Discussion:
Defender Updates and WSUS
(too old to reply)
Simon Gronow
2006-06-15 06:16:48 UTC
Permalink
Hi Guys,


I have setup a WSUS for a customer, we have setup which updates to download
Xp, Defender, 2000, etc. and the Update Database on the File Server shows
the defender update form last night.


On the workstations they download all the Windows XP updates fine, but it
will not update defender in any way.


If we go to Windows Update via IE no problems, but other workstations report
in the Windows Update.Log 0 Updates.


On our internal WSUS no problems the update from this morning works fine.


We have Done KB 915105, run wsusutil deleteunneededrevision and
removeinactiveapprovals, renamed windows update.log

Still no good - Anyone got any ideas??


Help and Thanks
administrator
2006-06-15 07:18:02 UTC
Permalink
yes... i have your same problem although i make selection for defender in the
product category ...

hope that any one can help us in this problem
Post by Simon Gronow
Hi Guys,
I have setup a WSUS for a customer, we have setup which updates to download
Xp, Defender, 2000, etc. and the Update Database on the File Server shows
the defender update form last night.
On the workstations they download all the Windows XP updates fine, but it
will not update defender in any way.
If we go to Windows Update via IE no problems, but other workstations report
in the Windows Update.Log 0 Updates.
On our internal WSUS no problems the update from this morning works fine.
We have Done KB 915105, run wsusutil deleteunneededrevision and
removeinactiveapprovals, renamed windows update.log
Still no good - Anyone got any ideas??
Help and Thanks
Bill Sanderson
2006-06-15 14:39:04 UTC
Permalink
Here's my standard post from the Windows Defender support groups, courtesy
of Dave Mills:
------------------------------------------------
We've a new step by step, courtesy of Dave Mills from
microsoft.public.windows.server.update_services.

"Dave Mills" <***@nospam--djmills-dot-co.uk> wrote:

"Why don't I see any Windows Defender Updates in WSUS"

Definition updates for Windows Defender are available via WSUS but have to
be
added in the WSUS console before they become available (as does any product
or
classification that is added to the list made available by Microsoft).

First you must add the Product "Windows Update" to the list of Products and
"Definition Updates" to the list of classification. You do this in the WSUS
admin console/Options/Synchronisation Options.

Next you must arrange for any updates to be available for detections. By
default
the update metadata will be downloaded with the approval set to "Not
Approved"
so no clients will see the updates. You can change this default behaviour
on the
Options/Automatic Approval Options page. Simply add "Definition Updates" to
the
classifications list under "Approve for Detection". If you wish your can
also
approve for installation in the pane below. Please note though that update
metadata already downloaded will retain the status "Not Approved", only new
updates with be set to "Detect" or "Install" by these rules.

Finally if you want to change the approval of existing updates in the
metadata
you must do so manually in the WSUS admin console. To do this in the WSUS
Updates page create a "custom view", call it "Windows Defender" maybe and
select
the "Windows Defender" product. Chose the classifications you want although
there is little reason not to select all of them. Save the Custom View then
run
the report selecting "Any Approval" and "Any Time" and then click Apply to
list
the updates. You can then change the approval status as required for each
update.

Remember to decline superceded updates from time to time so that the
downloaded
content can be removed during normal housekeeping.
--
Post by administrator
yes... i have your same problem although i make selection for defender in the
product category ...
Simon Gronow
2006-06-16 05:53:21 UTC
Permalink
Thanks Bill,

I checked that we had Defender Picked and Deinitions Updates were picked +
Ensured that the Updates were approved for Download/Install. I forced
another update and then forced the check in Windows/Defender still no change


Any other ideas?


Rgds
Simon.
Post by Bill Sanderson
Here's my standard post from the Windows Defender support groups, courtesy
------------------------------------------------
We've a new step by step, courtesy of Dave Mills from
microsoft.public.windows.server.update_services.
"Why don't I see any Windows Defender Updates in WSUS"
Definition updates for Windows Defender are available via WSUS but have to
be
added in the WSUS console before they become available (as does any product
or
classification that is added to the list made available by Microsoft).
First you must add the Product "Windows Update" to the list of Products and
"Definition Updates" to the list of classification. You do this in the WSUS
admin console/Options/Synchronisation Options.
Next you must arrange for any updates to be available for detections. By
default
the update metadata will be downloaded with the approval set to "Not
Approved"
so no clients will see the updates. You can change this default behaviour
on the
Options/Automatic Approval Options page. Simply add "Definition Updates" to
the
classifications list under "Approve for Detection". If you wish your can
also
approve for installation in the pane below. Please note though that update
metadata already downloaded will retain the status "Not Approved", only new
updates with be set to "Detect" or "Install" by these rules.
Finally if you want to change the approval of existing updates in the
metadata
you must do so manually in the WSUS admin console. To do this in the WSUS
Updates page create a "custom view", call it "Windows Defender" maybe and
select
the "Windows Defender" product. Chose the classifications you want although
there is little reason not to select all of them. Save the Custom View then
run
the report selecting "Any Approval" and "Any Time" and then click Apply to
list
the updates. You can then change the approval status as required for each
update.
Remember to decline superceded updates from time to time so that the
downloaded
content can be removed during normal housekeeping.
--
Post by administrator
yes... i have your same problem although i make selection for defender in the
product category ...
Bill Sanderson
2006-07-25 23:54:59 UTC
Permalink
Sorry I don't get here often. There's now a formal KB article on this, but
I'm not sure it has anything not already posted:
http://support.microsoft.com/kb/919772
--
Post by Simon Gronow
Thanks Bill,
I checked that we had Defender Picked and Deinitions Updates were picked +
Ensured that the Updates were approved for Download/Install. I forced
another update and then forced the check in Windows/Defender still no change
Any other ideas?
Rgds
Simon.
Post by Bill Sanderson
Here's my standard post from the Windows Defender support groups,
------------------------------------------------
We've a new step by step, courtesy of Dave Mills from
microsoft.public.windows.server.update_services.
"Why don't I see any Windows Defender Updates in WSUS"
Definition updates for Windows Defender are available via WSUS but have to
be
added in the WSUS console before they become available (as does any product
or
classification that is added to the list made available by Microsoft).
First you must add the Product "Windows Update" to the list of Products and
"Definition Updates" to the list of classification. You do this in the WSUS
admin console/Options/Synchronisation Options.
Next you must arrange for any updates to be available for detections. By
default
the update metadata will be downloaded with the approval set to "Not
Approved"
so no clients will see the updates. You can change this default behaviour
on the
Options/Automatic Approval Options page. Simply add "Definition Updates" to
the
classifications list under "Approve for Detection". If you wish your can
also
approve for installation in the pane below. Please note though that update
metadata already downloaded will retain the status "Not Approved", only new
updates with be set to "Detect" or "Install" by these rules.
Finally if you want to change the approval of existing updates in the
metadata
you must do so manually in the WSUS admin console. To do this in the WSUS
Updates page create a "custom view", call it "Windows Defender" maybe and
select
the "Windows Defender" product. Chose the classifications you want although
there is little reason not to select all of them. Save the Custom View then
run
the report selecting "Any Approval" and "Any Time" and then click Apply to
list
the updates. You can then change the approval status as required for each
update.
Remember to decline superceded updates from time to time so that the
downloaded
content can be removed during normal housekeeping.
--
Post by administrator
yes... i have your same problem although i make selection for defender in the
product category ...
Simon Gronow
2006-06-19 11:12:16 UTC
Permalink
I found my fix.


My internal WSUS server has the WSUS files from March '06. I removed my
problem WSUS Server (From Jun '06) on the customers file server and then
installed the WSUS from March '06 and Defender now downloads correctly.


Thank God.


Rgds
Simon.


Ps. If you need the files let me know.
Post by administrator
yes... i have your same problem although i make selection for defender in the
product category ...
hope that any one can help us in this problem
Post by Simon Gronow
Hi Guys,
I have setup a WSUS for a customer, we have setup which updates to download
Xp, Defender, 2000, etc. and the Update Database on the File Server shows
the defender update form last night.
On the workstations they download all the Windows XP updates fine, but it
will not update defender in any way.
If we go to Windows Update via IE no problems, but other workstations report
in the Windows Update.Log 0 Updates.
On our internal WSUS no problems the update from this morning works fine.
We have Done KB 915105, run wsusutil deleteunneededrevision and
removeinactiveapprovals, renamed windows update.log
Still no good - Anyone got any ideas??
Help and Thanks
Bill Sanderson
2006-07-25 23:56:15 UTC
Permalink
Glad you found it--I know next to nothing about WSUS and certainly wouldn't
have caught that.
--
Post by Simon Gronow
I found my fix.
My internal WSUS server has the WSUS files from March '06. I removed my
problem WSUS Server (From Jun '06) on the customers file server and then
installed the WSUS from March '06 and Defender now downloads correctly.
Thank God.
Rgds
Simon.
Ps. If you need the files let me know.
Post by administrator
yes... i have your same problem although i make selection for defender in the
product category ...
hope that any one can help us in this problem
Post by Simon Gronow
Hi Guys,
I have setup a WSUS for a customer, we have setup which updates to download
Xp, Defender, 2000, etc. and the Update Database on the File Server shows
the defender update form last night.
On the workstations they download all the Windows XP updates fine, but it
will not update defender in any way.
If we go to Windows Update via IE no problems, but other workstations report
in the Windows Update.Log 0 Updates.
On our internal WSUS no problems the update from this morning works fine.
We have Done KB 915105, run wsusutil deleteunneededrevision and
removeinactiveapprovals, renamed windows update.log
Still no good - Anyone got any ideas??
Help and Thanks
Loading...