locked
Forefront Definition File Size RRS feed

  • Question

  • Hello there-

    Ok. WSUS downloads Forefront Definition Updates and sends them to clients automatically via WSUS.  In my case, 3 times a day.
    WSUS downloads the mpam-fe and d, but do the clients who automatically receive the definitions from WSUS receive the delta part?
    I'm concerned about sites with slow connections having to download 30+MB package just for a  forefront update. 

    Does anyone know (on average) the size of the Definition Updates that get sent out to Forefront Clients?  The KB Definition Updates?



    Thursday, September 17, 2009 7:53 PM

Answers

  • http://blogs.technet.com/kfalde/archive/tags/FCS+Definitions/default.aspx

    Check out the last 2 blog posts there (as well as the first one for keeping your wsus server cleaned up) they should explain it I hope..
    If the clients have the latest monthly base they will just apply the delta not the whole 30mb+ package.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    • Marked as answer by Andrewm1972 Friday, September 18, 2009 4:13 AM
    • Unmarked as answer by Andrewm1972 Friday, September 18, 2009 4:13 AM
    • Marked as answer by Nick Gu - MSFT Friday, September 18, 2009 9:21 AM
    Thursday, September 17, 2009 9:25 PM

All replies

  • http://blogs.technet.com/kfalde/archive/tags/FCS+Definitions/default.aspx

    Check out the last 2 blog posts there (as well as the first one for keeping your wsus server cleaned up) they should explain it I hope..
    If the clients have the latest monthly base they will just apply the delta not the whole 30mb+ package.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    • Marked as answer by Andrewm1972 Friday, September 18, 2009 4:13 AM
    • Unmarked as answer by Andrewm1972 Friday, September 18, 2009 4:13 AM
    • Marked as answer by Nick Gu - MSFT Friday, September 18, 2009 9:21 AM
    Thursday, September 17, 2009 9:25 PM
  • Thanks for your response.  I'll have a look at that link in a few.

    Do you know if a new base file is downloaded every month regardless to the clients?  Or is it the original base file from the initial install ...and just delta for every definition downloaded afterwards?

    My concern is just about sites on slow links having to download large forefront updates via wsus.  If its just the delta, then that's ok.  But the Base files would be another headache.

    Andrew
    Thursday, September 17, 2009 11:15 PM
  • Thanks for that link.  Good stuff and it answered my Q!

    Thanks again!

    Andrew
    Friday, September 18, 2009 4:13 AM
  • No we do a binary delta to update from last months base to the current months base.  However if the client did not have last month's base then we are forced to basically download the full monthly base.  This is usually for brand new clients who are at 1.0.0.0 definitions which need to download both the monthly base as well as apply the delta up to the current point.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Friday, September 18, 2009 3:11 PM
  • Hey guys-

    Is there a central way to "monitor" what update(s) are being sent to Forefront Agents?  Like size, version and type (binary or delta)?  Not the Event Logs of Clients, but a central location where we can actually see whats going where?  The Forefront Dashboard is pretty simple, and WSUS doesnt show me on the console anything actively being sent to the agents.

    Just checking...thanks!!
    Tuesday, March 16, 2010 10:22 PM
  • Interesting question :)  So the quick answer is no not in any gui/predefined report etc. Is there raw data that contains this?  Yes.  The best bet would  probably be the IIS logs for your WSUS server and using some logparser to basically give you some #'s per day on how many machines downloaded the bdd vs the delta vs the base vs the monthly bde package.  I'm not sure by default that IIS logs have the size of the file downloaded however you may be able to add that in the IIS log details otherwise you would have to manually look at the size in either wsus by viewing files for an update or looking in the wsuscontent folder at the sizes.  So definitely doable would take some work to do.  Let me know if you look into it as that would be interesting.. you might want to check at the forums as wsus.info to see if anyone else has ever packaged some reports/queries that do something like this against a WSUS servers IIS files.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Wednesday, March 17, 2010 4:00 PM
  • Actually for just version you can get that from the built in reports.
    Check Deployment Summary and Virus Definitions Deployment Status and that will give you a list of systems and what definition sets they currently have.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Wednesday, March 17, 2010 4:20 PM