In the Local Group Policy Editor, in the Automatic Update Setting, option 2 is selected – Notify before downloading and installing any updates. I think it's not worth explaining this point, especially due to massive problems after installation (KB5041585). But with this setup, the Update of the threat detection mechanism for Microsoft Defender Antivirus is not downloaded and installed automatically, so you have to install it manually. The essence of the issue is that system updates can be monitored, and antivirus updates downloaded and installed automatically.