I'm using Windows 10 Pro 18363.778. I would like to give an automatic approval to Windows to download and install Security Intelligence Updates for Windows Defender Antivirus, without any human interaction. But I'd also like to keep the deferrals I have set for quality and feature updates. Is there a way to do this?
Last edited by abacus; 22 Apr 2020 at 14:56.
1. It depends on how you have set deferrals
If for instance you have paused updates then that pause, as far as I know, does not apply to Defender updates
Enable or Disable Pause Updates Feature in Windows 10
2. That said although I know you have asked for how to set automatic - it is I think far easier to simply open settings
update and security
Windows security on left pane
Virus and Threat Protection on main pane
and scroll down on new window to
check for updates
3. The reason I say that is because even if you could configure it by batch file or in GPEditor
I think you may find that Windows 10 will either simply ignore those settings OR you will start to experience problems
4. Actually I think you may be better leaving ALL updates for Windows ON
and then setting active hours to suit
that is settings Windows update
so that the device is not restarted during those hours, even if you are only on desktop
5. AND setting bandwidth which is
Windows update
advanced options
delivery optimization
advanced option on that window and then you get to bandwidth settings for background and foreground
6. Hope you find it useful. Not as I said what you asked, but I think it is the best method.
I presume you mean that in advanced settings you have set a number of days to defer quality updates and to defer feature updates and that you have not made any other changes, such as configuring Automatic Updates in the group policy editor.
Windows Update - Defer Feature and Quality Updates in Windows 10
I have just set those two defer options on my Pro system, then checked for updates. The latest definition update was downloaded, so those two setting appear to have no effect on defender definitions. Yours should continue to download automatically regardless of either of those defer settings.
[QUOTE=Bree;1893156]I presume you mean that in advanced settings you have set a number of days to defer quality updates and to defer feature updates and that you have not made any other changes, such as configuring Automatic Updates in the group policy editor... /QUOTE]
That's true. What happens is that in the notification area, I get an icon and upon clicking it I get a message that there are updates which are for Windows Defender. I can click "update" and the update occurs. I'd rather not get that notification and get the updates without having to click "update"; but I want to keep deferring feature and quality updates.
I use Task Scheduler to run a VBScript file that will automatically install Windows Defender updates in the background.
Reference: Using CMD script and VBScript to control Windows Update
The scripts make it possible to do the following:
Are you sure you haven't run gpedit and configured Automatic Updates at some time in the past? That is the behaviour I get for all my updates (by choice) because I have Automatic Updates configured for 'Notify to download and auto-install'. That policy should be set to 'Not Configured' for the default daily check, automatic download and automatic install.
Look in gpedit under Local Computer Policy > Computer Configuration >Administrative Templates > Windows Components > Windows Update.
Well, I was sure but I was wrong. I have that policy set to 2 - Notify for download and auto install.
If I change that policy to "Not Configured", leave my update deferrals set to 365 for feature updates and 30 for quality updates, would the effect be to retain the deferrals, and to have automatic installation ONLY of Defender updates? Or would other stuff install automatically also? If other stuff would install occasionally, is there any reason not to allow that? Note: I like feature and quality updates to be beta tested by others before I install them.
thought that might be the case....
With that policy set to 'not configured' windows update will by default automatically check for updates approximately* once a day and install any it finds automatically. Even the Quality and Feature updates will install automatically, but they will not be found by windows update until the defer period you have set for them has expired.If I change that policy to "Not Configured", leave my update deferrals set to 365 for feature updates and 30 for quality updates, would the effect be to retain the deferrals, and to have automatic installation ONLY of Defender updates? Or would other stuff install automatically also? If other stuff would install occasionally, is there any reason not to allow that? Note: I like feature and quality updates to be beta tested by others before I install them.
The are very few other types of updates, most of them being for security purposes, like the defender definitions. The others that come to mind are Defender platform updates, Flash updates and of course the Malicious Software Removal tool. I would not expect your defer settings to apply to them either (just to Quality/Feature updates) but I can't see any harm in letting them install.
* to be precise, it's 22 hours, plus a random delay of up to 4 hours (to spread the load on the update servers).
Thanks to all who posted; all were helpful and useful ideas. I'm going to try Bree's ideas first. I'll post back results.
Defender Updates now install automatically with Bree's suggested change in Group Policy. Thanks!
Quote
