Turn on definition updates through both WSUS and the Microsoft Malware Protection Center

This policy setting allows you to configure Windows Defender to check and install definition updates from Windows Update the Microsoft Malware Protection Center when a locally managed Windows Server Update Services (WSUS) server is not available.

Windows Defender checks for definition updates using the Automatic Updates client. The Automatic Updates client can be configured to check the public Windows Update Web site, a locally managed WSUS server or the Microsoft Malware Protection Center. When a computer is not able to connect to an internal WSUS server or the locally managed WSUS server, such as when a portable computer is roaming outside of the corporate network, Windows Defender can be configured to also check the Microsoft Malware Protection Center Windows Update to ensure definition updates are delivered to these roaming machines.

If you enable or do not configure this policy setting, by default Windows Defender will check for definition updates from Windows Update the Microsoft Malware Protection Center, if connections to a locally managed WSUS server fail.

If you disable this policy setting, Windows Defender will check for definition updates only on a locally managed WSUS server, if the Automatic Updates client is so configured.


Supported on: At least Windows Vista
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows Defender\Signature Updates
Value NameCheckAlternateHttpLocation
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

windowsdefender.admx

Administrative Templates (Computers)

Administrative Templates (Users)