Windows Update – infinite loop

Topic

New Reply

Hello All,
I am still using Windows 7 on my home computers, due to several personal reasons.

Though I am not receiving any more OS and security updates since Jan 2020,
I continued to receive updates for
“Security Intelligence Update for Windows Defender Antivirus – KB915597” every few days
and “Windows Malicious Software Removal Tool” every month
and all these ran without any problem.

Last week, on July 9, by the initiative of my Internet infrastructure provider,
my router was replaced with a new one, to make it compatible with the new optic fiber
internet infrastructure.
Everything looked quite ok, and I even received one update for Windows Defender
and one for the monthly MRT, as described above, on July 13.

But, starting on July 16, all of a sudden, I started to encounter a very strange update issue:
The update for Windows Defender version 1.393.418.0 arrived and was installed successfully, and then, I found that the *SAME* update keeps arriving again and again,
and each time it installs successfully, as seen in the attached picture !
I even tried to use “Check for Updates” on the “Windows Defender” itself,
and this triggered an additional installation of the SAME version.

Checking the event viewer,  in the Windows System log I found several warnings like the following one:

BITS has encountered an error communicating with an Internet Gateway Device.
Please check that the device is functioning properly.
BITS will not attempt to use this device until the next system reboot.
Error code: 0x80040500.

Event ID: 16393

This is an error that I have *NEVER* encountered with the old router,
but it started to appear several times every day since the router was replaced !!!

And, the problem is the same in ALL my 3 computers, two desktop machines, connected
to the router through ethernet cable and one laptop, connected through Wifi.

I checked and found that, during the last day or so, there were several new Windows Defender signature files released by Microsoft, and, following the instructions on page

https://www.microsoft.com/en-us/wdsi/defenderupdates

I downloaded a file named mpas_fe.exe for updating Windows Defender to the last
version, which at that moment was 1.393.557.0.

I ran this executable and it worked without problems, and the Windows Defender
window showed the new signature version , but, if I tried to perform again a “Check for Update”, either from Windows Defender, or from Windows Update, it continues to keep installing again the *SAME* previous version 1.393.418.0 on which it remained stuck.

I read a lot of web pages describing the “full replacement of the Windows Update components”, some of them showing the issue as being extremely simple, others, on the contrary, describing it step by step in much detail, but not at all as a simple issue !

I know that, theoretically, there is probably no big risk in taking such a drastic step,
but I am however afraid that this might break a few other things.
Also, since Windows 7 is not receiving any more updates, I am not sure whether
it will be able “to reconstruct” all the Windows Update component structure
after wiping out the previous one.
Then, the same issue might occur again, as long as I don’t know how to fix
the 0x80040500 encountered by the BITS service …
The usual steps, like restarting the router and the computers were not helpful …

The less risky, but also less convenient could be to disable completely the Windows Update
automatic checks, and keep updating Windows Defender manually, as I did above …
extremely annoying, no question about that !!!

Anyway we look at this issue, it is an MS bug, regardless of the fact that Windows 7 is an old version …

And, as I understood from my browsing, the Windows Update ultra-complicated infrastructure remains pretty much the same
in the newer versions as well

I would be extremely grateful for any idea about what else can be tried for fixing this problem.

Thanks a lot in advance & Best Regards to all,
Iudith Mentzel

1 user thanked author for this post.

Microfix

Reply | Quote

Replies

Does the new router have any sort of extra security software? What is the brand of the router?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Hello Julie,
The brand of the Router is HT-360AX, which is something that they manufactured locally
( or, under local initiative anyway ), for supporting the optic fiber.
Today I read a little more about the issue, and it looks like there are more commercial criteria than technological ones …
As by their description, the Router does have some kind of “cyber-security” software
“related to it”, but, again, this “relation” is just a pretext for raising usage (rental) fees,
by “frightening” people that someone might steal their personal data …

What is the most intriguing for me is this new warning, logged repeatedly for BITS-client :

BITS has encountered an error communicating with an Internet Gateway Device.
Please check that the device is functioning properly.
BITS will not attempt to use this device until the next system reboot.
Error code: 0x80040500.

Event ID: 16393

I have never encountered something like this, and it started to appear several times per day, immediately after the router replacement …
This looks like kind of a “time-out” error of the PC trying to contact the Router,
with the direct result that the Download Manager of Windows Update, probably due to the improper connection and/or not enough band-width vs Microsoft’s central server,
ended by downloading a corrupted version of the update, which finally messed up the entire Windows Update components infrastructure …

The file  C:\Windows\Logs\CBS\CBS.log shows a lot of errors like the following:

“Failed to internally open package, [HRESULT = 0x800f0805 – CBS_E_INVALID_PACKAGE]

which shows that not just the update failed, but subsequent checks for update fail
to recognize which updates are needed, therefore the same update comes back again …

The WindowsUpdate.log specifies several times that “files are already downloaded and
also valid …. a “good joke” indeed …

Thanks a lot for any further ideas,
Iudith Mentzel

Reply | Quote

Microsoft has a bug updating Defender in the last days.
I just updated to 1.393.629.0 on my Windows 10.

1000 entries of failed 1.393.248.0

1 user thanked author for this post.

Microfix

Reply | Quote

Hi Alex,
As by the picture, it looks like all the updates with version 1.393.248.0 FAILED,
and, regardless of the failure reason, in such a case it is to be expected to see the same number
several times, it just shows that the Windows Update mechanism is working ok.
So, the same update continued to be offered until a following one superseeded it.

In my case, instead, all the occurrences seem to have been Successful, while they are not,
and no new version is offered at all.

If I installed manually a newer version, by running the mpas_fe.exe, it only updated the current version number of Windows Defender itself, but Windows Update does not know anything about this update, it continues “to reinstall” the same older update again and again, while in fact it is NOT able to check for newer updates …

This “history of updates” had become corrupted and I will probably have to clean it up,
together with the entire history of the Windows OS of several years …

For Windows Defender this is less relevant, because each new version superseeds the previous ones, but, for the Windows OS itself, I want to hope that , since no more OS updates are offered for Windows 7, it will probably not have to rebuild the entire history.

It looks to me that the updates history is stored in file …\SoftwareDistribution\Data Store,
and I have found somewhere on the web that clearing that file might also be able to correct the 0x80040500 error that I see logged for the BITS-client service …

Thanks a lot,
Iudith Mentzel

 

 

 

 

1 user thanked author for this post.

Alex5723

Reply | Quote

I have also noticed the behavior of multiple updates of the same Defender Definition files.

This started on 7-14-2023. I noticed that after installing an update using Windows Update, followed by a check for updates with WUMgr, the same definition file is ready for update. If I run:

“C:\Program Files\Windows Defender\MpCmdRun.exe” -SignatureUpdate

the same update will be installed again. It used to say “No updates needed.” if the update had already been installed.

All my updates were installed “Successfully”

 

 

Reply | Quote

Hello JC,

In my case, if I updated manually (by running mpas_fe.exe )  for a newer version,
then it updated the signature of Windows Defender, but the Windows Update does not know about this.
When pressing “Check for Update” on the Windows Defender window, it says that the signature is up-to-date, but, however, it “calls” Windows Update”, which installs yet another occurrence of the older version.
So, neither Windows Defender not Windows Update are able to locate the presence of a few even newer versions.
When everything still worked ok, then both of these would have caused the newest available version to be downloaded and installed, while the “intermediate” versions would have been reported as “superseded” (thus not needed) in the WindowsUpdate.log …

Anyway, regardless of who is the one who “messed up” my Windows Update mechanism in all my 3 computers, either the Router or Microsoft itself, the problem will have to be corrected …
It would be good to know, however, that the Router is not guilty ….

I am literally afraid of upgrading to Windows 10 or 11, because I really don’t feel like starting again all this “saga of OS updates” … it was so good without it for 3 years …

It already happened to me once, about 5 years ago, that a wrong OS update from Microsoft
messed up my entire OS and it had to be reinstalled ……

Thanks a lot,
Iudith Mentzel

 

 

Reply | Quote

JC Zorkoff wrote:

I noticed that after installing an update using Windows Update, followed by a check for updates with WUMgr, the same definition file is ready for update. If I run:

“C:\Program Files\Windows Defender\MpCmdRun.exe” -SignatureUpdate

the same update will be installed again. It used to say “No updates needed.” if the update had already been installed.

All my updates were installed “Successfully”

Exactly the same here, irrespective of WU process, whether WU, WUmgr or within Defender itself, on various W10 22H2 and Win8.1 devices what a pain..

Windows - commercial by definition and now function...

Reply | Quote

I started another thread about this before being alerted to this one – thanks JC.

” I installed the July update for Windows 11 22H2, KB5028185, a couple of days ago. Since then I noticed several Windows Defender updates for the same definition number listed . Windows Update history only shows 1 successful installation, which is normal and this is done automatically after startup. However, several others are listed as installed after the first one and all with the same definition number. It would seem to suggest a bug in these Defender updates as it has only started after the July Cumulative update. If the original definition update has been successfully installed, would any further updates for the same definition be downloaded and installed or not processed and is a reporting issue?”

I paused Windows Update after installing the cumulative update and when I resume, it checks for updates, then the screen flashes (0.5sec) and then “Up To Date” appears but the original definition is listed as installed again.

Reply | Quote

MSFT Defender update problems also started here prior to Patch Tuesday and ties in around an update on July 10th, engine update: 1.1.23060.1005, that has affected both W10 22H2 and Win8.1 definitions here. Prior to that date there are no failures, with no system changes made prior to, or after that timeline.

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide

Some def updates required user input to try again, or wait… until the next delta patch came along or major update before it was accepted and installed properly.

Friday 13th January 2023 ring any bells? sigh.

Windows - commercial by definition and now function...

Reply | Quote

Thanks for the link Microfix. Does this mean that a fix for this problem would need to wait for a platform update next month or would something be done before then? Not really sure if these duplicate updates are being downloaded or just registered as the original one shows as installed. I’m assuming Microsoft is aware of the problem? I have a Local Account so haven’t reported it myself. Would be interested in your opinion.          Jim.

 

Reply | Quote

Either a platform or engine update (fix/ regression) with an undisclosed timescale.
I can’t seem to find any topics on MSFT answers so, it may be un-noticed by many and still awaits exposure, or MSFT fixes it silently in the background, KIR for the security system.

System reports that the ‘update was successful’ when clearly it’s not.

It would be nice if others posted here if they are encountering or have discovered the issue, TIA

Windows - commercial by definition and now function...

Reply | Quote

Oh my… such a verbose explanation.
All that I understand from it is that Windows 10 and 11 have totally different version numbers than Windows 7.
Therefore, I was confident that I downloaded the mpas-fe.exe manually from a place that clearly referenced Windows 7 and Vista.
Otherwise, as usual, those updates are not available at all to be downloaded from the Microsoft Catalog.

The ugly side is that the Windows Update “troubleshooter” for Windows 7 does NOT do a dime except it just runs “Windows Update”.
I don’t know whether the Windows 10 troubleshooter is better, but the clumsy update mechanism seems to be still in place. With “prayers” on each OS update day to not have anything broken… as had already happened when they first started “to deal” with those security vulnerabilities about 5 years ago.

Thanks a lot,
Iudith Mentzel

Reply | Quote

Hello All,
Almost unbelievable !!!
Now, a few minutes ago, one of my computers received a NEW version 1.393.737.0 created today, July 18, at 19:38 

It also updated the signature on the Windows Defender window :):)

On this machine, there were only 4 copies of the previous update, on another machine I already had 9 of them.

Now I really want to be optimistic… after two white nights spent on research

Cheers & Best Regards,
Iudith

Reply | Quote

Whenever I’ve had trouble with definition updates I go here:

https://www.microsoft.com/en-us/wdsi/defenderupdates

Scroll about halfway down the page, click on the desired update (32 or 64 bit, etc), and a file (mpam.exe IIRC,  I’m on my daily driver Mint system at the moment) downloads, in my case to the desktop. Run the file and the new definitions are installed. Works even when other update methods fail. A bit inconvenient, but remember who we’re dealing with!

1 user thanked author for this post.

Endora

Reply | Quote

Yes, you are so right, I do indeed remember who are we dealing with

That’s exactly the page where I downloaded an EXE file for Windows 7 from and executed it. But that one only updates the Windows Defender signature without logging anything in the Windows Update history.

I think that ALL the Windows Updates should have been that simple and not as they are, version after version.

Reply | Quote

The annoying thing in my situation is that I don’t use Defender. I have Norton 360 and, when it’s installed, it takes over and turns off MS Defender.  I cannot access defender settings  without uninstalling Norton as it manages anti virus. Even with Defender turned off, the definitions, engine and anti Malware platforms are still downloaded silently. All a bit of a pain really.

Jim.

Reply | Quote

I believe the issue was fixed last night. Update 1.393.737.0 seems to have stopped the multiple same defender downloads. Only one (correct) download today. I paused and resumed updates several times and no Defender downloads for the same version was shown.

Jim.

1 user thanked author for this post.

Microfix

Reply | Quote

This morning after installing:

Definition Update:  Version 1.393.786.0  7/19/2023 8:19:39 AM

Using the update program

“C:\Program Files\Windows Defender\MpCmdRun.exe” -SignatureUpdate is again saying “No updates needed.”

It looks like this problem is finally fixed.

1 user thanked author for this post.

Microfix

Reply | Quote