How large are Forefront Endpoint Protection 2010 Client Definition Downloads

All replies

• 

  

  0

  Sign in to vote

  Hi,

  There is a FEP Capacity planner that can be used - http://blogs.technet.com/b/clientsecurity/archive/2011/01/19/fep-capacity-planning-worksheet.aspx

  ---

  Kent Agerlund | My blogs: http://blog.coretech.dk/author/kea/ and http://scug.dk/ | Twitter @Agerlund | Linkedin: /kentagerlund

  Monday, February 14, 2011 7:09 PM
• 

  

  0

  Sign in to vote

  This worksheet doesn't help. I'm not concerned about Space requirements on the DB side. I need to know the average size of the daily FEP definitions released by Microsoft. Once I know that, I will quickly be able to figure out if my WAN bandwidth is going to be sufficient for the number of clients I have that are requesting definitions daily from my WSUS server.

   

  Thanks

  Monday, February 14, 2011 7:29 PM
• 

  

  0

  Sign in to vote

  Hey Aray66,

  I have FEP 2010 running on my machines and the total space currently used by def files are 60MB all dated yesterday and today.  My guess is thats the approx size of the downloads for every update. 

  On Windows 7, you can find these files in ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup to view there sizes.

  Hope this helps.

  Shawn

  Monday, February 14, 2011 8:34 PM
• 

  

  0

  Sign in to vote

  This information I got from a Microsoft slide:

  We reset the definition updates through a process we call ‘re-base’ – currently once a month as part of the engine release
  Today there are 4 types of packages which can be used to update FEP clients

  • Full (~55MB)
    The full signature set (called the base) + any signatures since the last engine release (delta)Most recent engine
  • Delta (ranges from ~200KB to ~5MB)
    Contains the incremental signatures added since the last engine release (rebase).
  • Binary Delta Engine (BDE) (ranges from ~2MB to ~15MB)
    Binary diff of the previous base and engine with current base and engine plus the current incremental delta of signatures
  • Binary Delta Delta (BDD) (ranges from ~100KB to ~1MB)
    BDD package is different than Delta package since it will offer differential content from the previous release. Hence only new content is offered to the user.
    All three package types are available on MU
    Only Full packages are available on the Download Center
    Internal detection logic allows each client to download the smallest package size available
    The more up-to-date the client, the smaller package that client needs to download.

  So:

  • First install or really out-dated (>2 engine releases behind) => Full package
  • Older signatures, old engine => BDE package
  • signature > 36h, current engine => delta package
  • signature < 36h, current engine => bdd package

  hope this helps,

  Kris

  • Proposed as answer by Schörling, Stefan Monday, February 14, 2011 9:43 PM
  • Marked as answer by Aray66 Monday, February 14, 2011 10:47 PM

  Monday, February 14, 2011 8:47 PM
• 

  

  0

  Sign in to vote

  Hello,

  I saw the above posts and i need to clarify and get answers (if you have these for sure) from you on this situation like machines that are powered off and aren't online already a week. Some of them are powered off 10-15 days ... after what time period the full package of definition updates are downloaded to clients.
  ...And also, i need to know in what time period the deltas are downloaded to clients before full packages will start downloading..?

  Thanks in advance,

  Thursday, March 21, 2013 10:47 AM
• 

  

  0

  Sign in to vote

  Internal process will always download the smallest package
  4 different package
  Full approx. 55MB
  Engine release older than 2 versions
  Binary Delta Engine (BDE) between 2 mb. to 15 mb.
  Old engine and old signature
  Delta between 200 kb to 5 mb.
  Signature file older than 36 hours and engine current version
  Binary Delta Delta (BDD) between 100 KB to 1MB
  Signature file younger than 36 hours and engine current version

  ---

  Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals

  Thursday, March 21, 2013 10:51 AM