My Windows 10 LTSC 2019 installation can't seem to update Windows Defender definitions. Although there are countless discussions online about definition update failures, I've tried every solution I could find but none seem to make any difference. Here's what I've tried:
To start, here's the error shown by Windows Update: https://lnk2.tk/snaps/2019-07-30_13.49.26.png (KB2267602, Error 0x80070643). Note that all other Windows Updates have been successfully installed - Defender definitions is the only "pending update" it finds.
The Windows Update troubleshooter doesn't find any issues
Trying to update via command-line (administrator):
"C:\Program Files\Windows Defender\MPCMDRUN.exe" -RemoveDefinitions -All
"C:\Program Files\Windows Defender\MPCMDRUN.exe" -SignatureUpdate
Yields error hr=80070643 (screenshot: https://lnk2.tk/snaps/2019-07-30_13.43.04.png), with MpCmdRun.log showing:
MpEnsureProcessMitigationPolicy: hr = 0x1
Start: MpSignatureUpdate()
Calling MpUpdateStartEx with option 0x1
Update started
Search Started (MU/WU update) (Path: https://fe2.update.microsoft.com/v6/)...
Search Completed
Download Started...
Download Completed
Download Completed
Installation Started...
Update failed with hr: 0x80070643
Installation Completed
Update failed with hr: 0x80070643
Search Started (Direct HTTP) (Path: https://go.microsoft.com/fwlink/?LinkID=851034&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=77BDAF73-B396-481F-9042-AD358843EC24&ostype=0&signaturetype=0&beta=1&plat=4.18.1907.4&OsVersion=10.0.17763.107)...
Download Started...
Time Info - ?Tue ?Jul ?30 ?2019 13:41:58 Download Completed
Installation Started...
Update failed with hr: 0x80070005
Installation Completed
Search Started (Direct HTTP) (Path: https://go.microsoft.com/fwlink/?LinkID=870379&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=77BDAF73-B396-481F-9042-AD358843EC24&ostype=0&signaturetype=0&beta=1&plat=4.18.1907.4&OsVersion=10.0.17763.107)...
Installation Completed
Update completed with hr: 0x80070643
ERROR: Signature Update failed with hr=80070643
Tried renaming SoftwareDistribution & CatRoot (per https://blog.pcrisk.com/windows/12817-windows-update-error-0x80070643). No change.
Trying to update from the Windows Security dialog (https://lnk2.tk/snaps/2019-07-30_13.50.22.png), it just shows "Checking for updates..." but then no change (i.e. definitions date never gets updated).
Manually downloading & installing mpam-fe.exe from https://www.microsoft.com/en-us/wdsi/definitions has no effect (no error or success message shown, Windows Security never shows the updated definitions)
sfc /scannow doesn't fix it
DISM /Online /Cleanup-Image /RestoreHealth doesn't fix it
I tried completely reinstalling Windows on top of my current installation, but the behavior is the same
Windows Defender itself is functional (i.e. I can do a Quick scan, and it completes) - it's only the ability to update that's broken.
I don't have any other antivirus/antispyware software installed
I used msconfig to reboot with Selective Startup, all non-Microsoft services disabled. Still failed to update, showing this error: https://lnk2.tk/snaps/2019-07-30_14.48.25.png
The PC is not connected to an AD domain.
I tried installing a fresh copy of Windows from the same installation media in a VM, then updating the definitions (to verify that the issue isn't i.e. Microsoft posting a corrupt definitions installer). I also fully updated this VM via Windows Update, removed the definitions with mpcmdrun.exe per above, & updated them again. This worked, confirming that it's not an issue of Microsoft posting a corrupt update file.
At this point I'm at a loss, as I've spent nearly 7 hours going through HowTos, KBs, & forum threads - all of which either suggest some combination of the fixes I've already tried or stop at a dead-end.
Any help would be greatly appreciated.
User contributions licensed under CC BY-SA 3.0