Forefront definitions not updating wsus
FEP gives you three methods to deploy definitions: I won't go deep into the pros and cons of each, but suffice it to say that none of these will leverage your distribution points (unless you create UNC shares and point your clients to your DPs, which is possible with different policies, but somewhat of a pain).
So how can we leverage our DPs if the above three options don't allow us to do so?
In order to find the machines to target with these updates, we need to make some DCM rules.
These DCM rules will allow us to populate collections dynamically based on the dates of their definition files.
THIS METHOD HAS BEEN DEPRECIATED AS OF FOREFRONT ENDPOINT PROTECTION UPDATE ROLLUP 1.So based on all this information, we know that we don't want our clients to download 65MB if it's unnecessary.We only want those who are older than a month to download the full definition update (because we don't have the BDD file we have to use this criteria, if we had the BDD file, we'd have a collection of machines with definitions older than a month but not older than two months).This is fine for monthly security patches, however this process isn't very good when dealing with anti-virus updates since most vendors release updates multiple times a day.FEP doesn't help matters much with this issue, and a lot of customers have had issues with not being able to leverage their SCCM distribution points.
Search for forefront definitions not updating wsus:
What we'll be doing here is creating 3 different configuration items So now that we have created the 3 CIs, we need to create a baseline to target your machines that have succeeded in deployment of the FEP client.