Edit

Share via

Troubleshoot Microsoft Defender Antivirus Security intelligence not getting updated

  • Article

Applies to:

Symptom

When you update Microsoft Defender Antivirus security intelligence, you might see the error Protection definition update failed.

Screenshot of Protection definition update failed.

These error codes might also appear:

  • 0x8024402c
  • 0x80240022
  • 0X80004002
  • 0x80070422
  • 0x80072efd
  • 0x80070005
  • 0x80072f78
  • 0x80072ee2
  • 0x8007001B

The following screenshot shows the error Signature Update failed.

Screenshot showing signature update failed.

Solution

  1. Check the URLs required for the Security intelligence updates. You can get them via the firewall and/or proxy. See Configure your network environment to ensure connectivity with Defender for Endpoint service.

  2. Ensure that Microsoft Defender Antivirus (MDAV) is your primary antivirus. If you have a third-party antivirus that uses the Windows Security Center (WSC) API, it will disable MDAV. When MDAV is disabled, updates can't occur.

  3. Given that MDAV is the primary antivirus and the services are running:

    1. Check if updating Security Intelligence works when you manually download from Latest security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware?

    2. If so, try updating through the Microsoft Malware Protection Center (MMPC).

      Run the following PowerShell command as an administrator.

         & "${env:ProgramFiles}\Windows Defender\MpCmdRun.exe" -SignatureUpdate -MMPC

    3. If this command works, the issue might be that the Security intelligence Fallback order is set to a WSUS server without Security intelligence approved updates. Alternatively, the UNC share might be stale, or the Windows Update service might have issues.

      1. To check the WSUS server that the machine goes to, review HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer (REG_SZ). Once you find the WUServer, check if that WSUS server has the MDAV security intelligence (KB2267602 for MDAV and KB2461484 for SCEP) approved.
      2. To check the UNC share, review Manage how and where Microsoft Defender Antivirus receives updates.
      3. To check the status of the Windows Update service, review Guidance for troubleshooting Windows Update issues and Troubleshoot problems updating Windows.