Share via

WIN11 (22H2) not getting Defender Security Intelligence updates through WSUS

Raul Kaubi - RIT 5 Reputation points
2024-08-09T16:47:36.51+00:00

Hi

I have set internal WSUS server in our infrastructure, and most of the updates are doing fine. However, I have an issue with Windows 11 (22H2) Client computers, where I am not getting an Security Intelligence updates through WSUS. I have tried via "Windows Security" application and from Windows Updates - none of them works. I have also set SignatureFallbackOrder via GPO to "InternalDefinitionUpdateServer" for all of the computers (win server 2022 and w11 computers). Not helping.

Now I am getting those updates for the Windows Server 2022 (21H2) just fine.

I have selected those categories and products for the WSUS. Those updates should come from "Definition Updates".

wsus_products_list:

  • Microsoft Server operating system-21H2
  • Server 2022 Hotpatch Category
  • Microsoft Edge
  • Windows 11
  • Microsoft Defender Antivirus
  • PowerShell
  • PowerShell - x64

wsus_classifications_list:

  • Critical Updates
  • Security Updates
  • Definition Updates

W11_not_getting_security_intelligence_updates

W_Server_2022_getting_security_intelligence_updates

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
9,885 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raul Kaubi - RIT 5 Reputation points
    2024-11-07T16:13:42.4466667+00:00

    Hi

    Forgot to mention, try this, I managed to get it working after that.

    $Path="HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"

$Name="ManagePreviewBuilds"
if (Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore) { Remove-ItemProperty -Path $Path -Name $Name }

$Name="ManagePreviewBuildsPolicyValue"
if (Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore) { Remove-ItemProperty -Path $Path -Name $Name }

$Name="DeferFeatureUpdates"
if (Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore) { Remove-ItemProperty -Path $Path -Name $Name }

$Name="DeferFeatureUpdatesPeriodInDays"
if (Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore) { Remove-ItemProperty -Path $Path -Name $Name }

$Name="BranchReadinessLevel"
if (Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore) { Remove-ItemProperty -Path $Path -Name $Name }

$Name="DeferQualityUpdates"
if (Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore) { Remove-ItemProperty -Path $Path -Name $Name }

$Name="DeferQualityUpdatesPeriodInDays"
if (Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore) { Remove-ItemProperty -Path $Path -Name $Name }

Restart-Service -name wuauserv
& 'C:\Program Files\Windows Defender\MpCmdRun.exe' -SignatureUpdate

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.