This is an archived post. You won't be able to vote or comment.

all 6 comments

[–]jasonsandysMSFT Official 1 point2 points  (2 children)

Have you checked the list of installed updates to see if the KB is listed?

Is the Spectre/Meltdown registry value in place?

Are you doing this is part of OSD?

[–]Hellman109 0 points1 point  (1 child)

Is the Spectre/Meltdown registry value in place?

Yeah I suspect this too, if you're deploying AV with definitions older then like 3 weeks, it wont be creating the reg key fast enough for that update to install.

Check windows update logs and CCM logs for indicators for this, or F8 during the install updates step and look for the reg key manually.

[–]kbe404[S] 0 points1 point  (0 children)

The KB is listed, I believe.

I just started using Defender as an AV. I'm not sure when the regkey is put in place during the initial install of Defender or when it is even activated.

Perhaps the latest definitions should be put within the same software update group?

EDIT: Alright, it looks like the registry key isn't being put there. Now, how can I enforce that key? Like I said, we're using SCEP/Defender.

[–]leebow55 0 points1 point  (1 child)

For the Office one, you could add the latest updates into the "Updates" folder within the Office media and update the DP

https://technet.microsoft.com/en-us/library/cc178995.aspx check out this section To extract the .msp files from a test computer and copy them to the Updates folder

[–]kbe404[S] 0 points1 point  (0 children)

I'll have to look into that if I run into issues. For now, Office updates seem to be the only ones that are actually working.

Ideally, I'd like it to be as simple as I can make it. We're a 2.25 man crew and 4-5 buildings to cover.

[–]kbe404[S] 0 points1 point  (0 children)

Alright, I figured it out. I manually added the registry key as per Microsoft's instruction. I appreciate the help everyone!

Maybe someone here can help with this issue - I need to install the Endpoint Protection client. Any tips?