Manual install of Microsoft Defender Antivirus update

Hi Tianxiang,

Thanks for replying

You are correct and I downloaded the file from the link you posted

My goal is to automate update and scan processes hence I have to script it.

FYI: I tried to run this file as administrator and it didn’t work either when my laptop was off-line.

Hence my concern is: should laptop be on-line when try to install the file?

Note: my laptop is located behind the VLAN and doesn’t have access to internet. Hence I have to update Defender offline

You could see in the log successful and failed update cases depending of online vs. offline

Any clue?

Thanks

Thanks for advice.

I will try to run directly mpam-fe.exe and let you know.

I just wonder what’s the difference between using MpCmdRun with the -Path flag to file and execution of file mpam-fe.exe directly

Appreciate your help

Thanks again for trying to resolve my issue but still I don't have a luck.

Here's what I did:

1. run in PowerShell -  Get-MpComputerStatus

2. realized my current version of AntivirusSignatureVersion is 1.359.59.0

3. copy mpam-fe.exe to C:\Temp

4. execute mpam-fe.exe and check Get-MpComputerStatus that version did not change !!! i.e. it did not have effect

5. execute as Admin: "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions and checked that now version is 1.359.45.0

6. execute again as Admin mpam-fe.exe but version did not change

7. created UNC share like this: net share UNC=C:\temp. file mpam-fe.exe is located in C:\temp

8. execute "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate -UNC - Update failed with hr=80070490

9. execute "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate -UNC -Path C:\Temp\mpam-fe.exe - Update failed with hr=80070002

Well ... when I connect to my Wi-Fi and run -SignatureUpdate it does change the version but using it offline ( as I have to ) and trying all options I mentioned above ... no luck,

Any clue?

Appreciate your help

Hello,

Sorry about my trouble. It looks that I mislead you and myself :)

I ran -RemoveDefinitions and it changed my current version to xxx.45

Then I ran from command line mpam-fe.exe and checked that now version is xxx.84

Hence it looks that it works as designed. Sorry again ... likely I tried to hard :)

Well ... now is the last issue I have to resolve before implementing it.

As you mentioned before I download the file from https://www.microsoft.com/en-us/wdsi/defenderupdates

But in my case the file download should be not manual operation but by using the script.

I have the script for downloading from URL ( e.g. I am downloading daily McAfee update file from this location http://download.nai.com/products/licensed/superdat/english/intel ).

It works perfectly fine because for McAfee it's a location where files are stored. While for Windows Defender this is not a location the script expected.

Hence ... my last question: do you know the location of the files for upload?

Thanks again.

Highly appreciate your help

Hello,

I allocated the server which I'm planning to use for download. It's Win 2012 R2

I followed the document you provided and ran the following:

PS C:\temp> SignatureDownloadCustomTask.ps1 -action run -arch x86 -isDelta $true -destDir C:\temp

I've got the following error:

--

Script started.

Get-Item : Cannot find path 'HKLM:\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates' because it does not

exist.

At C:\Program Files\WindowsPowerShell\Scripts\SignatureDownloadCustomTask.ps1:171 char:12

+ $key = Get-Item -LiteralPath $path

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : ObjectNotFound: (HKLM:\SOFTWARE\...gnature Updates:String) [Get-Item], ItemNotFoundExcep

tion

+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemCommand

You cannot call a method on a null-valued expression. Cannot find path 'HKLM:\SOFTWARE\Microsoft\Microsoft Antimalware\S

ignature Updates' because it does not exist. You cannot call a method on a null-valued expression. Cannot find path 'HKL

M:\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates' because it does not exist. The term 'SignatureDownloadCus

tomTask' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of th

e name, or if a path was included, verify that the path is correct and try again. Unable to find package provider 'NuGet

'. Unable to find type [Microsoft.PowerShell.Commands.PowerShellGet.Telemetry]. The specified module 'PSReadline' was no

t loaded because no valid module file was found in any module directory.

PS C:\temp>

---

I checked the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware and noticed that it does not have expected 'Signature Updates'

What should I do next? I noticed that this server does not have C:\Program Files\Windows Defender

Sounds like it should be on the server in order to run this PowerShell script ... I'm confused ..

Thanks