At the end of last week we published additions to the FCS BPA. The revisions are again described in KB976986. The new checks are focused on database related issues including:
As promised in our last BPA announcement, it also contains usability improvements like a start menu shortcut and status bars during scanning.
To test drive the new additions, visit the download center.
Thanks, and happy analyzing, Craig Wiand Microsoft Forefront Escalation Engineer
Kurt Falde, one of our Support Escalation Engineers, create this summary about the recent definition changes:
In the past month the AV definition team have released some much needed changes with regards to AV definition and how they are downloaded to WSUS servers during sync intervals. While the changes do not affect clients from a size perspective they do slightly affect which packages they will download and install during an update.
I’m not going to go into how it previously worked here but if you are interested read the previous 2 articles for some background info: http://blogs.technet.com/b/kfalde/archive/2009/02/09/understanding-fcs-definitions.aspx
Instead I’m going to try to detail out what a WSUS server currently downloads from MU on a monthly basis as well as the signature interval basis (every 8 hours).
Summarizing the sizes
Engine Binary Difference Files
Base Definition Difference Files
Total Approximate File Sizes
Signature Release Interval (Every 8 hours)
6.00 Mb (this is average)
I want to stress here none of these file sizes are definitive. Definition sizes in general for the base sets are always growing. The BDD sizes are usually fairly consistent as well as the engine file sizes.
As Windows 2000 nears the end of it’s support cycle, we wanted to make sure you had the most up to date info on running FCS on computers running Windows 2000:
Customers using Forefront Client Security (FCS) who are unable to migrate to OS versions beyond Windows 2000 before July 13, 2010 will continue to receive support for the FCS product as follows:
Support for issues relating to FCS on computers running Windows 2000 will be provided based on the FCS support lifecycle policy (Mainstream support retires on 10/10/2017).
Just a heads up that the way in which the FCS definition updates are packaged is being revised. We wanted to announce that the antimalware definitions team has released a set of improvements that will drastically reduce both the size of the definition downloads for:
and the network utilization during those transfers.
We will be releasing an update to Microsoft Knowledge Base article 977939 in the near future that details the specifics with regards to the change, but we wanted to make you are aware that this is already in place and working properly.
The short description is that we are no longer downloading the full base set of definitions and engine with each download to WSUS. Instead, there is a monthly base package that is downloaded and then deltas that revolve around that monthly base are downloaded by the WSUS server for each definition release. The result of this is that instead of seeing hundreds of megabytes per day downloaded by WSUS, the downloads should instead be in the low tens of megabytes. For those with WSUS servers on slower WAN links or for those with restricted bandwidth on internet connections, this is much needed relief in regards to our definition distribution mechanism.
Kurt Falde, Microsoft Forefront Support Escalation Engineer
It’s that time of year again folks – and the Forefront group will be in attendance at Tech*Ed 2010 North America. If you’re attending the conference, be sure to stop by the Secure Endpoint booth in the Red area of the Technical Learning Center.