locked
How large are Forefront Endpoint Protection 2010 Client Definition Downloads RRS feed

  • Question

  • I've got a few WAN links that clients traverse to get to the SCCM Site server (WSUS) for definitions and I need to know if the definition downloads are large enough to warrant setting up downstream WSUS servers in the remote locations.

    Architecture: SCCM 2007 R3, Single Primary Site utilizing Software Updates in SCCM, FEP 2010

    Thanks

    Monday, February 14, 2011 6:31 PM

Answers

  • This information I got from a Microsoft slide:

    We reset the definition updates through a process we call ‘re-base’ – currently once a month as part of the engine release
    Today there are 4 types of packages which can be used to update FEP clients

    • Full (~55MB)
      The full signature set (called the base) + any signatures since the last engine release (delta)Most recent engine
    • Delta (ranges from ~200KB to ~5MB)
      Contains the incremental signatures added since the last engine release (rebase).
    • Binary Delta Engine (BDE) (ranges from ~2MB to ~15MB)
      Binary diff of the previous base and engine with current base and engine plus the current incremental delta of signatures
    • Binary Delta Delta (BDD) (ranges from ~100KB to ~1MB)
      BDD package is different than Delta package since it will offer differential content from the previous release. Hence only new content is offered to the user.
      All three package types are available on MU
      Only Full packages are available on the Download Center
      Internal detection logic allows each client to download the smallest package size available
      The more up-to-date the client, the smaller package that client needs to download.

    So:

    • First install or really out-dated (>2 engine releases behind) => Full package
    • Older signatures, old engine => BDE package
    • signature > 36h, current engine => delta package
    • signature < 36h, current engine => bdd package

    hope this helps,

    Kris

    • Proposed as answer by Schörling, Stefan Monday, February 14, 2011 9:43 PM
    • Marked as answer by Aray66 Monday, February 14, 2011 10:47 PM
    Monday, February 14, 2011 8:47 PM

All replies

  • Hi,

    There is a FEP Capacity planner that can be used - http://blogs.technet.com/b/clientsecurity/archive/2011/01/19/fep-capacity-planning-worksheet.aspx


    Kent Agerlund | My blogs: http://blog.coretech.dk/author/kea/ and http://scug.dk/ | Twitter @Agerlund | Linkedin: /kentagerlund
    Monday, February 14, 2011 7:09 PM
  • This worksheet doesn't help. I'm not concerned about Space requirements on the DB side. I need to know the average size of the daily FEP definitions released by Microsoft. Once I know that, I will quickly be able to figure out if my WAN bandwidth is going to be sufficient for the number of clients I have that are requesting definitions daily from my WSUS server.

     

    Thanks

    Monday, February 14, 2011 7:29 PM
  • Hey Aray66,

    I have FEP 2010 running on my machines and the total space currently used by def files are 60MB all dated yesterday and today.  My guess is thats the approx size of the downloads for every update. 

    On Windows 7, you can find these files in ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup to view there sizes.

    Hope this helps.

    Shawn

    Monday, February 14, 2011 8:34 PM
  • This information I got from a Microsoft slide:

    We reset the definition updates through a process we call ‘re-base’ – currently once a month as part of the engine release
    Today there are 4 types of packages which can be used to update FEP clients

    • Full (~55MB)
      The full signature set (called the base) + any signatures since the last engine release (delta)Most recent engine
    • Delta (ranges from ~200KB to ~5MB)
      Contains the incremental signatures added since the last engine release (rebase).
    • Binary Delta Engine (BDE) (ranges from ~2MB to ~15MB)
      Binary diff of the previous base and engine with current base and engine plus the current incremental delta of signatures
    • Binary Delta Delta (BDD) (ranges from ~100KB to ~1MB)
      BDD package is different than Delta package since it will offer differential content from the previous release. Hence only new content is offered to the user.
      All three package types are available on MU
      Only Full packages are available on the Download Center
      Internal detection logic allows each client to download the smallest package size available
      The more up-to-date the client, the smaller package that client needs to download.

    So:

    • First install or really out-dated (>2 engine releases behind) => Full package
    • Older signatures, old engine => BDE package
    • signature > 36h, current engine => delta package
    • signature < 36h, current engine => bdd package

    hope this helps,

    Kris

    • Proposed as answer by Schörling, Stefan Monday, February 14, 2011 9:43 PM
    • Marked as answer by Aray66 Monday, February 14, 2011 10:47 PM
    Monday, February 14, 2011 8:47 PM
  • Hello,

    I saw the above posts and i need to clarify and get answers (if you have these for sure) from you on this situation like machines that are powered off and aren't online already a week. Some of them are powered off 10-15 days ... after what time period the full package of definition updates are downloaded to clients.
    ...And also, i need to know in what time period the deltas are downloaded to clients before full packages will start downloading..?

    Thanks in advance,

    Thursday, March 21, 2013 10:47 AM
  • Internal process will always download the smallest package
    4 different package
    Full approx. 55MB
    Engine release older than 2 versions
    Binary Delta Engine (BDE) between 2 mb. to 15 mb.
    Old engine and old signature
    Delta between 200 kb to 5 mb.
    Signature file older than 36 hours and engine current version
    Binary Delta Delta (BDD) between 100 KB to 1MB
    Signature file younger than 36 hours and engine current version

    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals

    Thursday, March 21, 2013 10:51 AM