We are deploying Defender on VDI but it can’t fetch definition updates. We run a .pac file in IE for user traffic, which works fine. But Defender fetches updates under LocalSystem context, which isn’t working.
We have tried following
1/ Whitelist all URLs required by Defender : https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus
2/ Tried configuring ‘Manual static proxy configuration’ options listed here:https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/production-deployment - setting zscaler as the winhttp proxy doesn’t work, and enabling ‘Disable Authentication’ against the GPO-based option doesn’t work either.
3/ Looking at wireshark and netmon - the only packets being sent by the MpCmdRun.exe service (defender) are going to e11290.dsph.akamaedge and are SYNREtransmit packets, presumably because they’re dropping…
Has anyone else encountered the same problem here?