Download engine and definition updates


Applies to: Exchange Server 2013

Topic Last Modified: 2015-04-08

Microsoft Exchange Server 2013 administrators can manually download anti-malware engine and definition (signature) updates. We strongly recommend that you download engine and definition updates on your Exchange server prior to placing it in production.

Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server, Exchange Online, or Exchange Online Protection.

To download engine and definition updates, run the following command:

& $env:ExchangeInstallPath\Scripts\Update-MalwareFilteringServer.ps1 -Identity <FQDN of server>

This example manually downloads the engine and definition updates on the Exchange server named

& $env:ExchangeInstallPath\Scripts\Update-MalwareFilteringServer.ps1 -Identity

Optionally, you can use the EngineUpdatePath parameter to download updates from somewhere other than the default location of You can use this parameter to specify an alternate HTTP address or a UNC path. If you specify a UNC path, the network service must have access to the path.

This example manually downloads engine and definition updates on the Exchange server named from the UNC path \\FileServer01\Data\MalwareUpdates:

& $env:ExchangeInstallPath\Scripts\Update-MalwareFilteringServer.ps1 -Identity -EngineUpdatePath \\FileServer01\Data\MalwareUpdates

In order to verify that updates were downloaded successfully, you need to access Event Viewer and view the event log. We recommend that you filter only FIPFS events, as described in the following procedure.

  1. From the Start menu, click All Programs > Administrative Tools > Event Viewer.

  2. In Event Viewer, expand the Windows Logs folder, and then click Application.

  3. In the Actions menu, click Filter Current Log.

  4. In the Filter Current Log dialog box, from the Event sources drop-down list, select the FIPFS check box, and then click OK.

If engine updates were downloaded successfully, you will see Event ID 6033, which will appear similar to the following:

MS Filtering Engine Update process performed a successful scan engine update.

Scan Engine: Microsoft

Update Path:

Last Update time: ‎2012‎-‎08‎-‎16T13:22:17.000Z

Engine Version: 1.1.8601.0

Signature Version: 1.131.2169.0

If your organization uses a proxy server to control access to the Internet, you need to identify the proxy server so anti-malware engine and definition updates can be downloaded successfully. Proxy server settings that are available using the Netsh.exe tool, Internet Explorer connection settings, and the InternetWebProxy parameter on the Set-ExchangeServer cmdlet don't affect how anti-malware updates are downloaded.

To configure the proxy server settings for anti-malware updates, perform the following steps.

  1. Run the following command:

    Add-PsSnapin Microsoft.Forefront.Filtering.Management.Powershell
  2. Use the Get-ProxySettings and Set-ProxySettings cmdlets to view and configure the proxy server settings that are used to download anti-malware updates. The Set-ProxySettings cmdlet uses the following syntax:

    Set-ProxySettings -Enabled <$true | $false> -Server <Name or IP address of proxy server> -Port <TCP port of proxy server>

    For example, to configure anti-malware updates to use the proxy server at address on TCP port 80, run the following command.

    Set-ProxySettings -Enabled $true -Server -Port 80

    To verify the proxy server settings, run the Get-ProxySettings cmdlet.