Menu
CCMEXEC.COM – Enterprise Mobility
  • Home
  • General
  • Configuration Manager
  • Windows 10
  • Intune
  • GitHub
  • Windows 11
  • About the author
CCMEXEC.COM – Enterprise Mobility

Download and deploy Windows Defender Definitions for Windows 10 during OSD

Posted on January 14, 2016April 3, 2021 by Jörgen Nilsson

When you are using Windows 10 and Windows Defender in Windows 10 then the definitions are as old as the .WIM file is. It is a good idea to update the definitions during OSD to make sure that the latest definitions are there.

I have used Chris Nackers post and script a lot for downloading and deploying the definitions for System Center Endpoint Protection during OS deployment in Windows 7, Windows 8. http://www.chrisnackers.com/2012/10/18/configuration-manager-2012-installing-endpoint-protection-during-a-task-sequence/

This post will cover how we can do the same for Windows Defender when deploying Windows 10, it is actually much easier as we don’t have to install the Windows Defender client as it is already included in Windows 10. My colleague Johan Schrewelius and I put together this little script that can be run as a Schedule Task that download the definitions from Microsoft to the UNC path and update the package source files in a specific DP group.

The script can be downloaded here: https://onevinn.schrewelius.it/Scripts01.html

Here is how to use it:

1. To start with we create the following structure, “Defender Definition“, with two underlying leaflets for each architecture, on our Package-share to which we can download the definition files:
Windows_Def1

2. Download the script from the link above and place the script in any folder, for example. “C:\Scripts”
Windows_Def2 3. Then we create the Package that will be used in Configuration Manager as wee need the PackageID in the powershell script to be able to update it when a new version is downloaded. Use the folder we created above as the package source, in this example:”\\CM2012R2\pkgshare$\Defender definitions”
WindowsDef_9

4. Then we select a Standard Program as well, we need three more if both Windows 10 i386 and X64 is used as wee need two for each architecture
WindowsDef_10

5.  Use the following command  for the first x86 program “mpam-fe.exe” with the command line x86\mpam-fe.exe as shown below, we cannot browse as we haven’t downloaded the files just yet. There are two files per architecture that needs to be installed.

WindowsDef_11

6. Limit so that the application can only be run on 32-bit Windows 10.
WindowsDef_112

7. Create three more programs one more for x86, the command line for the second x86 Program should be x86\nis_full.exe. Then it should look like this.

WindowsDef_16

8. Then we create two more programs for X64 with the same commands but run from the x64 folder instead. So it looks like this in the console.

WindowsDef_161

9. Then we distribute the content to a Distribution Point Group

10. Now we can have a PackageID as well for the package which can be found in the Configuration Manager Admin Console, in this example 06000159
Windows_Def162

11. Now we edit the script that we placed in the C:\Scripts folder and change the following lines to reflect our environment.

Windows_Def172

12. Now we create a Schedule Task that will download the definition updates and update the package on the DP’s in the Distribution Point Group.

WindowsDef_4

13. Schedule it to run it daily at 5 AM

WindowsDef_5

14. Use the task “Start a program“

Program: Powershell.exe

Arguments: -NoProfile-ExecutionPolicy ByPass-File C:\scripts\DownloadDefenderDefinitions.ps1

WindowsDef_6

15. Then we can test the Schedule Task to make sure everything works by right-click the new event “Download Defender Definition” and select Run:

WindowsDef_7

16. Examine the contents of both x 86 and x 64 leaflet under ‘Defender Definition“, they should now contain two files each with name as shown.

WindowsDef_8

17. In the Configuration Manager Admin Console check the content status for the Package so that it was updated successful.
Windows_Def173

18. Then we add the steps to the Task Sequence to install the updated definitions
Add a new group “Defender Definition Updates” in the TS and restrict this to Windows 10 (32-and 64-bit).

WindowsDef_17

19. Then we add the four programs that should be run, restrict them to run only on the correct architecture.

WindowsDef_19

Then we are ready to deploy Windows 10 including the latest Windows Defender updates.

 

 

  • Definitions update
  • OSD
  • Powershell
  • Windows Defender Definitions
  • 4 thoughts on “Download and deploy Windows Defender Definitions for Windows 10 during OSD”

    1. Steve says:
      July 14, 2016 at 4:41 am

      This works great if I run the script manually, but running it from Task Scheduler doesn’t seem to do anything, no PowerShell process even starts. I’ve gone over it all for typos and can’t find anything – any idea what I might’ve missed?

      Reply
    2. Chris Molstad says:
      September 25, 2017 at 4:16 pm

      Jörgen,
      We’re running into a problem where sometimes the task fails to download the large files. I think it’s a spotty internet connection. Anyway, my PowerShell skills are lacking, do you know what I would add to the script to have it retry if it fails?

      Reply
    3. Raghav says:
      October 23, 2018 at 12:29 pm

      Hello Jorgen, I’m getting access denied when the definition runs on the client machine. When the computer account is added as the local admin to the SCCM server where the updates are, the deployment succeeds. It will not be practical to get all computer accounts to be a local admin on the SCCM server. Is there another way to get around this? Any help is appreciated. TIA

      Reply
    4. Pingback: Resolved: Trying to update windows defender from UNC path continuously fails - Resolved Problem

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
    All code is provided "AS-IS" with no warranties.

    Tweets by ccmexec

    Recent Posts

    • Configuring MS Edge Security Baseline v107 using Settings Catalog
    • Configuring Desktop App Installer using CSP and script?!
    • Customizing Taskbar and Start in Windows 11 22h2 with PowerShell
    • MMUGSE – physical event 2022-10-19 @Microsoft Reactor Stockholm.
    • Switch to Private Firewall profile on AAD joined when connected to specific network.

    ©2023 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
    This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
    Privacy & Cookies Policy

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT