Windows 10: Microsoft Defender Update Source change via SCCM Antimalware Policy

Discus and support Microsoft Defender Update Source change via SCCM Antimalware Policy in AntiVirus, Firewalls and System Security to solve the problem; Hello, We are currently managing MS Defender via SCCM & currently AV signature update source is SCCM CMG. We would like to change update source to... Discussion in 'AntiVirus, Firewalls and System Security' started by Girish_Modak, May 19, 2022.

  1. GIRISH_MODAK
    Girish_Modak Win User

    Microsoft Defender Update Source change via SCCM Antimalware Policy


    Hello, We are currently managing MS Defender via SCCM & currently AV signature update source is SCCM CMG. We would like to change update source to Microsoft Update & fallback as SCCM CMG. We applied separate test policy on few machines, but machines are now not updating at all. We would like to see the logs from which update source systems are trying to update the signatures. Please help to know which log files we can refer to narrow down this and understand real issue.Thanks in Advance!Girish Modak.

    :)
     
    Girish_Modak, May 19, 2022
    #1
  2. NICK.AQUINO
    nick.aquino Win User

    SCCM Local Policy - BITS

    Managing BITS policy for clients can be done several ways - just a few listed here:

    1. Group Policy template
    2. Local Policy template
    3. registry
    4. and more...

    SCCM client settings for BITS uses local policy to enforce the BITS agent settings.

    Consider the following scenario:

    SCCM client settings contains BITS settings for max throttle, start and stop times, etc...

    SCCM Client settings also have the "Limit the maximum network bandwidth for BITS backgrounds transfers" set to "NO" so, effectively no settings that are configured are actually being enforced.

    This is working fine. Here's the issue:

    If I fun the following command:

    GPResult /scope computer /h file.htm

    ... the output file will show that this local setting is "enabled" and appears it is enforced.

    The setting is not enforced but the reporting mechanism thinks it is. I'm considering this a bug. This burned a customer and cost them several hours of troubleshooting where this setting was coming from because they swore that SCCM was not setting it.
     
    nick.aquino, May 19, 2022
    #2
  3. NKAUFMAN
    nkaufman Win User
    Win-10 Update issue and Group Policy

    Hello,

    Had followed a tutorial on this forum and installed Win-10 and set up Data Partition on D:\.

    Did Win-10 update v.1803 some time back and got the following error:
    Update for Windows Defender antimalware platform - KB4052623 (Version 4.18.1809.2)
    Failed to install on ‎10/‎8/‎2018 - 0x8024001e

    Clicking on the above (it was a link) led me to:
    https://support.microsoft.com/en-us/...lware-platform

    that mentions:
    Because of a change in the file path location in the update, many downloads are blocked when AppLocker is enabled. To work around this issue, open Group Policy, and then change the setting to Allow for the following path:%OSDrive%\ProgramData\Microsoft\Windows Defender\Platform\*


    Any ideas how to do the above? Detailed steps?

    Thanks,
     
    nkaufman, May 19, 2022
    #3
  4. MORRIS SUBBA
    Morris Subba Win User

    Microsoft Defender Update Source change via SCCM Antimalware Policy

    Windows Defender Group Policy Disabeled

    Hi,

    Thank you for contacting Microsoft community.

    As you have stated you want to disable the group policy so that you can run windows defender on the computer.

    I would like to suggest few troubleshooting steps:

    Method 1: Disable group policy from gpedit.msc


    • Press Windows key + R.

    • Type gpedit.msc and click Ok.(it will open Local Group policy editor)

    • Go to Computer Configuration/Administrative Templates/Windows Components/Windows Defender.

    • In the right pane of
      Windows Defender       in Local Group Policy Editor, double click/tap on the
      Turn off Windows Defender       policy to edit it.

    • Select (dot) Not Configured or
      Disabled, click/tap on OK,

    • When finished, you can close the Local Group Policy Editor if you like.
    If the issue still persist you can follow method 2.

    Method 2: Disable group policy from registry.

    Important: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow
    these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the
    article in the Microsoft Knowledge Base:

    How to back up and restore the registry in Windows

    How to back up and restore the registry in Windows


    • Press Window Key +R.

    • Type regedit and click. (it will open registry)

    • Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

    • Right Click on Window Defender to create a new Dword.

    • Click on New and Select Dword.

    • Type DisableAntiSpyware.

    • Right click on DisableAntiSpyware and click on modify.

    • Set the value to 0 instead of 1.

    Hope this information is helpful. If the issue still persists, you can write back to us and we will be glad to assist you further.
     
    Morris Subba, May 19, 2022
    #4
Thema:

Microsoft Defender Update Source change via SCCM Antimalware Policy

Loading...

  1. Microsoft Defender Update Source change via SCCM Antimalware Policy - Similar Threads - Microsoft Defender Update

  2. SCCM UPDATES

    in Windows 10 Installation and Upgrade
    SCCM UPDATES: Computers updated through SCCM with wsus. Ran test on computer and ran updates from microsoft update after sccm updates for this month. KB4023057 was not installed. Went to software updates in sccm and searched for update not included Checked with KB article under Wsus and it...

  3. Windows Defender Antimalware Platform 4.18.2101.4-0 causes problems with group policy and...

    in AntiVirus, Firewalls and System Security
    Windows Defender Antimalware Platform 4.18.2101.4-0 causes problems with group policy and...: Today the Windows Defender Antimalware Platform was updated automatically from version 4.18.2011.6 -> 4.18.2101.4 on my computer. I didn't notice it at first but since this morning I was experiencing the following problems on my computer: - LDAP queries to the domain...

  4. Update for Windows Defender antimalware platform

    in Windows 10 Installation and Upgrade
    Update for Windows Defender antimalware platform: Your recent update is preventing our Win10 machine from working. It boots eventually and them hangs. Inspection via 'task manager' identifies Win defender as the issue. This is your recommended fix...

  5. SCCM can't download Defender Definition updates

    in AntiVirus, Firewalls and System Security
    SCCM can't download Defender Definition updates: Hi all, I was trying to configure SCCM server which will be managing Windows Defender. For some reason the Definition files are not visible neither in the SCCM console nor the WSUS server. All other type of engine updates for Defender are there but I can't find the...

  6. Antimalware Platform for Windows Defender update

    in AntiVirus, Firewalls and System Security
    Antimalware Platform for Windows Defender update: The antimalware platform for Windows Defender has been updated today to v4.18.1910.4 You can get it here at Microsoft's Catalog: x86. x64 ARM64 I hope I am not mistaken and that is the correct order: Check file details for architecture. 143395

  7. Windows Defender Not Updating on Windows 10 Machines via SCCM 2012 R2

    in Windows 10 Installation and Upgrade
    Windows Defender Not Updating on Windows 10 Machines via SCCM 2012 R2: Hi Guys, I am facing an issue that our Windows 10 Machines are not updating Defender Definition. We have Deployed SCCM 2012 R2 Below is the screenshto [ATTACH]...

  8. Defender antimalware client update

    in AntiVirus, Firewalls and System Security
    Defender antimalware client update: In Windows 10 version 1709, os build 16299.192, checking for updates shows a new update for the Windows Defender antimalware platform, to version 4.12.17007.18011 [img] Installed without a problem, no restart required. Defender before updating... [img]...

  9. Updated Defender Antimalware Client

    in AntiVirus, Firewalls and System Security
    Updated Defender Antimalware Client: Just got an update thru Windows Update. Appears the Antimalware Client for Defender has been updated, and the Base # for the defender definitions has been bumped up. [img] [img] 99752

  10. Changes to update policies

    in Windows 10 Updates and Activation
    Changes to update policies: Hmmm.. a slight step in the right direction: "Speaking to press this week Microsoft Corporate Vice President Jim Alkove said the company will stop hiding the contents of Windows 10 updates and what changes they will make once installed."...