I've been having this issue with multiple Azure Virtual Machines for a while now.
I'm using and Azure Automation Account / Log Analytics Workspace to manage updates on 5 different Azure Virtual Machines. It's routinely showing all machines as missing updates, specifically multiple superseded copies of 'Security Intelligence Update for Microsoft Defender Antivirus - KB2267602'
See screenshot below where it's showing versions 1.321.1221.0 through 1.321.1256.0 as missing:
Screenshot of Update Management blade in my Automation Account
However all five Virtual Machines have 1.321.1260.0 installed as shown here:
Screenshot of 'View Update History' from affected Virtual Machine
I know that the Update agent has refreshed since 1.321.1260.0 was installed as 1260.0 was previously showing as missing, however as per the screenshot above it is now not.
I have tried to clear the current cache and trigger an update from CMD using the following script as detailed here:
cd %ProgramFiles%\Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdate
This runs and completes successfully, but doesn't resolve my issue.
Can anyone suggest why these superseded updates are showing, and/or how to clear them out? They are adversely affecting my otherwise squeaky clean Azure Security Center posture.
Thanks in advance!
