Windows server updates

[Ambrose_A]

I'm still new to servers but should windows defender have to be updated everyday? It seems like everyday I login to pulseway it says the definitions need to be updated, I'm worrying that defender isn't protecting my server. Could this be a bug with pulseway? Is there a way to force windows server 2016 to auto update defender?

[Electronics Wizardy]

I don't think its everyday, but there are pretty often updates, you need it to be updated to find the latest threats.

 

You can force updates with GP

 

 

[Oshino Shinobu]

You don't need to update it everyday, though really, the more frequently you can update, the better. 

 

Patching is often done monthly or quarterly. At work, we tend to have a quarterly patch session for customers unless there is an update that fixes or protects again a major bug that was just found. 

 

You can force/automate updates through a GPO, but getting it to only update Windows defender automatically can't be done through GPO alone as far as I know. You can use WSUS for managing updates and set it to auto approve Windows Defender definitions and then schedule them through GPO. If you're wanting to get more familiar with Windows Server, then that may be a good thing to set up.

[Jay Deah]

Daily updates are normal. It’s just the antivirus product updating its database of new viruses that get discovered.

[Ambrose_A]

Thanks, I was worrying that server wasn't updating at all do to some error either on my phone or in windows.

I don't like.the make sure it's always up to date since it's just me that does the up.keep in my stomach are time and the auto I will definitely try out that auto update.

[Jarsky]

It's not defender you're updating, its the virus definitions. And it should be updated at least every few days. 

In enterprise environments we push them out via CCM/WSUS, or if you have McAfee Trend then its via ePO or OfficeScan XG

 

Im on Server 2019 (i think 2016 is the same) so my definitions update automatically even though my Windows Update is set to manual. 

If that's not happening (i dont think that happens on 2012 or earlier), you could schedule a daily task under the Task Scheduler.

Run "C:\Program Files\Windows Defender\MpCmdRun.exe" with the Argument -SignatureUpdate and schedule it to check once a day.

 

Windows Security updates, I just do once a month on my Patching Day (when I do all my Windows & Linux server reboots)