Tuesday, November 13, 2012 6:06 PM
I have a FEP environment that is being governed by Group Policy and I understand that there is a qwerk with FEP policy wherein the following definition:
Forefront Endpoint Protection 2010 / Signature Updates / Define the order of sources for downloading definition updates
Does not report the actual setting that is set. In other words, it will appear as "Not Configured" even after you apply changes to it. This is fine, as long as it works, but my problem is that it doesn't. More specifically, users can pull updates from our internal WSUS server but as soon as the go out into the world (at which point the GPO should tell them to pull from Microsoft) they get errors about not being able to connect to find updates.
I understand you may not be able to really diagnose the issue without having a lot more information but I'm just curious if there's a bug related to this or if there is a way for me to more granularly manage this setting. For example, if you specified "FileShares" how does it know the file share to browse, it doesn't really just browse the whole network for FEP definitions right? Or what's the difference between "MicrosoftUpdateServer" and "MMPC"?
Friday, November 16, 2012 4:08 AMModerator
Thank you for the post.
You should verify your WSUS group policy set up correctly, here is related thread: http://social.technet.microsoft.com/Forums/en-US/FCSNext/thread/301938d8-144b-4314-9299-028a431b219c
Nick Gu - MSFT
Monday, November 19, 2012 1:08 PMThank you, but I have verified several times that the GPO is configured correctly