Docs
KB2267602 Explained: Microsoft Defender Security Intelligence Update Guide
Understand what KB2267602 is, why it keeps reinstalling, how to fix common failures, and where Microsoft Defender security intelligence updates actually come from.
Question for Windows admins and users troubleshooting Microsoft Defender update behavior
KB2267602 creates confusion because it looks like one patch but behaves like a rolling Defender intelligence stream. Use this page to separate normal repeat installs from real update failures and to find the right Microsoft-supported remediation path.
What You'll Get
- Understand what KB2267602 really is and why it repeats
- Fix common single-PC and managed-environment failure patterns
- Use the right Microsoft pages and commands when troubleshooting
Jump To
Short Answer
KB2267602 is the recurring Security intelligence update for Microsoft Defender Antivirus. It is not a one-time cumulative Windows patch. The KB number stays the same while the definition version changes constantly as Microsoft ships new threat signatures and detection logic.
Sources: Microsoft Security Intelligence release notes, Microsoft Q&A
KB family ID
KB2267602
The label you keep seeing in Windows Update.
Live version checked
1.445.447.0
Microsoft's Defender updates page listed this version on March 10, 2026.
Release cadence
Multiple times a day
Security intelligence ships far more often than engine or platform updates.
Primary install path
Windows Update
Manual packages exist, but automatic updates are the default path.
Why KB2267602 Keeps Showing Up
The confusion is simple: most Windows KB numbers refer to a more fixed update package, but KB2267602 behaves more like a named update stream. Microsoft says Defender security intelligence is updated continually and its release notes page shows a long sequence of changing definition versions under the same family.
Microsoft Q&A moderators explicitly describe this behavior as normal and note that the KB number stays the same. Reddit posts show the same confusion from both home users and admins, especially when update history shows KB2267602 multiple times per day or per week.
If the version number changes, that is usually expected. If the version number does not advance and the same install fails repeatedly, that is when you should treat it as a real update problem.
Sources: Microsoft Q&A, Reddit install-failure thread, Reddit admin thread
What KB2267602 Actually Updates
KB2267602 primarily carries Microsoft Defender security intelligence, which means the malware definitions, detection logic, and related protection content Defender uses to recognize threats.
| Component | What changes | Typical cadence | Why it matters |
|---|---|---|---|
| Security intelligence | Threat signatures and detection logic | Multiple times a day | This is the part most users mean when they say "Defender definitions." |
| Engine | Scanning engine internals | Monthly | Changes how Defender processes and evaluates content. |
| Platform | Defender app and service platform components | Monthly | Affects the Defender runtime itself, not just threat signatures. |
That distinction matters because a machine can have a current KB2267602 definition version while still needing a separate engine or platform update. Microsoft Learn documents the monthly cadence for engine and platform updates and the much faster cadence for security intelligence updates.
Sources: Microsoft Learn: manage protection updates, Microsoft Security Intelligence release notes
Current Version and Where to Verify It
For exact live version numbers, use Microsoft's Security Intelligence pages instead of guessing from forum screenshots. When this article was updated on March 10, 2026, Microsoft's Defender updates page listed:
- Version: 1.445.447.0
- Engine version: 1.1.26010.1
- Platform version: 4.18.26010.5
- Released: 3/9/2026 10:41:00 PM
Do not hard-code those values into internal documentation for long. They change quickly. The better operating practice is to bookmark the live Microsoft page and validate the current version there when you are troubleshooting.
On an endpoint, you can also verify locally with PowerShell:
PS> Get-MpComputerStatus | Select-Object AntivirusSignatureVersion, AntivirusSignatureLastUpdated, AMProductVersion, AMEngineVersionIf you are not yet sure Defender is the active antivirus engine on the endpoint, verify that first with the Defender status guide. If your broader question is whether updates are stale across the fleet, continue with the update-status guide.
Sources: Microsoft Security Intelligence: latest Defender updates, Microsoft Learn: PowerShell cmdlets for Defender Antivirus
Common KB2267602 Problems and What They Usually Mean
| Symptom | Likely meaning | Recommended next step |
|---|---|---|
| KB2267602 installs over and over with newer version numbers | Usually normal Defender security intelligence cadence | Confirm the version keeps advancing, then leave it alone. |
KB2267602 fails with 0x80070643 | Generic Defender or update servicing failure | Manually trigger a Defender signature refresh and check Defender UI or service health. |
KB2267602 fails with 0x80070005 | Permissions, service state, or update pipeline issue | Check elevation, Defender services, and local policy interference. |
| Windows Security opens as a blank or white page | Broader Defender app or platform health issue | Treat it as more than a normal signature miss and validate Defender service status immediately. |
| Nothing appears in Microsoft Update Catalog | The normal manual path is the Defender Security Intelligence download page, not just Catalog searching | Use the official Defender updates page and the correct mpam-fe package for your platform. |
| WSUS or SCCM stops surfacing new definitions temporarily | Potential synchronization or upstream publishing issue | Verify sync health, approvals, and fallback sources; consider temporary direct Microsoft fallback if policy allows. |
Inference: the Catalog point above is based on Microsoft's official manual-download guidance pointing administrators and users to the Defender Security Intelligence page, plus repeated community reports from users who could not find KB2267602 through normal Catalog searching.
Sources: Microsoft Learn: manage protection updates, Reddit install-failure thread, Reddit SCCM thread
How to Fix KB2267602 on a Single PC
Microsoft's preferred path is still automatic updating through Windows Update. If that is failing, the fastest supported remediation sequence is to manually clear the current dynamic definitions cache and force a signature refresh.
cd %ProgramFiles%\Windows Defender
MpCmdRun.exe -RemoveDefinitions -DynamicSignatures
MpCmdRun.exe -SignatureUpdateYou can also use PowerShell for the same workflow:
PS> Update-MpSignature
PS> Get-MpComputerStatus | Select-Object AntivirusSignatureVersion, AntivirusSignatureLastUpdatedIf that still fails, check these in order:
- Open Windows Security and confirm Microsoft Defender Antivirus is actually enabled.
- Verify you are running commands from an elevated shell.
- Confirm there is no third-party AV forcing Defender into a passive or disabled state.
- Check whether the Defender UI is broken, blank, or crashing, which points to a larger platform issue.
- Use Microsoft's manual
mpam-fe.exeormpam-feX64.exepackage only if automatic updating still fails.
Sources: Microsoft Learn: MpCmdRun command-line tool, Microsoft Learn: PowerShell cmdlets for Defender Antivirus, Microsoft Security Intelligence downloads
How to Handle KB2267602 in WSUS, SCCM, and Managed Networks
Enterprise environments should treat KB2267602 as an operational content stream, not a rare patch. Microsoft Learn documents five update source locations: Microsoft Update, WSUS, Microsoft Configuration Manager, network file share, and the Security Intelligence page.
Three rules matter most in managed environments:
- Approve regularly: Microsoft notes WSUS approvals may be needed at least once a day because new intelligence arrives frequently.
- Set fallback order intentionally: use an ordered chain instead of assuming one source will always be healthy.
- Use direct Security Intelligence downloads as fallback, not primary: Microsoft explicitly describes that source as a final fallback for out-of-date devices.
PS> Set-MpPreference -SignatureFallbackOrder "InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC"
PS> Set-MpPreference -SignatureDefinitionUpdateFileSharesSource "\\FileServer\DefenderUpdates"Community reports from Reddit and Microsoft forums also show that temporary WSUS or SCCM visibility gaps do happen. When that occurs, confirm whether endpoints can still update directly, then decide whether to wait for sync recovery or temporarily relax fallback behavior for affected devices.
Sources: Microsoft Learn: manage protection updates, Reddit SCCM thread
Should You Ignore, Hide, or Uninstall KB2267602
In most cases, no. Do not hide KB2267602 simply because it appears often. Repeated installs with newer version numbers are part of how Defender stays current.
You should investigate only when one of these is true:
- The same version keeps failing and never advances.
- Windows Security or Defender scans stop working.
- Endpoints remain stale for days.
- Managed update infrastructure stops approving or distributing current definitions.
For lean teams, the practical KPI is not whether KB2267602 appears a lot. The KPI is whether endpoints have fresh signature timestamps and a healthy Defender state.
Sources and Community Signals
This article was built from Microsoft's live documentation plus a small set of community threads that show where people get confused in the real world.
- Microsoft Security Intelligence: latest Defender updates
- Microsoft Security Intelligence release notes
- Microsoft Learn: manage Defender protection update sources
- Microsoft Learn: MpCmdRun command-line tool
- Microsoft Q&A: KB2267602 continually wanting to update
- Reddit: KB2267602 install failure with 0x80070643
- Reddit: admin confusion about repeated KB2267602 installs
- Reddit: WSUS and SCCM definition visibility gap discussion