How To Update Microsoft Security Essentials In Windows Server 2012 R2

Recently I covered how to install Microsoft Security Essentials in Windows Server 2012 R2, however after performing a Windows update it failed to install with error 0x8004FF04.

Here I will discuss why this happens and then cover how to resolve this problem and update Microsoft Security Essentials manually.

From my experience definition updates have still been working fine through Windows update, so far I have only had a problem with this update, which is an update specifically for a newer version of the antimalware client itself.

A note to Windows 8, 8.1 or 10 users receiving this error for a Microsoft Security Essentials update: The built-in Windows Defender replaces Microsoft Security Essentials, if you have previously installed Microsoft Security Essentials but updated your operating system version it may no longer be supported and it should be safe to uninstall as Defender has taken over. This post is aimed toward those that have knowingly installed Microsoft Security Essentials on an unsupported operating system such as Windows Server 2012 R2 and want to update it.

Updating Microsoft Security Essentials

In this example I first downloaded and installed the latest version of Microsoft Security Essentials from Microsoft by following these steps. This installed version 4.8 of Microsoft Security Essentials.

After running Windows update it found KB3140527 which came out 23/02/2016 and was an update for Microsoft Security Essentials, version 4.9.218.0 to be exact as shown below. This means that when I did this, the download through the website was not the most up to date version.

Microsoft Security Essentials Windows Update

Take note that this particular update is 8.5MB in size, this will be important later on.

The problem begins when trying to install this update, as shown the update fails and results in error code 8004FF04, simply meaning that the update does not support this version of the operating system.

Microsoft Security Essentials Failed Windows Update Error Code 8004FF04

This makes sense as technically Microsoft Security Essentials does not support Windows Server 2012 R2, we installed it with some slight customizations which we need to do again during the update.

If you had a look through my Microsoft Security Essentials installation guide, you may have noticed that error 8004FF04 came up there as well. Essentially the update is failing to install because it is not being run in compatibility mode for Windows 7, or with the /disableoslimit flag via Windows update causing it to fail.

In order to install the update, we need to run it manually with these customizations in place.

Windows update stores its downloaded update files in the C:\Windows\SoftwareDistribution\Download folder with different hashes for the file names. As the particular update that is failing to install in this case is 8.5MB in size, we simply look for a file within this folder that is also 8.5MB in size – in this case the file that is selected shown below.

Windows Update Download Folder

For this example, I copied this file over to my desktop to perform the required changes rather than modifying the original, I then renamed it to ‘update.exe’ however the file name isn’t particularly important here.

Next right click the file and select properties. From the properties window select the Compatibility tab. Under Compatibility mode, tick the “Run this program in compatibility mode for:” box and then select Windows 7 from the drop down menu, then click OK.

Microsoft Security Essentials Compatibility Mode

Now open command prompt as administrator and execute the file with the /disableoslimit flag on the end as shown below.

Command Prompt Update Microsoft Security Essentials

Assuming you selected the correct file from the Windows update folder, you should be greeted with the Microsoft Security Essentials upgrade wizard as shown below, simply click the Upgrade button to proceed.

Microsoft Security Essentials Upgrade Wizard

Once the upgrade has completed, click the finish button to complete the process.

Microsoft Security Essentials Update Wizard Complete

From here you can now open up Microsoft Security Essentials, select the Help drop down and then click About and you should see that the Client Version has been successfully updated to the version noted through Windows Update.

View Microsoft Security Essentials Version

Microsoft Security Essentials Version Number

This confirms that Microsoft Security Essentials has successfully been updated to the version that Windows update was failing to install. At this point we can go back to Windows update and run a check for updates, which should now no longer list the update as available, as it is now installed.

No Windows Updates Available For Microsoft Security Essentials

Summary

As Microsoft Security Essentials is not officially supported in Windows Server 2012 R2, we should expect strange and unexpected behaviour such as Windows updates failing to update it.

By applying similar changes that were done when we installed it, including setting the compatibility mode to Windows 7 and running the executable with the /disableoslimit flag, we can successfully update Microsoft Security Essentials when newer updates become available through Windows update that are not yet available for download through the Windows website.

Leave a comment ?

43 Comments.

  1. Thank you. Your directions work. One questions – how did you figure out what the file name to change in the C:-Windows-SoftwareDistribution-Download location ?

    • I did not know the name, I worked it out based on the file size of the update. If you look at the update size available in Windows update you can find an update the same size from that folder.

  2. Thank you for this great explanation.
    It works :-)

  3. Garth Henderson

    Many thanks for this info. Developers need to use this workaround on our MSDN servers.

  4. Thank you for the info. It worked like a charm!

  5. Works great. Thank you.

  6. Perfect! What a fantastic explanation – I would never of got there without this article. Kudos.

  7. Awesome. Thanks for the help, issue has been resolved which I had since februari this year. :-)

  8. Brilliant!

  9. Thanks Jarrod, very useful.

  10. Thank you for posting this, However Unfortunately This is not working, I keep getting a restart button not an upgrade button. Please help!

    • Are you able to provide an example of what you’re getting?

      • Sure, Thank you for answering! I have a couple of screen shots but cannot attach them here. Basically I followed the directions and end up in a continuous loop of rebooting.

        The last screen that is supposed to say upgrade, just says reboot. I reboot no matter how many times it still says the same thing.

        • To add to Thomas’s comments, I have the same issue :

          Following this tutorial to upgrade from 4.9.218 to 4.10.209, the Upgrade dialog window gives a message about not having rebooted since the last installation of MSE and proposes a “Reboot” button instead of the “Upgrade” button…
          (I do have rebooted the server several times since the last upgrade)

          Note : this issue is also present with the Install MSE tutorial, the 4.10.209

          • I am currently having this problem not being able to do any updates or even unistall it manually as it says i didnt restart and still need to.

          • To fix the Reboot problem, delete the following Registry key:
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EppSetupPendingReboot

          • Removing the “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EppSetupPendingReboot” key solved the issue…

            Thanks Anonymous…

  11. Thank you – it worked. Great job.

  12. yep thanks!

  13. thanks. You save me!!!

  14. I updated it on 2012 R2 then receive the 4.10.209.0 update (KB3205972) and try this trick again but unsuccessfully it said the compatibility mode doesn’t work for this program now.

  15. I have been looking for solution to fix this problem sadly I can’t seem to locate the correct file I have tried two and neither of them has the compatability label where can I go from here?

  16. Thank you – it worked. Great job.

  17. Thank You. It works well at 4.10.209.0 (KB3205972). File size is 9.450 KB

  18. You rule! Thank you, got my godaddy 2012 vm server updated.

  19. Good info, thanks!

  20. The Reboot problem went away after deleting the registry key, Thank You so much!!

  21. Thanks bro! Real MVP

  22. Thank you very much, nice instructions.

  23. Thank you for posting this article and also a big thank you to
    “Anonymous June 8, 2017 at 5:33 am”.

  24. Thank you! This worked great!

  25. Dear Jarrod, It is May 2019 and I am wondering if this solution still works for Windows Server 2012 R2 Essentials. We have four workstations and three laptops all running Win10 pro version 1809, some using the built in Windows Defender and others using Comodo AV. I wanted to use the inexpensive Comodo Server AV but their on line chat support said that while it is compatible with Windows Server 2012 it is not compatible with WSE 2012 R2. So I am thinking of using your solution but wanted to see if there have been any updates. Thank you for explaining things so clearly!

    • To be honest I have not tested it out since originally writing the post, however some others in the comments did mention that it still worked just fine for them more recently.

  26. worked for me just now…

  27. Still working for MS Security Essentials 4.10.209.0

  28. Incredible… Here in 2020 this post still usefull… Thanks a lot :-)

  29. Thank you, this worked well for me! I’m hoping the updated Security Essentials behaves itself now…

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>