The Official Microsoft Forefront Endpoint Protection Team Blog

Your official source for all the latest news and tech tips for System Center Endpoint Protection.

Checking for definition updates when starting

Checking for definition updates when starting

  • Comments 3
  • Likes

Next up in our registry key series: enabling definition updates upon service start.

By default (out of box), the FCS client will check for definition updates:

  • Before starting a scan
  • At the configured interval
  • Manually

However, there is a registry key available that you can use to cause the FCS client to check for definition updates whenever the service (FCSAM) starts.  As in the first post of this series (http://blogs.technet.com/clientsecurity/archive/2010/01/29/scanning-removable-drives.aspx), you must use either an ADM file via Group Policy or a .reg file to add the key.

The key name is UpdateOnStartup, and has two possible settings:

  • Missing or 0 (zero): the FCS client will not check for updates when the FCSAM service starts.
  • 1: the FCS client will check for updates when the FCSAM service starts.

A couple of notes about this key:

  • This key does not use the same formats as the earlier keys in this series: a 0 (zero) turns off the service start definition update check.
  • There is a few minute delay after the FCSAM service starts and the definition update check begins. The definition update may cause additional workload on system start, but not enough to cause a delay in login.

For the ADM file, start Notepad, and then copy and paste the following text into the Notepad file:

CLASS MACHINE
CATEGORY !!FCSCategory
              POLICY !!UpdateOnStartup_Name
                     KEYNAME "SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates"
                     EXPLAIN !!UpdateOnStartup_Explain
                     VALUENAME UpdateOnStartup
                       VALUEON NUMERIC 1
                       VALUEOFF NUMERIC 0
              END POLICY

END CATEGORY
[strings]
FCSCategory="Microsoft Forefront Client Security"
UpdateOnStartup_Name="Enable definition update on startup"
UpdateOnStartup_Explain="This setting instructs the FCS antimalware client to update definitions on startup."

 

Save the file as an ADM file, making sure to choose All files *.* as the file type (the KB suggests saving it with the KB ID number – for this one, you could use UpdateOnStartup.ADM as the file name), and then use Group Policy to deploy the new setting, as described in Option 1, step 2,  in the KB article.

If you want to deploy the UpdateOnStartup key via a .reg file, follow the steps described in Option 2 in the KB article, substituting the following registry information for step 4:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates]

"UpdateOnStartup"=dword:1

Comments
  • on standalone computer running Win7 pro x67, when fcs update at startup is always fail to install definition with error 0x80070643.

  • {4027D370-9463-4E54-A0F8-5368E382C211} 2010-06-18 07:09:26:627+0800 1 182 101 {F16C5EE3-8676-41D2-99D8-EEA92B049B4B} 100 80070643 Microsoft Forefront Client Secu Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Forefront Client Security - KB977939 (Definition 1.85.111.0).

  • Hi Tim,

    Take a look in your Windowsupdate.log to see if htere is a failure reason in there... (search for Error).

    Thanks for your comment!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment