Windows 10 Updates - Windows Defender

writhziden

writhziden

Administrator, .NET/UWP Developer
Staff member
Joined
May 23, 2012
Posts
2,943
Location
Colorado
I have updates configured to notify me when they need to be downloaded and installed. Twice I had Windows 10 update and crash my system to a black screen because it installed display drivers while I was in the middle of playing a video game, which is why I changed it through the group policy editor (Windows 10 Pro and higher).

I now have a question: is there any way to have Windows Defender update itself more often than once per day? I don't need notifications from Windows Update that Defender needs a definitions update. Most times when it asks, I go to download it, and it says that there was an error downloading the update because Defender already downloaded it and updated automatically.
 
I don't know of a way to disable the updates notification that doesn't also disable it's detection/removal notifications. Of course, popping in a reasonable free antivirus would fix that (it should disable Defender). I've used Avast for years, but I hear good things about Bitdefender, AVG, Kaspersky, Avira ... quite a few that would get allow you to avoid having to fuss with Windows Update just to get an antivirus update (Avast updates up to four times a day....and the latest versions are wise enough not to bother the users each time the definitions update).

If I see anything I'll post it here (I can't look at Defender directly on this machine, since I'm not using it) ...
Cheers


[P.S. ... Oh, and I never received more than one update a day when I was testing Windows Defender in the Insider builds]
 
FTR, I think WD is great and I run it on all my systems. Frankly, I see no reason for 3rd party scanners, except MBAM (regardless of primary scanner of choice) just to make sure I (the user is always the weakest link) or my primary scanner (WD) did not let anything slip by. And since running MSE (W7's version of WD) on W7, and WD on W8 and W10, MBAM has never found anything but a couple false positive PUPs.

By default, Windows Updates checks for new updates every 22 hours ± a couple hours. This 22, give or take a couple, apparently ensures an even distribution of hits on MS servers.

WD checks for updates 15 minutes before each scheduled "Quick" scan and the default scan is every 24 hours at about 2am. In Group Policy you change the scan frequency to run quick scans. The default is 0 which means it will run at 2am, then again the next day at 2am. You can change it to any whole number from 1 to 24. Setting it to 1 will cause it scan every hour, starting at 2am. And since it checks for updates 15 minutes before scanning, it will check for updates every hour too. I'm fine with once a day. If I suspect something, I can always manually check for something new. I might consider changing it to every 6 hours for 4/day but more than that seems like overkill - unless I had a bunch of "it can never happen to me" teenagers in my house.
 
Digerati said:
FTR, I think WD is great and I run it on all my systems. Frankly, I see no reason for 3rd party scanners, except MBAM (regardless of primary scanner of choice) just to make sure I (the user is always the weakest link) or my primary scanner (WD) did not let anything slip by. And since running MSE (W7's version of WD) on W7, and WD on W8 and W10, MBAM has never found anything but a couple false positive PUPs.

By default, Windows Updates checks for new updates every 22 hours ± a couple hours. This 22, give or take a couple, apparently ensures an even distribution of hits on MS servers.

WD checks for updates 15 minutes before each scheduled "Quick" scan and the default scan is every 24 hours at about 2am. In Group Policy you change the scan frequency to run quick scans. The default is 0 which means it will run at 2am, then again the next day at 2am. You can change it to any whole number from 1 to 24. Setting it to 1 will cause it scan every hour, starting at 2am. And since it checks for updates 15 minutes before scanning, it will check for updates every hour too. I'm fine with once a day. If I suspect something, I can always manually check for something new. I might consider changing it to every 6 hours for 4/day but more than that seems like overkill - unless I had a bunch of "it can never happen to me" teenagers in my house.
Click to expand...

Yeah, I'd rather not change the scan frequency. I instead just changed the Windows Update configuration to always download and install on a schedule. It will now install updates every Wednesday while we sleep, which should ensure Patch Tuesday updates are always installed within 24 hours of release.
 
Okay, but I suspect that does not change the frequency WD uses WU to check for signature, which should still be daily - a good thing IMO.
 
Corrine said:
It is also important to have "Cloud-based Protection" set to On as this will help protect your PC between Windows Defender updates.

You could also create a scheduled task for updating: Update Windows Defender when Automatic Updates is disabled.
Click to expand...
Cloud-based Protection is on.

Scheduled tasks are limited to once per day. I'd prefer once every hour or something similar, but I'd need 24 tasks that way. It's rather odd that there isn't a way to schedule more frequent tasks. - I guess I could run it any time the system is idle and every hour thereafter, though.


Played around with Task Scheduler a bit. I can't find a way to have it update without displaying either a command prompt or the Windows Defender app when it updates. The following is not as silent as implied because Windows Defender opens on the screen:

"If you wish to run a silent update, instead of: C:\Program Files\Windows Defender\MpCmdRun.exe –SignatureUpdate you may use: C:\Program Files\Windows Defender\MSASCui.exe -Update."


To get what I wanted, I followed the link given, but instead of running the command directly from the Windows Defender command prompt, I created a batch file and a vbs file to run the batch file invisibly. The C:\Users\Mike\AppData\Roaming\defenderUpdate.bat file:

Code: 
"C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate

The invisible.vbs file:
Code: 
Set WshShell = CreateObject("WScript.Shell" )
WshShell.Run chr(34) & "C:\Users\Mike\AppData\Roaming\defenderUpdate.bat" & Chr(34), 0
Set WshShell = Nothing
 
Last edited:

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top