed"/>

    </Statement>

    </Body>

    </Procedure>

    </ScriptExport>