Configuring engine and definition updates

 

Applies to: Forefront Protection for Exchange

After Forefront Protection 2010 for Exchange Server (FPE) is installed, updates automatically begin downloading five minutes after your installation is complete. By default, FPE ensures that you are protected by performing updates every day on an hourly basis.

Engine updates, definition updates, and worm list updates can be downloaded automatically from the Microsoft HTTP server or from another Exchange server running FPE (see Distributing updates by using UNC updating). When FPE downloads an update, it takes the engine offline (provided it has been enabled for a currently-running scan job), automatically installs the update, and then puts the engine back online. The other engines continue to scan for malware.

Note

An engine update refers to updating to a new version of a scan engine (which replaces the old version), whereas a definition update refers to new definitions being added to an existing scan engine. You should expect to see definition updates occur frequently, but not engine updates. Nevertheless, an update check for both is done at the frequency and repeat interval that you have specified. If no new files are available, nothing is downloaded for that engine during that update cycle.

Engine updates are stored in the \Data\Engines subfolder of the installation path folder. Typically, the current engine and the last known good version are stored. If the Redistribution Server option is enabled, an extra copy of the engine is written to each engine folder, in order to avoid file contention issues.

It is recommended that you use the default FPE schedule of updating hourly. However, if you so choose, you can create your own schedules for performing updates (see Configuring and scheduling updates). You can also run updates immediately as needed (see Downloading updates immediately). After you have configured your update settings, you can view engine summary information (see “Viewing engine summary information” in Monitoring performance and health).

It is recommended that you use the Universal Naming Convention (UNC) method of updating your engines. That is, use one server (the redistribution server) to download updates from the Microsoft HTTP server and then share those updates among the rest of the servers (the receiving servers) in your environment. After the redistribution server downloads an engine update, it can share that update with any receiving server whose network update path points to it. This can save greatly on Internet bandwidth and make your updates quicker and more efficient. For more information about using this method, see Distributing updates by using UNC updating.

Tip

You can manage engine and definition updates on multiple FPE servers by using the Microsoft Forefront Protection Server Management Console (FPSMC). You can download FPSMC from the Microsoft Download Center at the following location: Microsoft Forefront Protection Server Management Console (FPSMC) 2010. Documentation that covers engine and definition updates with FPSMC can be found in the TechNet library at Signature Redistribution Jobs.

See Also

Concepts

Deprecating scan engines