SCCM: Download and install latest Window Defender definitions

Home/OSD, PowerShell, SCCM, SCCM PowerShell, Uncategorized/SCCM: Download and install latest Window Defender definitions

SCCM: Download and install latest Window Defender definitions

In this blog post i want to share a simple method to make sure,that your SCCM clients install
the latest release Windows Defender Definitions.
If you have a world wide SCCM environment with many offices where there is high latency or low bandwidth, it can be a pain in the *** to keep distribution point up-to-date with latest
Windows Defender Definitions. This is do to Microsoft is releasing new Anti-virus Definitions multiple times a day. If you have to keep with the latest versions, you would constantly have a new release filling up the distribution queue.
Besides that you would have to constantly trigger WSUS Scan and sync. Which will take up a lot of resource on servers and databases associated with it.
I therefore created a simple but effective Powershell script, that will make sure that clients download the latest Windows Defender definitions directly from Microsoft.
The below script will increase internet activity, since each client will have to download latest definitions directly from Microsoft.

The intent of this script is to update Windows clients to latest Windows Defender version doing OSD installation.

I would NOT recommend using this script for updating existing client in your environment, since it will increase the WAN activity!
Fill free to use the script as you want or modify it to your needs đŸ™‚


<# download the Microsoft Forefront Client Security, Microsoft Forefront Endpoint Protection 2010 or Microsoft System Center 2012 Endpoint Protection antimalware definition update file for 64-bit versions of Windows Download mpam-feX64.exe #>
$url = "http://go.microsoft.com/fwlink/?LinkID=121721&arch=x64"
$output = "$PSScriptRoot\mpam-feX64.exe"
(New-Object System.Net.WebClient).DownloadFile($url, $output)
<# Forefront Endpoint Protection 2010 and Microsoft System Center 2012 Endpoint Protection Download nis_full.exe #>
$url = "http://go.microsoft.com/fwlink/?LinkID=187316&arch=x64&nri=true"
$output = "$PSScriptRoot\nis_full.exe"
(New-Object System.Net.WebClient).DownloadFile($url, $output)
#Install Mpam-feX64.exe
if(Test-Path $PSScriptRoot\mpam-feX64.exe) {
$Install_Mpam = Start-Process -FilePath "$PSScriptRoot\mpam-feX64.exe" -ArgumentList "-s" -PassThru -Wait
$Install_Mpam.HasExited
$Install_Mpam.ExitCode
} else {
Write-Host "mpam_feX64.exe does not exist"
}
if(Test-Path $PSScriptRoot\nis_full.exe){
#Install nis_full.exe
$Install_Nis = Start-Process -FilePath "$PSScriptRoot\nis_full.exe" -ArgumentList "-s" -PassThru -Wait
$Install_Nis.HasExited
$Install_Nis.ExitCode
} else {
Write-Host " Nis_full.exe does not exist"
}
# Detection method
$AntiVirusVersion = Get-MpComputerStatus
if ($AntiVirusVersion.AntispywareSignatureVersion -ge "1.323.362" -and $AntiVirusVersion.AntivirusSignatureVersion -ge "1.323.362")
{
Write-Host "Antivirus Definitions is succesfully installed"
}

About the Author:

Leave A Comment