Automatically push Windows Defender signatures to clients

Hello,

Is there a way to automatically create a policy for Windows Defender signatures that we create using the Wizard from EndPoint Protection?

Right now, I use the Windows Defender Wizard to create a fixlet for the latest signatures and then push it to all the machines. I want a way to be able to automate this every night.

Thank you,
Jennifer

I am not familiar with the Windows defender signatures fixlets, however if you have a way to edit and modify an existing fixlet (or an action) then you can use the REST API to do it programmatically. Your program should be able to edit/change an exported fixlet, then run the REST API (import; action) to push it at the wanted scheduled time.

For a fixlet, the actionscript goes something like

waithidden “{value “InstallLocation” of key “HKLM\Software\Microsoft\Windows Defender” of native registry as string & “MpCmdRun.exe”}” -SignatureUpdate --MMPC

But doesnt defender get an update automatically every 4 hours ?

Thank you, Pete!! I’ll test the script out.

We’ve stopped the automatic updates and our machine doesn’t have internet access. So pushing the latest signatures through BigFix is the option we want to go with.

Ahh… ok well that wont work for you then as all it does is to tell Defender to go out and collect the signatures from MS

Is there any other way this can be done then?

I guess you create to fetch https://www.microsoft.com/en-us/wdsi/defenderupdates every 4 hours and then apply it to all windows machines that are relevant
So you could use the Windows Software deployment Wizard to create that fixlet and then add some relevance to check the date/time of the last installed signature and apply it and set the execution to run every 4.5 hours or so

Thank you, Pete!!
I created a Task to execute the “MpCmdRun.exe -removedefinitions -dynamicsignatures” and “MpCmdRun.exe -SignatureUpdate” commands and then ran it as a policy to execute every x number of hours.

1 Like

Hey, vhenry. Could you give me more details on how exactly you did that? I am trying to to the same.
Thank you. Did you use powershell commands?

See if this is past forum posting of any help for you.

1 Like