Quick Tip: Windows Defender clients on Windows 10 fail to get software updates from Configuration Manager

~ Ranajoy Dutta | Senior Support Engineer

FIXHi everyone, Ranajoy Dutta here. I’m a Senior Support Engineer on Microsoft’s Configuration Manager team and thought I’d share a quick tip about an issue you might run into with Windows Defender on Windows 10.

The problem usually is first noticed by the fact that the Windows Defender client on Windows 10 fails to get software updates from Configuration Manager. Looking further, you may also notice that the Windowsupdate.log file contains entries similar to the following:

2015/09/15 09:24:00.0000000 968   3756  Agent           * END * Finding updates CallerId = Windows Defender (77BDAF73-B396-481F-9042-AD358843EC24)  Id = 2
2015/09/15 09:24:00.0000000 7648  6472  ComApi          *RESUMED* Search ClientId = Windows Defender (77BDAF73-B396-481F-9042-AD358843EC24)
2015/09/15 09:24:00.0000000 7648  6472  ComApi          Updates found = 0
2015/09/15 09:24:00.0000000 7648  6472  ComApi          * END *   Search ClientId = Windows Defender (77BDAF73-B396-481F-9042-AD358843EC24)
2015/09/15 09:24:00.0000000 7648  8308  ComApi          ISusInternal:: DisconnectCall failed, hr=8024000C

As you can see, Windows Defender is getting Updates found = 0.

In most cases this is caused simply because the Windows Defender product is not enabled in the properties of the Configuration Manager Software Update Point (SUP).

So if you notice that Windows Defender isn’t getting software updates in your Configuration Manager environment, open the ConfigMgr console and go to Sites, then highlight the site in question and choose Software Update Point Component Properties. From there you can select the Products tab and verify whether Windows Defender is enabled or not. If not, go ahead and put a check in the box as shown below.

clip_image001

That’s it. Once this is done your Windows Defender clients should start receiving updates from your Software Update Point.

For an additional reference, this is also mentioned in the Endpoint Protection docs in the TechNet Library here:

How to Configure Endpoint Protection in Configuration Manager

Ranajoy Dutta | Senior Support Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/

Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/ 
Data Protection Manager Team blog: http://blogs.technet.com/dpm/ 
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/ 
Operations Manager Team blog: http://blogs.technet.com/momteam/ 
Service Manager Team blog: http://blogs.technet.com/b/servicemanager 
Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Microsoft Intune: http://blogs.technet.com/b/microsoftintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The RMS blog: http://blogs.technet.com/b/rms/
App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv
The Surface Team blog: http://blogs.technet.com/b/surface/
The Application Proxy blog: http://blogs.technet.com/b/applicationproxyblog/

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

System Center 2012 Configuration Manager System Center 2012 R2 Configuration Manager ConfigMgr 2012 R2