Manage the schedule for when protection updates should be downloaded and applied

Important

Customers who applied the March 2022 Microsoft Defender engine update (1.1.19100.5) might have encountered high resource utilization (CPU and/or memory). Microsoft has released an update (1.1.19200.5) that resolves the bugs introduced in the earlier version. Customers are recommended to update to this new engine build of Antivirus Engine (1.1.19200.5). To ensure any performance issues are fully fixed, it is recommended to reboot machines after applying update. For more information, see Monthly platform and engine versions.

Applies to:

• Microsoft Defender for Endpoint Plan 1
• Microsoft Defender for Endpoint Plan 2
• Microsoft Defender Antivirus

Platforms

• Windows

Microsoft Defender Antivirus lets you determine when it should look for and download updates.

You can schedule updates for your endpoints by:

• Specifying the day of the week to check for protection updates
• Specifying the interval to check for protection updates
• Specifying the time to check for protection updates

You can also randomize the times when each endpoint checks and downloads protection updates. See the Schedule scans topic for more information.

Use Configuration Manager to schedule protection updates

1. On your Microsoft Configuration Manager console, open the antimalware policy you want to change (click Assets and Compliance in the navigation pane on the left, then expand the tree to Overview > Endpoint Protection > Antimalware Policies)

2. Go to the Security intelligence updates section.

3. To check and download updates at a certain time:

   • Set Check for Endpoint Protection security intelligence updates at a specific interval... to 0.
   • Set Check for Endpoint Protection security intelligence updates daily at... to the time when updates should be checked.

4. To check and download updates on a continual interval, Set Check for Endpoint Protection security intelligence updates at a specific interval... to the number of hours that should occur between updates.

5. Deploy the updated policy as usual.

Use Group Policy to schedule protection updates

Important

By default, "SignatureScheduleDay" is set as "8" and "SignatureUpdateInterval" is set as "0" so Microsoft Defender Antivirus will not schedule protection updates. Enabling these settings will override that default.

1. On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and click Edit.

2. In the Group Policy Management Editor go to Computer configuration.

3. Click Policies then Administrative templates.

4. Expand the tree to Windows components > Microsoft Defender Antivirus > Security Intelligence Updates and configure the following settings:

   1. Double-click the Specify the day of the week to check for security intelligence updates setting and set the option to Enabled. Enter the day of the week to check for updates. Click OK.

   2. Double-click the Specify the interval to check for security intelligence updates setting and set the option to Enabled. Enter the number of hours between updates. Click OK.

   3. Double-click the Specify the time to check for security intelligence updates setting and set the option to Enabled. Enter the time when updates should be checked. The time is based on the local time of the endpoint. Click OK.

Use PowerShell cmdlets to schedule protection updates

Use the following cmdlets:

Set-MpPreference -SignatureScheduleDay
Set-MpPreference -SignatureScheduleTime
Set-MpPreference -SignatureUpdateInterval

See Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus and Defender Antivirus cmdlets for more information on how to use PowerShell with Microsoft Defender Antivirus.

Use Windows Management Instruction (WMI) to schedule protection updates

Use the Set method of the MSFT_MpPreference class for the following properties:

SignatureScheduleDay
SignatureScheduleTime
SignatureUpdateInterval

See the following for more information and allowed parameters:

• Windows Defender WMIv2 APIs

Tip

If you're looking for Antivirus related information for other platforms, see:

• Set preferences for Microsoft Defender for Endpoint on macOS
• Microsoft Defender for Endpoint on Mac
• macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
• Configure Microsoft Defender for Endpoint on iOS features
• Configure Defender for Endpoint on Android features
• Set preferences for Microsoft Defender for Endpoint on Linux
• Microsoft Defender for Endpoint on Linux

Related articles

• Deploy Microsoft Defender Antivirus
• Manage Microsoft Defender Antivirus updates and apply baselines
• Manage updates for endpoints that are out of date
• Manage event-based forced updates
• Manage updates for mobile devices and virtual machines (VMs)
• Microsoft Defender Antivirus in Windows 10 and 11

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.