~ Ranajoy Dutta | Senior Support Engineer
Hi everyone, Ranajoy Dutta here. I’m a Senior Support Engineer on Microsoft’s Configuration Manager team and thought I’d share a quick tip about an issue you might run into with Windows Defender on Windows 10.
The problem usually is first noticed by the fact that the Windows Defender client on Windows 10 fails to get software updates from Configuration Manager. Looking further, you may also notice that the Windowsupdate.log file contains entries similar to the following:
2015/09/15 09:24:00.0000000 968 3756 Agent * END * Finding updates CallerId = Windows Defender (77BDAF73-B396-481F-9042-AD358843EC24) Id = 2
2015/09/15 09:24:00.0000000 7648 6472 ComApi *RESUMED* Search ClientId = Windows Defender (77BDAF73-B396-481F-9042-AD358843EC24)
2015/09/15 09:24:00.0000000 7648 6472 ComApi Updates found = 0
2015/09/15 09:24:00.0000000 7648 6472 ComApi * END * Search ClientId = Windows Defender (77BDAF73-B396-481F-9042-AD358843EC24)
2015/09/15 09:24:00.0000000 7648 8308 ComApi ISusInternal:: DisconnectCall failed, hr=8024000C
As you can see, Windows Defender is getting Updates found = 0.
In most cases this is caused simply because the Windows Defender product is not enabled in the properties of the Configuration Manager Software Update Point (SUP).
So if you notice that Windows Defender isn’t getting software updates in your Configuration Manager environment, open the ConfigMgr console and go to Sites, then highlight the site in question and choose Software Update Point Component Properties. From there you can select the Products tab and verify whether Windows Defender is enabled or not. If not, go ahead and put a check in the box as shown below.
That’s it. Once this is done your Windows Defender clients should start receiving updates from your Software Update Point.
For an additional reference, this is also mentioned in the Endpoint Protection docs in the TechNet Library here:
Ranajoy Dutta | Senior Support Engineer | Microsoft GBS Management and Security Division
System Center All Up: http://blogs.technet.com/b/systemcenter/
Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
Data Protection Manager Team blog: http://blogs.technet.com/dpm/
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm
Microsoft Intune: http://blogs.technet.com/b/microsoftintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The RMS blog: http://blogs.technet.com/b/rms/
App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv
The Surface Team blog: http://blogs.technet.com/b/surface/
The Application Proxy blog: http://blogs.technet.com/b/applicationproxyblog/
The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/
System Center 2012 Configuration Manager System Center 2012 R2 Configuration Manager ConfigMgr 2012 R2