How to Fix Microsoft Defender Not Updating Automatically in Windows

When Microsoft Defender Antivirus is not updating automatically, you need to follow some diagnostic and troubleshooting steps to resolve the issue. Windows 10 and 11 utilize two primary mechanisms for updating Microsoft Defender: through Windows Update and directly via the Defender engine.

Mechanisms for Updates

1. Windows Update: Updates are downloaded and installed through Windows Update. You can view the update history in the Windows Control Panel by searching for the Security Intelligence Update (KB2267602), which is essential for both definitions and engine updates.
2. Defender Engine: The Defender engine also regularly checks for new antivirus signature updates from Microsoft servers.

In cases where updates fail to download or install, you might encounter specific error codes such as 80072f8f or 0x80072ee2. Before proceeding, ensure that your internet connection is stable and check your Windows Update policy settings. If necessary, resetting the Windows Update service can help with updates.

Checking Last Update and Settings

To determine when Defender was last updated, you can run the PowerShell command:

Get-MpComputerStatus | Select-Object AntivirusSignatureLastUpdated, AntivirusSignatureVersion | fl

Access the Windows Security app via the Settings app or with the command ms-settings:windowsdefender. The app provides the last update version and time under the Virus and Threat Protection Updates section.

If there’s an error indicating “Protection definition update failed (800704C6)”, troubleshooting steps should be pursued.

Diagnostic Steps

To troubleshoot Defender update issues, you can follow these checks:

1. Verify Configuration: Ensure the update task frequency parameters are set correctly:

   Get-MpPreference | Select-Object SignatureScheduleDay, SignatureScheduleTime

2. Check Services: Verify that Microsoft Defender is running and not disabled:

   get-service WdNisSvc, WinDefend, wscsvc | select name,status,starttype

3. Manual Update: Try to manually update the definitions:

   "%ProgramFiles%Windows DefenderMpCmdRun.exe" -SignatureUpdate

If issues persist, checking the update logs can be insightful. The update failure reason is typically logged in the %userprofile%AppDataLocalTempMpCmdRun.log file.

Connectivity Issues

If you receive an error like 0x8024401B, it may indicate connectivity issues. You can check if you can reach Microsoft Update servers using the following command:

tnc fe2cr.update.microsoft.com -port 443

Adjust your proxy settings if necessary:

netsh winhttp show proxynetsh winhttp reset proxy

Sometimes updating with corrupt databases can lead to problems. You can reset the antivirus definitions with:

"%ProgramFiles%Windows DefenderMpCmdRun.exe" -removedefinitions -all

Then update the definitions again with:

Update-MpSignature -Verbose

Group Policy Configuration

Group Policy settings could also interfere with updates. Run rsop.msc to see any applied GPOs related to Defender. Modify or reset them if necessary to ensure there are no conflicts.

Event Logs

Using Event Viewer can help you diagnose problems:

• Navigate to Applications and Services Logs → Microsoft → Windows → Windows Defender → Operational. Here, Event ID 2002 usually signifies a successful update.

Manual Database Installation

In some cases, manually installing updates can resolve persistent issues:

1. Download the update file from Microsoft updates.
2. Reset Defender settings:

   cd %ProgramFiles%Windows DefenderMpCmdRun.exe -removedefinitions -all

3. Run the downloaded file as an administrator.
4. Confirm the database is current with:

   Get-MpComputerStatus | Select-Object AntivirusSignatureLastUpdated, AntivirusSignatureVersion

By following these steps, you should be able to restore automatic updates for Microsoft Defender Antivirus effectively.