Performing manual definition updates and checking definition version
All anti-malware clients depend on a constant stream of updates to be successful in protecting against new threats. Depending on how your SCEP policies are configured, it is possible for a user to perform a manual definition update. This section will detail the procedures for updating the client through the SCEP user interface.
Getting ready
Open the SCEP client User Interface (UI) by navigating to the Start menu under All Programs, or double-clicking on the SCEP shield icon in the system tray, as shown in the following screenshot:
How to do it...
- Within the SCEP UI, select the Update tab, as shown in the following screenshot:
- Click on the Update button to launch a manual definition update.
- Once the update is complete, the value for Definitions last checked should change.
How it works...
If you've built your SCEP policies with multiple update sources, the SCEP client will first attempt to pull a definition update from the source listed first in the policy. If that source is not available, it will default to the second update source in the policy, and so on.
Note
One thing to be aware of is that if your SCEP policy points the clients to an internal resource, such as Windows Server Update Services (WSUS) that has long intervals for synchronizing with Microsoft Updates, it is possible that your clients won't receive the most up-to-date definition file. For this reason, it's a best practice to set the synchronization interval to a minimum of three times per day.
If you are using WSUS or Microsoft Updates to provide SCEP definitions, an event will be logged in the Windows Update logfile, %SystemDrive%\Windows\WindowsUpdate.log. If you are utilizing UNC file shares to provide definitions, the Windows Update logfile will not be updated as the UNC delivery method does not utilize the automatic updates agent component of Windows.
You may have noticed in the previous example that both the virus definition and spyware definition file have the same version number; this is because Microsoft utilizes a unified definition file. Virus definitions, spyware definitions, and engine updates all come in the same package.
There's more...
With something as vital to the security of PC as steady stream of new defintions is fortunate that Microsoft has provided a number of alternate sources. This helps to ensure that if one source of definitions becomes unavailable, then the client can fail over to another source.
In addition to providing SCEP definitions through Microsoft Updates, Microsoft also provides SCEP definitions as a self-contained executable file on their Malware Protection Center website, which is as follows: http://www.microsoft.com/security/portal/
The screenshot of the previous link is as follows:
From this web page, you can download either the 32-bit or 64-bit version of the definition file, as well as updates for the NIS service. The file mpam-fe.exe (for 32 bit) or mpam-fex64.exe (for 64 bit) contains a full update for both the anti-virus and anti-spyware definitions, as well as the most up-to-date engine version. Once the file is downloaded, simply executing it will update your SCEP client automatically.
As SCEP is not considered by Microsoft to be a core piece of OS software, it will be necessary to opt-in to receive SCEP updates through Windows Updates if your SCEP client is attempting to connect directly to Microsoft Updates on the Internet. This is accomplished by opening the Windows Update interface in Control Panel and clicking on Get updates for other Microsoft products and agreeing to the end user license agreement.
This is something to be particularly aware of when creating new images that include the SCEP client. Whether a system has been opted-in or not, it will still be able to receive definitions from internal resources, such as WSUS or UNC file share.