Automatically push Windows Defender signatures to clients

vhenry · September 25, 2019, 7:57pm

Hello,

Is there a way to automatically create a policy for Windows Defender signatures that we create using the Wizard from EndPoint Protection?

Right now, I use the Windows Defender Wizard to create a fixlet for the latest signatures and then push it to all the machines. I want a way to be able to automate this every night.

Thank you,
Jennifer

FDA · September 26, 2019, 12:12pm

I am not familiar with the Windows defender signatures fixlets, however if you have a way to edit and modify an existing fixlet (or an action) then you can use the REST API to do it programmatically. Your program should be able to edit/change an exported fixlet, then run the REST API (import; action) to push it at the wanted scheduled time.

Pete_F · September 26, 2019, 2:34pm

For a fixlet, the actionscript goes something like

waithidden “{value “InstallLocation” of key “HKLM\Software\Microsoft\Windows Defender” of native registry as string & “MpCmdRun.exe”}” -SignatureUpdate --MMPC

But doesnt defender get an update automatically every 4 hours ?

vhenry · September 26, 2019, 4:18pm

Thank you, Pete!! I’ll test the script out.

We’ve stopped the automatic updates and our machine doesn’t have internet access. So pushing the latest signatures through BigFix is the option we want to go with.

Pete_F · September 26, 2019, 4:31pm

Ahh… ok well that wont work for you then as all it does is to tell Defender to go out and collect the signatures from MS

vhenry · September 27, 2019, 6:00pm

Is there any other way this can be done then?

Pete_F · September 30, 2019, 4:13pm

I guess you create to fetch https://www.microsoft.com/en-us/wdsi/defenderupdates every 4 hours and then apply it to all windows machines that are relevant
So you could use the Windows Software deployment Wizard to create that fixlet and then add some relevance to check the date/time of the last installed signature and apply it and set the execution to run every 4.5 hours or so

vhenry · October 8, 2019, 1:47pm

Thank you, Pete!!
I created a Task to execute the “MpCmdRun.exe -removedefinitions -dynamicsignatures” and “MpCmdRun.exe -SignatureUpdate” commands and then ran it as a policy to execute every x number of hours.

adeilson · April 3, 2023, 5:44pm

Hey, vhenry. Could you give me more details on how exactly you did that? I am trying to to the same.
Thank you. Did you use powershell commands?

SLB · April 3, 2023, 11:06pm

See if this is past forum posting of any help for you.