Tech Support Guy banner
Status
Not open for further replies.

Windows Defender not updating through Windows Updates

10K views 158 replies 6 participants last post by  Cookiegal 
#1 ·
I have my Windows Updates set to notify me and then I check them and install them daily so they aren't downloded automatically. Since October 11th Windows Defender hasn't been appearing in Windows Updates. I've tried some troubleshooting so I'll give some history and explain what I've done so far without success.

October 11, 2021 was the last update of definitions I got through Windows Updates properly.

I didn't receive any on the 12th but it happens at times that there are none for a day so didn't think anything of it.

The next updates (not for Windows Defender) that did come through were:

October 13 - October 2021 Security and Quality Rollup for .Net Framework KB006763
October 13 - Windows Malicious Software Removal Tool x 64 (KB890830 as always)
October 13 - October 2021 Security Monthly Quality Rollup for Windows 8.1 x64 (KB5006714)

Still nothing for Windows Defender. I began to wonder why and was going to look into it but hadn't yet and then I got a pop up message saying my WD was out of date on the 18th. So I updated it manually from the user interface and thought that might trigger it to start working again and it seems it did because I received updates the proper way on :

October 19 - Windows Defender update came through updates as usual
October 20 - Again the update came through as usual

So I thought it was fixed but on the 21st I didn't get any again. I checked online to see what the latest version was and it was later than what I had so it had stopped working again.

At this point I ran the Windows Update troubleshooter. It said it fixed few things in the configuration so I thought that would take care of it but it did not.

So I started looking at other things to try. I went to the Microsoft download site and downloaded the definitions update file for the 64-bit version of Windows 8.1 and I thought it wouldn't work because it didn't seem to do anything when I clicked on it as I only had the circle for a couple of seconds but it turns out it did because WD was updated to the latest version after doing that. I thought that might fix the problem but it didn't either.

So I decided to check the Event Viewer for errors and there was one for Windows Updates which seems to indicate a problem with the Windows Update Agent. The Event ID: 25 error says "Windows Update failed to check for updates with error 0x8024000E". I checked to make sure I had the proper version of the Windows Update Agent (KB2919355) installed by verifying the version of the wuadeng.dll file and it was version 7.9.9600.19915 that was last updated on December 14, 2020 which seems to be the correct one.

I checked for updates manually from the Control Panel and then I got the following Information events in the Event Viewer for Windows Updates:

Event ID: 26 "Windows Update successfully found 0 updates
Event ID: 26 "Windows Update successfully found 7 updates
Event ID: 40 "An update was detected" (7 entries so I assume one for each of the 7 found updates).

The above all occur every time I run Windows Updates manually.

So that's where I'm at now. I know there are other measures to be done like stopping services and whatnot but thought I'd ask for some direction on the next steps to try. For sure malware is not an issue. I ran MalwareBytes and also used FRST to make sure there was nothing suspicious.

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 8.1 Pro, 64 bit, Build 9600, Installed 20140310170059.000000-240
Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz, Intel64 Family 6 Model 60 Stepping 3, CPU Count: 4
Total Physical RAM: 8 GB
Graphics Card: Intel(R) HD Graphics 4600, 1024 MB
Hard Drives: C: 917 GB (795 GB Free);
Motherboard: LENOVO SHARKBAY, ver 0B98401 PRO
System: LENOVO, ver LENOVO - 1480, s/n MJ00CJ6B
Antivirus: Windows Defender, Enabled and Updated
 
See less See more
#2 ·
I ran the troubleshooter again and the same message was found:

windows update components must be repaired

One or more Windows Updates components are configured incorrectly.

It says it repaired them but never seems to. I'll see if anything comes through tomorrow.
 
#6 ·
OK. I've been busy on and off throughout the day and meant to suggest it earlier, then forgot. I do that from time to time ... ;-)

<fingers crossed>
 
#7 ·
Those things take so long to run I may just try a system restore back to October 11th.

I'm waiting for an Eset online scan to finish. I thought I'd do that as a last measure to check for malware. So far it's been running for quite a while and it hasn't found anything. I don't expect it to but thought it can't hurt.
 
#10 ·
So I found this fix to run the following commands and tried it this morning:

net stop cryptsvc
net stop bits
net stop wuauserv
ren %systemroot%\softwaredistribution softwaredistribution.bak
ren %systemroot%\system32\catroot2 catroot2.bak
net start cryptsvc
net start bits
net start wuauserv

When I rebooted the computer as instructed after doing the above it took a long time to start back up with stuff running constantly. I couldn't access the Task Manager to see what was going on or even open the Control Panel for a good ten minutes until everything finally settled down (when I finally was able to open the Task Manager the disk was still showing at 100%). Then I got alerts Windows Defender was off! Finally got that sorted. Then I opened the Control Panel and searched for updates and got an error 8024A000. But I tried again a bit later and it searched for quite a while and this time is found updates so it may have worked. they are still downloading. It wiped out my update history though but I guess that's a small price to pay. I'll have to see now if updates start to be detected automatically again tomorrow.
 
#11 ·
<fingers crossed>

I think it took longer to reboot because it was recreating those folders you renamed. If you look now, you'll see that those folders that you renamed exist again, but the files within have been refreshed with backups that had been kept elsewhere.
 
#12 ·
I'm sure you're right about that Mark and it should start up fine the next time.

That's got to be the most important part of the fix because I've run fixes that stop and start all of those services before and that didn't work. Like you said, fingers crossed. We'll know tomorrow morning. :)
 
#13 ·
I think Mark is correct about the folders and files being recreated and to do that it has to rebuild all the update information. I did similar steps a while back and it did take longer to restart.

Anyhow good luck for tomorrow Karen. (y)
 
#15 ·
So when I booted up this morning it took a while but it's because I hadn't rebooted after installing the updates that were detected. There were only two, one for Windows Defender and one for Edge. Funny thing, I tried to install Edge for Windows 8.1 last year but it failed because my PC froze during the installation so I had to abort it. Since I allowed the update, this morning Edge installed and I had to go through the set up steps for it. That's OK because I had wanted to have another browser just in case that was more reliable that Internet Explorer.

So far this morning it hasn't checked automatically for updates but I'm wondering if it's because I manually checked last evening and it's probably set to check every 24 hours or something like that. I checked on the Microsoft website for updates to Windows Defender and it showed a new one today for today at 7:24 a.m. and now it shows yet another for 9:24 a.m. The times are always ahead of when I check. I know there's a time difference but they are three hours behind me so when I checked at 6:59 a.m. it would have only been 3:59 a.m. there. So I don't understand the time thing.

I think I'll wait another 24 hours and not do any manual checking or updating of Windows Defender to see if it detects them tomorrow morning. It won't hurt to not have the latest definitions for a short period of time.
 
#19 ·
So it didn't work. :(

Farbar Service Scanner Version: 23-12-2020
Ran by Cookie (administrator) on 27-10-2021 at 09:34:17
Running from "C:\Users\Cookie\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll".

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll
[2016-02-27 09:46] - [2016-01-06 12:47] - 0146944 ____A (Microsoft Corporation) 501D5EFAB9711039479AE48401386D2B

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 08:27] - [2020-07-10 13:58] - 0231936 ____A (Microsoft Corporation) 80644B29E2B93A2967E72A3E0E948EA3

C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****
 
#20 · (Edited)
Karen, there are some weird things in the log.

Boot in Safe mode, and then please do the following:

1. Restore services

2. Run FSS again
  • Restart in normal mode.
  • Right click on the tool icon and run it as administrator, as you did before.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.
 
#22 ·
Karen,

Thanks for that. I missed it.

I edited the post above, taking the links for the Windows 8.1.

These are weird:

The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll".

[2016-02-27 09:46] - [2016-01-06 12:47] - 0146944 ____A (Microsoft Corporation) 501D5EFAB9711039479AE48401386D2B

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 08:27] - [2020-07-10 13:58] - 0231936 ____A (Microsoft Corporation) 80644B29E2B93A2967E72A3E0E948EA3

The dll for the wuauserv is not correct and the other two seem as they lost their digital signature.
 
#26 ·
So I decided to give it a go. I only did the first regfix because the other two and mine were already identical. There was a discrepancy in the first fix regarding "The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll" and that's been fixed now. But the other two issues remain. I don't know what the deal is with those.

New FSS log:

Farbar Service Scanner Version: 23-12-2020
Ran by Cookie (administrator) on 27-10-2021 at 18:02:06
Running from "C:\Users\Cookie\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll
[2016-02-27 09:46] - [2016-01-06 12:47] - 0146944 ____A (Microsoft Corporation) 501D5EFAB9711039479AE48401386D2B

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 08:27] - [2020-07-10 13:58] - 0231936 ____A (Microsoft Corporation) 80644B29E2B93A2967E72A3E0E948EA3

C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
#27 ·
These two are not signed but the numbers shown are the MD5s:

[2016-02-27 09:46] - [2016-01-06 12:47] - 0146944 ____A (Microsoft Corporation) 501D5EFAB9711039479AE48401386D2B

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 08:27] - [2020-07-10 13:58] - 0231936 ____A (Microsoft Corporation) 80644B29E2B93A2967E72A3E0E948EA3
 
#28 ·
Hi, Karen. I hope you are feeling better today.

The issue with Windows Update Service is fixed, but the service is not running. Go to Services, find Windows Update Service, double click and choose Start to start it.

I only did the first regfix because the other two and mine were already identical. I don't know what the deal is with those.
The other two reg files I asked you to run are supposed to fix these issues, restoring the related services.
 
#29 ·
but the service is not running. Go to Services, find Windows Update Service, double click and choose Start to start it.
That is only because I don't have it set to install updates automatically but rather to downloand them and then let me decide to install them. If I change that setting to update automatically the service starts and this is what the FSS scan log looks like:

Farbar Service Scanner Version: 23-12-2020
Ran by Cookie (administrator) on 28-10-2021 at 09:12:42
Running from "C:\Users\Cookie\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll
[2016-02-27 09:46] - [2016-01-06 12:47] - 0146944 ____A (Microsoft Corporation) 501D5EFAB9711039479AE48401386D2B

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 08:27] - [2020-07-10 13:58] - 0231936 ____A (Microsoft Corporation) 80644B29E2B93A2967E72A3E0E948EA3

C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

So the issue is still those two files and I haven't been able to figure that out yet. I won't do anything without suggesting it to you here first but I am researching to see if I can find the reason for the discrepancy on those two files.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top