Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
FEP 2010 Initial definition updates deployment

Answered FEP 2010 Initial definition updates deployment

  • Monday, May 21, 2012 2:08 PM
     
     
    Sign In to Vote
    0

    Hi guys,

    I'm currently testing a fep rollout and I'm having issues getting the initial signature updates to work via sccm. I have a sccm software updates package for FEP. I use the softwareupdateautomation.exe tool to update this package and the deployment managent. The package is distributed to all our DPs. So what I want to do now is using the sccm updates deployment method to do the initial installation of the signatures.

    But after I run the FEP installation, the clients try to download via WSUS or MS Update.

    The FEP policy is set via gpo, I use the following updates fallback order: InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC

    I don't have WSUS server's in all my countries and I don't want the initial signature updates to cross my WAN connections.

    How do you guys do it?

    Cheers

    Sebastian

    Sebastian Bammer

     

All Replies

  • Monday, May 21, 2012 3:42 PM
     
     Answered
    Sign In to Vote
    0

    Check out this thread:

    http://social.technet.microsoft.com/Forums/en/FCSNext/thread/72af07de-a231-4188-a631-33eb244ee100

    It should be able to answer your question and the 'why' behind it.

     
  • Tuesday, May 22, 2012 9:49 AM
     
     Answered
    Sign In to Vote
    0

    HI Kevin,

    thank's for the answer, I solved it as follows:

    Created a task sequence that

    - sets the "HKLM\Software\Polcies\Microsoft\Microsoft Antimalware\Signature Updates\FallbackOrder" to FileShares

    - sets the "HKLM\Software\policies\Microsoft\Microsoft Antimalware\Signature Updates\DefinitionUpdateFileSharesSources" to a non existing share (\\localhost\null)

    (My actual forefront settings get rolled out via gpo so they will be changed to a working config at the next gpo update.)

    - installs FEP

    - installs the initial definitions with the current mpam-fe.exe/mpam-fex64.exe

    - runs a hardware inventory cycle (I have a collection that is based on fep being installed. This collection is the target for a deployment managemend that installs all new fep definitions).

    Cheers

    Sebastian

    Sebastian Bammer