Forum Discussion

dedicated-worker's avatar
dedicated-worker
Copper Contributor
Jan 16, 2025

Microsoft Defender fails to update from File Share

Hello!

 

I've tried to configure my Windows system to use Defender Updates through File Share. On my domain controller I've set two GPOs to make it possible.

  • Define file shares for downloading security intelligence updates -> \\fileserver\DefenderUpdates
  • Define the order of sources for downloading security intelligence updates -> FileShares

When running the command Get-MpPreference I can see that the GPOs were successful with the following output:

SignatureDefinitionUpdateFileSharesSources            : \\fileserver\DefenderUpdates
SignatureDisableUpdateOnStartupWithoutEngine          : False
SignatureFallbackOrder                                : FileShares

The file structure on the file share looks like the following:

\---DefenderUpdates
    \---x64
            mpam-fe.exe

 

Then I tried to run the command Update-MpSignature and I get the following error message:

Update-MpSignature: Virtus and spyware definitions update was complated with errors.
At line:1 char:1
+ Update-MpSignature
+
      + CategoryInfo          : NotSpecified: <MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature> [Update-Signature], CimException
      + FullyQualifiedErrorId : HRESULT 0x8024402c,Update-MpSignature

 

This has worked previously but I don't know what has changed. Does any one have a clue?

 

Best regards,

dedicated-worker.

Defender
update
windows
  • luchete's avatar
    luchete
    Steel Contributor
    Jan 28, 2025

    Hello dedicated-worker 

    It looks like there might be a network or maybe a permissions issue. Make sure your system can access the file share properly and that the permissions on the file share are set correctly or didn't changed. Also, check that the update file (mpam-fe.exe) is not corrupted and is up to date. If everything looks good, try clearing the update cache using the PowerShell command Set-MpPreference -SignatureUpdateInterval 0 and then attempt the update again. You could also check the Event Viewer for more details on what's going wrong.

    In case here are some PowerShell commands you can use to clear the update cache and reset the update interval:

    Set-MpPreference -SignatureUpdateInterval 0
    Set-MpPreference -SignatureUpdateInterval 1

    These commands can help reset Defender's update settings and might resolve issues with the update process.

    Hope it helps!

Resources