Cannot update windows defender for Windows 7 Ultimate

Cannot update windows defender.
"the program cant install definition updates. error found 0x800b109. a certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"
on Windows 7 ultimate.
 

Question Info


Last updated April 1, 2020 Views 6,342 Applies to:

Hi Louis,

I can't make anything out from your error code, because I don't know how you

attempted to update your Windows Defender. Since you posted in the "Windows

Defender Offline" section, I assume that you are trying to update definitions for

W7 Windows Defender Offline. If that is the case, please see the following link.

https://support.microsoft.com/en-us/help/17466/windows-defender-offline-help-protect-my-pc

Scroll down to "Using Windows Defender Offline on W7 and W8.1".

You will see the procedure described here. Note; The download for the

Mssstool that will you use for that purpose is "Bit specific". 32-bit or 64-bit.

You use the Mssstool that you downloaded, to create a bootable USB to run

WDO on your W7 PC.  However, due to problem that just recently resurfaced,

the "Program" portion of the USB will cause a failure that declares that your

"Definitions are out of Date", when you run it. Even though you just updated

them before running.   Without internet connectivity you can't update them.

This is an "old" problem that has been fixed before, but we can't expect that

Microsoft will fix it again, at this late date in the life of W7.

You can over come this problem by using a USB that already has a good

"Program" on it when you run the Mssstool. In that case only the definitions

are updated, and the good program remains in place.

If you can gain access to a bootable WDO USB, on which the "Program"

has not recently been  updated , and copy it to a blank USB, you can create

a working WDO USB on it by running the Mssstool to update only the

definitions.

Hope this helps you with your problem

Glen    

1 person was helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Since the previous (official?) reply wasn't helpful in my case (I use the standard 'Windows Defender' and not 'Windows Defender Offline' on Windows 7), I've managed to solve the problem by installing two updates: 

  1. KB4474419 - SHA-2 code signing support update for Windows Server 2008 R2, Windows 7, and Windows Server 2008: September 23, 2019
  2. KB4490628 - Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: March 12, 2019

They both are mentioned at the page dedicated to SHA-2 support for Windows 7 - 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

And this link was accidentally found as the note at the page for Windows Defender Updates:

Note: Starting on Monday October 21, 2019, the Security intelligence update packages will be SHA2 signed.
Please make sure you have the necessary update installed to support SHA2 signing, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

Apparently the issue hits only those who run Windows 7 without automatic updates :)

14 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Are you able to update Windows?

Check your system date and time and make sure it is correct.

Do you have any Anti-Virus software installed?

Windows Defender is Anti-Spyware only and you will need full Anti-Malware protection like Microsoft Security Essentials:

https://support.microsoft.com/en-us/help/14210/security-essentials-download

1 person was helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

@Anton

Just wanted to thank you for the succinct and accurate solution.

Installing those two SHA-2 updates did the trick and Security Essentials is happily grabbing definitions again. 

The problem is pretty obvious after the fact (like every other problem I guess) since you can clearly see the definitions stop at 10/21/19 and there are certificate failures in Event Viewer after that.

Thanks again for the valuable answer. Got things quickly going and I'm sure I will come across this more in the future.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

THANKS for detailed information. It solved my problem of Windows Defender definition updates.

KB4474419 - SHA-2 code signing support update for Windows Server 2008 R2, Windows 7, and Windows Server 2008: September 23, 2019 

This file solved certificate issue and provide me Windows  Defender update.

Once again, thank you.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi Louis,

I can't make anything out from your error code, because I don't know how you

attempted to update your Windows Defender. Since you posted in the "Windows

Defender Offline" section, I assume that you are trying to update definitions for

W7 Windows Defender Offline. If that is the case, please see the following link.

https://support.microsoft.com/en-us/help/17466/windows-defender-offline-help-protect-my-pc

Scroll down to "Using Windows Defender Offline on W7 and W8.1".

You will see the procedure described here. Note; The download for the

Mssstool that will you use for that purpose is "Bit specific". 32-bit or 64-bit.

You use the Mssstool that you downloaded, to create a bootable USB to run

WDO on your W7 PC.  However, due to problem that just recently resurfaced,

the "Program" portion of the USB will cause a failure that declares that your

"Definitions are out of Date", when you run it. Even though you just updated

them before running.   Without internet connectivity you can't update them.

This is an "old" problem that has been fixed before, but we can't expect that

Microsoft will fix it again, at this late date in the life of W7.

You can over come this problem by using a USB that already has a good

"Program" on it when you run the Mssstool. In that case only the definitions

are updated, and the good program remains in place.

If you can gain access to a bootable WDO USB, on which the "Program"

has not recently been  updated , and copy it to a blank USB, you can create

a working WDO USB on it by running the Mssstool to update only the

definitions.

Hope this helps you with your problem

Glen    

I have same issue WDO not updating, I have Ethernet plugged in to working internet connection during BOOT from DVD and USB but WDO still does not update. What's up with that?

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.