@pf100 defender definition update with cmd is using 4.7 MB data each time when i check for updates even though i've latest definitions. on the other hand, with defender gui it uses only around 200 KB to tell i've latest definitions, and thats when if you check updates after some hours (i dont know correctly how many hours) but if you check updates just after you already checked updates in that case it uses only 10 to 20 KB.( in this case last definition check time doesnt change in gui) and i'm on 32 bit win 10 1803 so i would say checking updates with cmd is not a good idea bcoz its wasting bandwidth.
@ShiningDog, I agree when using MpCmdRun.exe. Let's try something different that makes Defender itself update using MSASCui.exe. I think this might work.Try these with updates turned on with configurator: Opens defender and starts update just like you clicked the "update" button: Code: @echo off Color 1F Title WUMT Wrapper Script Defender Updater 2.2.9 echo Press a key to update Windows Defender definitions echo or close window to cancel... pause > nul Start "" "%programfiles%\Windows Defender\MSASCui.exe" -update Same thing, except Defender doesn't pop up: Code: @echo off Color 1F Title WUMT Wrapper Script Defender Updater 2.2.9 echo Press a key to update Windows Defender definitions echo or close window to cancel... pause > nul Start "" "%programfiles%\Windows Defender\MSASCui.exe" -update -hide
thanks @pf100 it seems that -hide switch is not working. with -hide switch defender still pops up and updates are not happening. but without -hide switch, updates are happening but with problem that defender pops up.
@pf100 looks like solution is near. previously we rejected Code: "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate -MMPC to update definition bcoz it was using high (4.72 MB even if you already have latest definition) bandwidth. but we can use it without -MMPC source Code: "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate with this cmd it uses same (few KB if you have already have latest definition) bandwidth as MSASCui.exe in past i found that configurator set to D, you can still update definition with defender gui. but today it is not working mysteriously. with config set to d, i tried gui and "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate, and %programfiles%\Windows Defender\MSASCui.exe" -update they all are not working. although they are all working fine in config set to e. but with -mmpc as source, updates are working even with config set to d. so finally i think that if user wants to set config to d and still wants definition update in that case -mmpc as source can be used as only method to (auto) update definition.(uses high bandwidth) but if user decide to set config to e and wants to use defender definition auto update, in that case mpcmdrun.exe cmd can be used without -mmpc source.(uses low bandwidth) so i suppose you might want to make 2 different task scheduler to auto definition update. about task scheduler trigger time to update definition. i want to suggest that it should trigger after every 12 hours and "only when user is connected to internet". and im saying it based on my knowledge that defender update its definition every 24 hours or so.
@ShiningDog Thank you for that. With the info you posted I've come up with a script that works with either [D] or [E] selected in Configurator and uses "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate either way. It only elevates if Configurator is set to [D] in order to manipulate wub.exe. Otherwise it doesn't have to elevate. Let's let some more people test this for a few days just to check if any bugs pop up (which I doubt, I think the basic premise is sound), and I'll use it for a basis of either a task or leave it as a script (that's another scenario to deal with at another time). I'm just glad to get this defender update problem fixed and you were a big help. *This script has to be in the same folder as the wrapper script and wub.exe* DefenderUpdate.cmd Code: @echo off Color 1F Title WUMT Wrapper Script Defender Definitions Updater 2.2.9 echo Press a key to update Windows Defender definitions echo or close window to cancel... pause > nul cls if exist "%~dp0wub.exe-backup" goto wuboff :::::::::::::::::::::::::::: set "params=Problem_with_elevating_UAC_for_Administrator_Privileges"&if exist "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs" fsutil dirty query %systemdrive% >nul 2>&1 && goto :GotPrivileges :: The following test is to avoid infinite looping if elevating UAC for Administrator Privileges failed If "%1"=="%params%" (echo Elevating UAC for Administrator Privileges failed&echo Right click on the script and select 'Run as administrator'&echo Press any key to exit...&pause>nul 2>&1&exit) cmd /u /c echo Set UAC = CreateObject^("Shell.Application"^) : UAC.ShellExecute "%~0", "%params%", "", "runas", 1 > "%temp%\getadmin.vbs"&cscript //nologo "%temp%\getadmin.vbs"&exit :GotPrivileges :::::::::::::::::::::::::::: echo Checking for Windows Defender Definitions update. echo There will be no progress indicator until definitions echo update is completed. echo This may take a while so please wait. & echo. "%~dp0wub.exe" /e >nul 2>&1 "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate "%~dp0wub.exe" /d /p >nul 2>&1 echo. & echo Windows Defender has completed checking for updates. echo Press a key to exit... pause > nul exit :wuboff echo Checking for Windows Defender Definitions update. echo There will be no progress indicator until definitions echo update is completed. echo This may take a while so please wait. & echo. "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate echo. & echo Windows Defender has completed checking for updates. echo Press a key to exit... pause > nul
thanks @pf100 i'm waiting for a task scheduler for this defender update. meanwhile i've some more feedback. when configurater set to e, i think scheduled task for wub should also be removed, bcoz there is no need for it?? i think Windows Update MiniTool.cmd should be renamed to WUMT Wrapper script.cmd so it can make more sense. sorry if im thinking too much
It'll be pretty easy to modify the DefenderUpdate.cmd script to work silently as a task twice a day and I plan to do that as soon as I get time. I haven't heard any bug reports from the DefenderUpdate.cmd script so it looks like it's ready to be incorporated as a task in the next version of the script. By the way, that task will fail if defender is disabled, which leads me to your next thought: The wub_task thing is not really an issue. It only runs at boot and just doesn't do anything when the configurator is set to E. It's not using any resources and needs to be there in case someone leaves settings in the configurator to D. Look at at this way: the wrapper script keeps a lot of useless tasks from running and it doesn't slow the computer down any or cause hangs or anything. If you haven't already, look at all the failed update orchestrator, waasmedic, sih, and other tasks in task scheduler when using my script. If that was any kind of problem we'd know by now. Same thing as wub_task failing when configurator is set to E. No harmful effects. About the name of the script, no matter what I name it, when I submit it to Major Geeks they rename it to Windows Update MiniTool.cmd. That's how that name got started. I don't like it, but that's just the way it is. So I just keep it named that for consistency. And you're not thinking too much. If I don't get input, the script isn't as good as it could be. I welcome any comments or ideas and I appreciate your help.
Once again, you save the day! (I hope you don't mind me repeating part of your email and my reply to you here for informational purposes) From rpo to me: I used a vb file to generate vdu.xml because i encountered issue when using directory names with "exotic characters" as letters with accent. From me to rpo: Thank you (rpo). I would never have known about the "exotic character" issue until I found out the hard way, and even then I wouldn't know what to do about it. Working on the next update, I've wasted a lot of time on this as a cmd run as a task for reasons I'll explain here: ************** (My original concept of WDU.cmd run by a task simplified) If defender is running ("%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate) else (exit) ************** Running the sc command with defender enabled, the result is: Code: C:\Users\User>sc query windefend SERVICE_NAME: windefend TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 So Code: for /F "tokens=1 delims=: " %%H in ('sc query "windefend" ^| findstr " STATE"') do ( if /I "%%H" NEQ "4" ( "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate) ) But from what I've been reading about "STATE : 4 RUNNING" The number "4" could be a different number under certain conditions even if it's running, and RUNNING can't be used because it'll be different in a different language. My reasoning for taking that approach was that if defender is disabled, running ""MpCmdRun.exe" -SignatureUpdate" is a waste of resources, but it really doesn't matter, does it. But as soon as I hit a wall with this approach, your code arrives as if sent by some deity. So now I think I'll forget about all that and use your solution instead.
Funnily I have my own both machines running Windows 8.1 in English. My ext. HDD with 8 vms are in English as well. lol Otherwise I'd be glad to help you out on this. Edit: wait I remember having a spare hdd with a Spanish install, hang on... Edit2: Nah man, installation corrupted. lol. Sorry.
Thanks for trying. @s1ave77, or @tiger-1, you use non-english Windows, could you run "sc query windefend" and post the results please?
Code: C:\WINDOWS\system32>sc query windefend SERVICE_NAME: windefend TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
Thanks @s1ave77. And this is Portuguese? I wonder what's up with the what the Spanish Windows guy said about "STATE" being "ESTADO"? I'm seriously confused now. Anyway, until I solve this mystery one way or the other, I'm pushing out the next release with the code @rpo sent me and I'll worry about this other stuff later. What @rpo sent me "Just Works™".
Maybe something along these lines may help? Code: REM Check Service state for windows defender. REM WMIC call returns TRUE is running/started FALSE if not running/stopped SET "State=" FOR /F "tokens=2 delims==" %%S in ('"wmic service where name='windefend' get started /Value" 2^>nul') DO SET "State=%%S" if /I "%State%"=="TRUE" ( echo Service is running. REM do something here.... ) if /I "%State%"=="FALSE" ( echo Service is not running. REM do something here.... ) REM other code here...