Signature updates block by GPO

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

** First posted my comments in the general security group but have now found
this one.

This is a message for the Defender Development Team.

Was using Ansispyware beta 1 but downloaded Defender today.

After install it informed me that it could not update the signatures (giving
a 0x8... error - but I didn't write it down). On looking at the read-me I
noticed it uses Windows updates to get the signatures.

I run out systems with "Windows Updates/Microsoft Updates" blocked by GPO
and push out approved updates via SMS periodically.

I poked the registry to remove the GPO block and the signatures updated
sucessfully (and then reset the block to conform to our corporate policy).

I hope this gets to the relevant team and look forward to a version that
operated in our business enviroment.

Regards,
David Gregg
 
Windows Defender signature updates are available via WSUS servers, as well
as Windows Update.
 
Bill,

Nice to talk to you again.

Can you confirm when deployed in an environment with Windows Updates
disabled by GPO that the system will be protect with default signatures but
that the signature updates will not occur until SMS (software update tools)
push out the relevant KB package.

Dave.
 
I can't.

I know that if you have deployed WSUS, you can enable the Windows Defender
signature updates to be available via that mechanism.

What I don't know is how that relates to SMS, if at all.

(pure lack of experience--not trying to hide anything!)

The program as distributed has no signatures, apparently--so I suspect that
the level of real-time protection afforded before the initial signature
package is pushed is lacking, to say the least.

Microsoft clearly states, in a variety of places, that beta software in
general, and this beta, in particular, should not be deployed on production
systems.
--
 
I understand fully.

As a security conscious company we run a fully managed S(D)OE with tight
policies on updates whilst maintaining a focus on stability and usability too.

We run a reference environment for pre-deployment testing and thus look at
such items as this Beta as soon as they become available to us so we can
revise policy and document procedure as early as possible.

I'll see if Defender signature updates have appeared in the SMS Microsoft
Updates tool - Software Updates list.

Thanks for your help.

Dave..
 
Back
Top