Thursday, August 27, 2009 9:14 PMOkay , here is the Rub
We have WSUS pulling down Definition updates for the Forefront server , but the problem I am seeing is that the updates happen at anytime. We have a SET GPO for the updates to go off at NOON if its deemed critical. But for teh last 3 days at 4pm the Anti-malware just send the Definition to user Systems and begins to install it. Totally Ignoring the GPO about WSUS updates.
We recently patched WSUS to the Newest Service pack. Could that have caused these Gremlins.
Monday, August 31, 2009 6:47 AMModerator
Thank you for your post.
Before going any further, would you please tell us how do you deploy the updates via GPO?
Meanwhile, you may refer to the following article to correct your settings.
Nick Gu - MSFT
Monday, August 31, 2009 2:07 PMModeratorI'm guessing you mean the clients update their definitions at any time? This would depend on what you have for client settings in your policies. If you tell the clients to check for definition updates via FCS policy they are not constrained by any WSUS policies. The call from FCS to check for definition updates is a WUA API call that uses the WUA client / WSUS however does this based on the interval settings from FCS NOT from WSUS client GPO settings.
CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
- Marked As Answer by Oguzhan FilizlibayMicrosoft Employee, Moderator Wednesday, September 02, 2009 2:15 PM
Wednesday, September 02, 2009 12:00 AMAnd just too add to the other comments...
If you have the policy "Allow Automatic Updates immediate installation" the definitions will install as soon as they are detected as needed.
That is really the best configuration in almost all cases since the definition will not require the service to restart.
Monday, October 05, 2009 3:28 PMwow alot has happened since this Thread. And I have read each one. There were several things working the nerves here.
1st and foremost was the misunderstanding that FCS is contrained by WSUS (which I now know is Wrong)
everything else just came from that one realization ...
Thank you very much for that one.
Thursday, February 16, 2012 11:40 PMIs there any way to check for definition updates more than once per hour?