MSE Definitions/Signatures Update FAQ

The following is a description of the automatic updating process for Microsoft Security Essentials virus and spyware definitions.

MSE requires that the Automatic Update service be running and started, but it does not matter what you have selected in Control Panel/Automatic Updates for the way you want to handle critical and important updates for Windows. It is recommended, however, that you at least allow Automatic Updates to notify you about critical and important updates so that you can choose to download and install them as soon as possible and help keep your operating system secure with the latest patches from Microsoft.

 

(added 11/16/12) Windows Defender in Windows 8 requires Automatic Updates to be configured to download and install updates automatically or the Windows Defender signature updates will not install automatically.

 


(The following was true prior to build 1961/1963) You will not be offered MSE signature updates via Windows Automatic Updates automatically and they will not be offered if you go to Windows Updates manually to check for updates. MSE uses the "pipe" for Windows Update only.

 

Build 1961/3: Here's what I know (perhaps I should say "think that I know") right now about the relationship of MSE background automatic updates to Windows Automatic Updates.

MSE updates have changed slightly in the new release. Updates are*also* pushed through Windows Automatic Updates via the AU check and this *does* depend on your AU selection. If you have it set for install automatically, you may see signature updates multiple times per day. If you have it set to notify only, you may see the WU tray icon telling you about available updates. You can choose to ignore this and let MSE install the updates when it checks, or you can install based on the WU pending update notice.I believe that in some cases, the tray icon will sit there for a while and then MSE will do its check, install the update and the WU tray icon will go away.Depending on when AU checks for updates and when MSE checks for and installs updates, you may note random behavior with the notification.

I'm not 100% sure of the above, however, I believe that it is fairly close. I'm trying to get some clarification, but I do know that the intent of the AU/WU active notification and installation of updates is to provideanother channel for the signatures to be regularly updated.


MSE Updates are downloaded automatically using the AU "pipe" which includes BITS, the Background Intelligent Transfer Service. It must be running and up to date, or MSE updates may have a problem.

The Microsoft Antimalware group deploys updates for MSE (also Forefront and Windows Live OneCare) typically a few times daily. It is not critical for you to check for updates throughout the day because when MSE checks for updates, the offered updates will be downloaded and added to the database.

MSE will report that it is up to date and in good status even if the definitions are a few days old on the PC. Note that MSE uses the local signatures for common protection, but it also employs behavioral detection. If suspicious activity is detected, MSE will communicate with the servers to determine if a match has been reported and will immediately download any information needed to deal with the threat if a match is found.

Updates are a once per 24 hour check on a schedule determined by MSE. There is no setting within MSE to change the scheduled time or frequency.

Optionally, you can add a check for updates by setting check for updates before scan and setting up a scheduled scan daily (for a time when the PC will be on as it won't run a missed scan later).

MSE will also check 10 minutes or so after boot or wake from sleep if there is a network connection *and* the current updates are greater than 24 hours old.
It will *not* perform this catch up check if the current definitions were installed within the past 24 hours, but will wait until the next scheduled check time.

** This "catch up" check is apparently not always working for people on wake from sleep/standby/hibernate. Microsoft is aware of this problem and are working to fix this in a future release. So, if the PC happens to be asleep when the scheduled check is supposed to happen, and you don't have the extra check enabled, and you don't reboot, you can have older definitions. In some cases, several days old.(Note that this appears to have been fixed in build 1961)

MSE will report that it is up to date until the signatures are greater than 7 days old. At that point, it will change the status to At Risk so that you can check for updates manually.

MSE will not update through an authenticated Proxy Server.

MSE  can update using WSUS. This was changed to allow colleges and universities to make signature updates available on WSUS for students' personal computers running MSE.

You can manually check for updates at any time, though this should not generally be needed. Open MSE, click on the Updates tab and click the button to check for updates.

You can manually download a full engine and definition package from the Microsoft Malware Protection Center and apply it to a PC running MSE without a clear network connection, if desired. The full package is quite large, about 40 megs. Typically, the automatic (or manual from within MSE) updates are a few megs in size.

We'll update this FAQ as needed.
-steve


~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
 

Question Info


Last updated July 18, 2019 Views 68,518 Applies to:
Answer
Answer

A new FAQ has been created to consolidate this and other information regarding Updating Virus and Spyware Definitions

Updating Virus and Spyware Definitions FAQ

 

 

Thanks!


Michael
Microsoft Answers Support
Visit our Microsoft Answers Feedback Forum and let us know what you think.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.