File-Share-Based Definition Updates
Applies To: Forefront Endpoint Protection
The FEP client software can be configured to check a file share for definition updates. In order to check for updates, the client computer accounts must have read access to the file share in which you store the definition files.
Definition updates are published in two varieties: full engine and definition updates, and delta definition updates. These updates naturally vary in size, depending on the threats added and the updates necessary.
Note
When you configure clients to check a file share for definition updates, by default clients check the file share first, before checking WSUS or Microsoft Update. This order can be changed. For more information, see Configuring Definition Updates.
To enable file share-based definition updates
When creating a FEP policy, on the Updates page, click the check box next to Enable updates from the following UNC file share, and then in the text box, enter the Universal Naming Convention (UNC) path to the file share.
To enable file share-based definition updates in an existing policy, use the following steps:
In the Configuration Manager console, expand Computer Management, expand Forefront Endpoint Protection, and then click Policies.
In the details pane, right-click the policy you want to edit, and then click Properties.
Click the Updates tab, and then in the list of update sources, click the check box next to Updates from UNC file shares.
Under File shares, click Add, and then type the UNC path to the file share.
If necessary, click Add again and add additional UNC paths.
Note
You can alter the order of the list of file shares by selecting a listed path, and then, under the list, click Up or Down.
When finished, click OK.
When you configure a file share for definition updates, you must download the definition updates to certain folders in the UNC file share.
To configure a file share for definition updates
Download the required files from the following locations:
For x64:
Antimalware full definitions(https://go.microsoft.com/fwlink/?LinkID=121721\&clcid=0x409\&arch=x64)
Antimalware delta definitions(https://go.microsoft.com/fwlink/?LinkId=211054)
Network-based exploit definitions (https://go.microsoft.com/fwlink/?LinkId=197094)
Note
This file is required only if you have enabled the Enable protection against network-based exploits check box on the Antimalware tab of a FEP policy.
For x86:
Antimalware full definitions (https://go.microsoft.com/fwlink/?LinkID=121721\&clcid=0x409\&arch=x86)
Antimalware delta definitions(https://go.microsoft.com/fwlink/?LinkId=211053)
Network-based exploit definitions (https://go.microsoft.com/fwlink/?LinkId=197095)
Note
This file is required only if you have enabled the Enable protection against network-based exploits check box on the Antimalware tab of a FEP policy.
Important
Do not rename the files when you download them.
Save the files in folders with the following names:
The files for x64-based computers must be in a folder named x64
The files for x86-based computers must be in a folder named x86
For example:
...\Updates\x86
...\Updates\x64
Ensure that each folder contains the following two files:
Mpam-fe.exe
Nis_full.exe
Note
This file is required only if you have enabled the Enable protection against network-based exploits check box on the Antimalware tab of a FEP policy.
Share the parent folder that contains the x64 and x86 folders.
Important
Ensure the client computers and the domain users connecting to the share have read permissions to the share. During an automatic update, the client computer account is used to authenticate to the share. When a user manually updates their definitions by clicking Update, that user account is used to authenticate to the share.