Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How the Microsoft System Center 2012 Endpoint Protection, Forefront Endpoint Protection 2012, and Forefront Client Security Antimalware Services updates the anti-malware engine files and the anti-malware definition files


View products that this article applies to.

INTRODUCTION

The Forefront Client Security Antimalware Service updates the anti-malware engine files and the anti-malware definition files without leaving a gap in malware protection.

↑ Back to the top


More Information

To stay current with malware threats, the System Center 2012 Endpoint Protection, Forefront Endpoint Protection 2010, and Forefront Client Security Antimalware Services must be updated with new engine files and with new definition update files as they become available. You can perform this update process by using the following methods:
  • Microsoft Update or Windows Server Update Services (WSUS) through Automatic Updates
  • The stand-alone installer package
  • File-copy deployment
When you use Automatic Update or the stand-alone installer, the package is extracted to a temporary directory, and the installer (MpSigStub.exe) is used. The installer verifies that Forefront Client Security, Forefront Endpoint Protection 2010, or System Center 2012 Endpoint Protection is installed, and then the installer signals the service to update itself by using the extracted files.  

When you use the file-copy deployment method, the anti-malware service is notified when the new files are copied into the update folder, and then the service begins the update process.

The update process consists of the following steps:
  1. Makes sure that there is only one update occurring at a time.
  2. Creates a new update folder that has a unique identifier (GUID) name in the following directory:
    %AllUsersProfile%\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates
  3. Copies the new files to this location.
  4. Copies files from the current configuration that are newer than the corresponding files in the new location or that are not present in the new location. This enables the delta update scenario.
  5. Verifies consistency between the engine and the definition files. Also verifies that the new versions are later or equal to the current versions.
  6. Copies the current engine and definition files to the following Backup directory:
    %AllUsersProfile%\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup
  7. Updates the definition information in the registry. This includes the new location timestamps and the version information.
  8. Starts the new engine and begins routing scan requests.
  9. Unloads the old engine when all active requests for the old engine are completed.
  10. Removes the GUID-named directory for the old engine.

↑ Back to the top


References

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

953524 How to deploy Forefront Client Security definitions by using a file-copy procedure

↑ Back to the top


Keywords: kbexpertiseinter, kbhowto, fep2010swept, kb

↑ Back to the top

Article Info
Article ID : 953523
Revision : 1
Created on : 1/7/2017
Published on : 4/6/2012
Exists online : False
Views : 387