Is there a way to automatically create a policy for Windows Defender signatures that we create using the Wizard from EndPoint Protection?
Right now, I use the Windows Defender Wizard to create a fixlet for the latest signatures and then push it to all the machines. I want a way to be able to automate this every night.
I am not familiar with the Windows defender signatures fixlets, however if you have a way to edit and modify an existing fixlet (or an action) then you can use the REST API to do it programmatically. Your program should be able to edit/change an exported fixlet, then run the REST API (import; action) to push it at the wanted scheduled time.
We’ve stopped the automatic updates and our machine doesn’t have internet access. So pushing the latest signatures through BigFix is the option we want to go with.
I guess you create to fetch https://www.microsoft.com/en-us/wdsi/defenderupdates every 4 hours and then apply it to all windows machines that are relevant
So you could use the Windows Software deployment Wizard to create that fixlet and then add some relevance to check the date/time of the last installed signature and apply it and set the execution to run every 4.5 hours or so
Thank you, Pete!!
I created a Task to execute the “MpCmdRun.exe -removedefinitions -dynamicsignatures” and “MpCmdRun.exe -SignatureUpdate” commands and then ran it as a policy to execute every x number of hours.