It looks like the Windows Defender in Windows 8 won't upgrade the signatures automatically, if Windows Update is set to "Notify, but don't install the upgrades".
Is my impression real? Is there is a fix?
I don't like automatic updates as I don't want to install useless updates like the ballot screen or something else, I want to choose.
Since Defender updates are delivered with Windows Updates, then just like other Windows Updates, if you have it set to Notify Only, it will wait until you OK it.
From the Windows 8 Help and Support regarding Defender:
To help keep your definitions up to date, Windows Defender works with Windows Update to automatically install new definitions as they're released. You can also have Windows Defender check online for updated definitions before scanning.
According to that, you can also have Defender do an (extra) check for definitions before starting a scan but. There is no UI control for that available, but you can easily modify how the scheduled scan is launched and with what options Windows Defender is working. The system calls MpCmdRun.exe, which has quite some command line flags. Here is how you modify it to update the signatures before the scheduled scan:
Open the Scheduled Tasks UI and search in the library for Microsoft\Windows Defender.
Change the command line flags (for the task MP Scheduled Scan) to:
SignatureUpdate Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
Done. Now Windows Defender will update it's signatures before it does a scan.
Nope, Windows defender gets its virus signatures via Windows Update. If you read this Microsoft documentation you will see they make mention to updates taking place via WSUS (this is just a corporate front end for Windows Updates).
I don't want Windows to update automatically, so I created an old time batch file to update Windows Defender, without updating Windows.
https://docs.google.com/open?id=0B_SFfC0m5rI0TE16NXB3a0doLVk (bat file)
You can put it in: C:\Users-your username-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Or just click to run it.
This is pretty stupid to tie in updates for the OS to the updates for the security software (when the former happens once a month and the latter one -- once a day.) But, we're dealing with Microsoft ...
I couldn't seem to find an easy way to make Windows Defender auto-update itself on my Windows 8.1, so I came up with this solution:
Go to Control Panel -> (Switch to classic view) -> Administrative Tools -> Task Scheduler.
Set up a recurring daily task to run the following command (with double-quotes):
"C:\Program Files\Windows Defender\MpCmdRun.exe"
with the following arguments:
-SignatureUpdate
I personally set it to run at 9 AM daily, but you can pick your own time.
PS. I know, Microsoft Task Scheduler is an obtuse creature that needs a long tutorial of its own, but the good thing is that you have to deal with it only once.
One fix is to bookmark this page and download the latest definitions for defender and install them manually on a regular basis.
Someone could possibly script this download and install procedure and set it as a task to run regularly, beyond my skills though.
