Forefront Endpoint Protection Blog

All the latest news and information on Forefront Client Security, Forefront Endpoint Protection and System Center Endpoint Protection 2012
Actions
Tags
Archive
Archives

Checking for definition updates when starting

TechNet Blogs > Forefront Endpoint Protection Blog > Checking for definition updates when starting

Checking for definition updates when starting

26 Feb 2010 2:49 PM
  • Comments 3

Next up in our registry key series: enabling definition updates upon service start.

By default (out of box), the FCS client will check for definition updates:

  • Before starting a scan
  • At the configured interval
  • Manually

However, there is a registry key available that you can use to cause the FCS client to check for definition updates whenever the service (FCSAM) starts.  As in the first post of this series (http://blogs.technet.com/clientsecurity/archive/2010/01/29/scanning-removable-drives.aspx), you must use either an ADM file via Group Policy or a .reg file to add the key.

The key name is UpdateOnStartup, and has two possible settings:

  • Missing or 0 (zero): the FCS client will not check for updates when the FCSAM service starts.
  • 1: the FCS client will check for updates when the FCSAM service starts.

A couple of notes about this key:

  • This key does not use the same formats as the earlier keys in this series: a 0 (zero) turns off the service start definition update check.
  • There is a few minute delay after the FCSAM service starts and the definition update check begins. The definition update may cause additional workload on system start, but not enough to cause a delay in login.

For the ADM file, start Notepad, and then copy and paste the following text into the Notepad file:

CLASS MACHINE
CATEGORY !!FCSCategory
              POLICY !!UpdateOnStartup_Name
                     KEYNAME "SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates"
                     EXPLAIN !!UpdateOnStartup_Explain
                     VALUENAME UpdateOnStartup
                       VALUEON NUMERIC 1
                       VALUEOFF NUMERIC 0
              END POLICY

END CATEGORY
[strings]
FCSCategory="Microsoft Forefront Client Security"
UpdateOnStartup_Name="Enable definition update on startup"
UpdateOnStartup_Explain="This setting instructs the FCS antimalware client to update definitions on startup."

 

Save the file as an ADM file, making sure to choose All files *.* as the file type (the KB suggests saving it with the KB ID number – for this one, you could use UpdateOnStartup.ADM as the file name), and then use Group Policy to deploy the new setting, as described in Option 1, step 2,  in the KB article.

If you want to deploy the UpdateOnStartup key via a .reg file, follow the steps described in Option 2 in the KB article, substituting the following registry information for step 4:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates]

"UpdateOnStartup"=dword:1

, ,
Comments
Comments
  • tim
    18 Jun 2010 9:45 PM

    on standalone computer running Win7 pro x67, when fcs update at startup is always fail to install definition with error 0x80070643.

  • tim
    18 Jun 2010 9:58 PM

    {4027D370-9463-4E54-A0F8-5368E382C211} 2010-06-18 07:09:26:627+0800 1 182 101 {F16C5EE3-8676-41D2-99D8-EEA92B049B4B} 100 80070643 Microsoft Forefront Client Secu Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Forefront Client Security - KB977939 (Definition 1.85.111.0).

  • 22 Jun 2010 10:14 AM

    Hi Tim,

    Take a look in your Windowsupdate.log to see if htere is a failure reason in there... (search for Error).

    Thanks for your comment!

Page 1 of 1 (3 items)
Leave a Comment
  • Please add 2 and 8 and type the answer here:
  • Post