News Stay informed about the latest enterprise technology news and product updates.

Interesting Theory about Win10 Defender & Update Stacking

In my last post here, I observed the number and frequency of updates for Windows 10 arriving via an unthrottled and untrammeled Windows Update. By far, the biggest number of items in the 15-day list concerned Windows Defender, with well over half the individual events resulting in an update of some kind targeting that application. And in fact, Defender was the only application to regularly receive multiple updates in one day, and as many as three updates on some days.

“If at first you don’t succeed…” may be a mantra for overcoming difficulties; that said, it shouldn’t apply to a one-or-more-times-a-day update like that for Windows Defender.

This morning, I discovered that both of my test systems were failing to apply Updates related to Defender. Further investigation revealed that in cases where Windows Update delivers more than one Defender update at the same time (as was the case with Update Versions 1.197.2868.0 and 1.197.2856.0) queued up at the same time), an interesting pattern manifested itself. The first such update would succeed, but the second would fail producing a variety of different error codes along the way. The fix was bone-headed and time-consuming but it worked: although Defender doesn’t require a reboot following its updates (nor should a set of routine security and antimalware additions), a reboot after each update when more than one Defender update is queued up for application was the only way I could get them to apply themselves successfully.

Looking back through my update history through early May on both machines, I see 9 failures on the homebrew PC and 7 failures on the Dell Venu 11 Pro: all of them involve Windows Defender. There are no other update failures in either record, in fact, which suggests to me that Defender is a culprit (or perhaps, a victim) for some kind of update problem. I’ve reported this to MS through the Windows Feedback app, and see that this has been reported many times over the past three months or more. I hope this is something they’ll fix prior to the upcoming RTM release: it’s bad enough that some updates require reboots to complete their successful application; it’s worse when updates that shouldn’t require reboots end up demanding them to work around as -yet-unknown bugs in their normal application process.

[Note added 5/25: Since recording these observations a week ago, I’ve been able to reconfirm them on several occasions for both of my test machines. I’m not sure that constitutes a sufficiently large pool to make a quorum, but from my perspective this now looks less like an interesting anomaly and more like a bug, and I’m reporting it as such to Microsoft through the Windows Feedback widget.]