locked
Updating Forefront Client Security RRS feed

  • Question

  • Greetings,
     
    According to what i have read and by triyng out the software there are only two ways to update FCS:

    Wsus or by going directly to the internet.

    Is there any other way to update the virus definitions?

    My infraestructure has a WSUS but i dont want it to update it using WSUS and its also a break in security for the servers to update going directly to the internet.

    Is there any other solution for my problem?

    Thanks in Advance
    Monday, August 4, 2008 9:11 AM

Answers

All replies

  • Dany,

    Yes there are other ways...

    You can update FCS using pretty much any software distribution application you want, however you want it to be very automatic :-)
    Here are some guides that a friend of mine put together for SMS 2003 and SCCM 2007.

    http://blogs.microsoft.co.il/blogs/yanivf/archive/2008/02/24/updating-forefront-client-security-definitions-using-sms2003.aspx

    and here is one for using MOM tasks

    http://blogs.microsoft.co.il/blogs/yanivf/archive/2008/06/09/forefront-client-security-remote-definitions-update-using-mom-tasks.aspx

    Good luck!
    /Johan
    MCSE, forefront spec | www.msforefront.com
    • Marked as answer by Dany T Monday, August 4, 2008 2:36 PM
    Monday, August 4, 2008 12:55 PM
  • Cheers,

    I will have a look at both.

    Another question is when i choose "Check For Update" on the FCS agent it says connecting to internet to check for updates.

    Is it trying to connecto to the internet or even if its connecting to the WSUS altough it says internet?

    Thanks in Advance
    Monday, August 4, 2008 2:32 PM
  • You are welcome!

    Hope the articles work out for you!

    ...I know it says "connecting to the Internet..." however i do beleive that it connects to whatever you have set it to check for updates. If you piont to WSUS, that is where it will check and if you point to Internet...

    /Johan  
    MCSE, forefront spec | www.msforefront.com
    Monday, August 4, 2008 2:40 PM
  • Hi again Johan,
     
    I´m having some difficulty getting the Update do Use MOM 2005 as the article describes.

    The definitionsdownload.vbs tries to connect to the internet but all i get in the log is:

    --17:08:27--  http://go.microsoft.com:80/fwlink/?LinkID=87342
               => `Definitions/@LinkID=87342'
    Connecting to go.microsoft.com:80...
    connect: No such file or directory
    Retrying...

    I have followed the instructions and left it all the default c:\FCSDef folder.

    What am i doing wrong?


     

    Monday, August 4, 2008 4:11 PM
  • Dany,


    Strange, i had no problem running the script. Just tried right now.

    Did you create a subfolder under "C:\FCSdef"? and edit the script at line 43 "DefinitionsFolder = "C:\FCSDef"" to add the subfolder you created?
    Did you run the script from cmd using "cscript definitiosdownload.vbs" command?
    Did you copy the Script and wget.exe into the C:\fcsdef folder?

    /Johan

    MCSE, forefront spec | www.msforefront.com
    Monday, August 4, 2008 7:42 PM
  • Hi Johan,

    Right...the problem was on my ISA server not allowing wget.

    On another note i´m also trying out updating the definitions with WSUS.

    Does the GPO for WSUS need the option to download and install the updates or will FCS automatically look for an update on WSUS and install it?

    I have the FSC agent on the clients configured in tools---> options : "check for updated definitions before scanning".

    Will this install the definitions automatically?
    Tuesday, August 5, 2008 8:42 AM
  • Dany,

    Great you got the script running!

    In the WSUS policy you have to enable the GPO setting "Allow automatic update immediate installation" otherwise the definition updates will follow the regular update schedule and you don't want that.

    don't forget to create an automatic approval rule in WSUS (if you are using wsus 3.x) under options in tthe wsus console.

    good luck!



    MCSE, forefront spec | www.msforefront.com
    Tuesday, August 5, 2008 7:07 PM