Skip to main content

Hi,



I would like to request a feature to run a Patch Policy each hour in order to patch Microsoft Defender updates as soon as possible when they get released by Microsoft. Currently we run it once a day at 11 AM, but then the update might have been released and superseded several hours ago. Also scanning for updates should also be able to run every hour if not every half an hour.



Kind regards


Tom Aril Virak

HI Tom,



One interesting topic that isn’t discussed often, is that Defender will update itself automatically.



If you prefer to force update Defender, you could create a scheduled task to run as often as you like as a solution for now. The scheduled task would need to run the PowerShell command “Update-MpSignature”.



Hi David,



Thanks for the tip, but I see a couple of issues with this.


Defender updates comes from Windows Update, if I use the setting “Disable OS Automatic Updates” in the group it will not get Defender updates automatically.


Using Scheduled task is indeed an option, but we loose control over the updates, I can’t see in a portal if computers actually gets defender updates.


Hi Tom,



The Defender definitions will still update with the Disable OS Automatic Updates configured. It is not on a strict defined time update schedule, but it does check\apply updates before any scan runs. It will regularly update at a faster cadence than once a day without being forced.



In the console, you will see the status of the "Security Intelligence Update for the “Microsoft Defender Antivirus - KB2267602” patch for the current definition version at the time of scan. Alternately it will show it is Awaiting update. Using a scheduled task to force the agent to check for the newest definition update will give you the fast update cadence you prefer, and the console will give you a point in time compliance check that will report the definition is up to date more often than you see with the 6-24 hr scan, and daily patch cadence. That seems the primary intent of your request, and could serve as a good workaround.



With that said, I do want to speak to your request. A mechanism to manage definition updates is absolutely ideal. The scan and scheduled deployments as they are today work well for standard patching. It does not cover the cadence needed to keep definitions up to date and provide the close to real time state compliance you want for an anti-virus product or other definition based solution.


Reply