Updates: Settings, ports and other issues

  • Thread starter Thread starter Kevin
  • Start date Start date
K

Kevin

Hello all,

Am I to understand the 'automatic update' settings in Defender either do
not work or go through 'Microsoft Updates'?

I have Defender set to autoupdate.

I have Microsoft Updates configured & controlled via WSUS & group policy
- so I don't care how Defender gets updated as long as it just does.


Now, the 2nd issue is that we use Websense to monitor/restrict internet
traffic. Now, every PC/laptop that has Defender/Microsoft Updates
configured triggers the Websense password dialog at bootup. My users
will have kittens if I can't do something about that.

Websense allows for a 'monitor only' option on specific URLs/IPs, but I
can't seem to get a handle on what Defender is using - in fact, it looks
like it might be going multiple places. I could really use the info on
what ports, URLs & processes are invoked & utilized to make the updates
happen so I can tell all my security features to let them happen
quietly.

Can anyone help?

Please?

Thanks!

Kevin
 
The update within Windows Defender will go to your WSUS server.

See the Networks group here for a message from me with complete instructions
for how to make Windows Defender definitions available via WSUS.

I'm not familiar with Websense. Windows Defender should be going to your
WSUS server. If WSUS isn't configured on a client, it might be going to
Microsoft's Windows Update servers.

I know that the autoupdate client will not work through a proxy that
requires authentication. the workaround Steve Dodson has posted is to allow
access to the Microsoft Windows Update servers without authentication.

Let me know if that helps, or if you can't find the info in the .networks
group.
 
How can I check to see if Defender is going through my WSUS or going
right to Microsoft?

Websense is an internet monitoring program that requires validation
(login & password) to get out to the web. Any application or user
request via web browser that attempts to go out of the environment will
trigger the login dialog. One validation is good for like 10 minutes.

At any rate, when you first log into windows now, the Websense dialog
pops up immediately - which means something is trying to access the
internet. In this case, it started after installing Defender, so where
is Defender going so we can flag it 'do not authenticate'?

Make sense?
 
Back
Top