Patch Lady – Defender makes a change

So earlier I was helping on a thread in the forum about some issues with failing defender updates on Small Business Server 2011 platforms. [For anyone who is interested, SBS 2011 was once a featured small business platform that provide file server and email services for small businesses – this was pre-cloud, you know].  The symptoms that was reported that defender updates were failing.  Well first I was scratching my head because Defender wasn’t installed by default on Server platforms back then. While Server 2016 now ships with Windows Defender enabled, Server 2008 R2 – of which SBS 2011 was based – didn’t have Defender installed.  I realized after doing some searching and confirming with the people in the forum that Defender COULD get on Server 2008 R2 if one enabled the Desktop Experience role.  And that role would be wanted if you wanted to run disk cleanup on Server 2008 R2 (note you also get this on Server 2008 R2 by copying  some files to get it to work as well).

So the question came up as to what exactly changed in Windows defender to suddenly make the definition updates fail on Server 2008 r2 whereas before it once worked?  And then in the dark recesses of my mind it hit me.  Yes.  Defender HAD made a big change.  And quite recently in fact, thus triggering this failure.

As noted back in January,

Starting March 1, 2018, Windows Defender Antivirus and other Microsoft security products will classify programs that display coercive messages as unwanted software, which will be detected and removed. If you’re a software developer and want to validate the detection of your programs, visit the Windows Defender Security Intelligence portal.

AH HA, that explains the recent change.

If you happen to be a Small Business Server 2011 admin and notice that defender updates are failing, I would honestly just disable the service and then look for a third party antivirus to install on your server, as I stated in the forum, and I truly mean no disrespect, SBS 2011 is in extended support and defender was not meant in that era to be installed on Server 2008 R2.  Getting a fix would not be what I expect from Microsoft’s support policies for this product.

For the rest of us on windows 7, 8.1 and 10, be aware that effective March 1, 2018, if you happen to be running Windows defender on Windows 10 or Microsoft Security Essentials, any software that tries to trick you will be detected and removed.

As defined by Microsoft:

Software that coerces users may display the following characteristics, among others:

• Reports errors in an exaggerated or alarming manner about the user’s system and requires the user to pay for fixing the errors or issues monetarily or by performing other actions such as taking a survey, downloading a file, signing up for a newsletter, etc.
• Suggests that no other actions will correct the reported errors or issues
• Requires the user to act within a limited period of time to get the purported issue resolved

So look for more alerts on your system as these software programs get detected.