Forefront Client Security Remote Definitions Update Using MOM Tasks

9 ביוני 2008


This Guide explains how to create a process of remote updating forefront client security definitions using MOM2005 Tasks. This ability to MOM2005 gives you the ability to "Right Click à Update Definitions" on each and every installed client and by that gives you the ability to update and control your client definitions outside "windows update".

Note: This update method is not a replacement for the Windows update method. You can take the scripts and the first part of this process (the definition download) and use it with any other distribution application you have deployed in your organization.

Part 1: Creating the definitions download process.

Scripts setup

1. Download and extract the file to C:\FCSDef (it is possible to extract to a different folder, but this will require a change of path in the scripts).

2. Open C:\FCSDef and Right-Click the Definitions Folder -> Sharing. Share the folder with default permissions.

Scheduled Job Creation

1. Go to Control Panel and Open Scheduled Tasks.

2. Click Add Scheduled task and on the schedule task wizard page, click next.

3. On the choose program page, click browse and browse to the location where you extracted the zip file. Click on the DownloadDefinitions.vbs script and Click Open.

4. On the schedule page, choose daily for now. We will go back and change it later on.

5. On the time and day, just click next. We will configure this later on.

6. On the user page, type the username and password for the user you wish this task will run under. Notice that this user does not have to be administrator on the computer, but it does need to have the ability to run scripts and appropriate permissions on the definitions folder.

7. On the summery page, check the open advanced properties check-box and click finish.

Scheduled Job Configuration

1. On the advanced properties window, go to the schedule tab and click advanced.

2. On the advanced scheduling options, set your schedule for checking and downloading new definitions. Notice that the Microsoft Anti-Malware Team updates the definitions on the security portal EVERY 2 HOURS!
On the until check boxes, click Duration and choose 2 hours and 30 minutes.
make sure that "if the task is still running, stop it…" checkbox is cleared

3. Click ok and go to the settings page. Change the "stop the task if…" setting to 30 minutes and click ok.

Now the first part is completed, your FCS server will contact the security portal every scheduled hour and download the new definitions and delete the old ones.

Creating MOM2005 Task to update client definitions

1. Open the MOM 2005 Administrator Console and expand Console Root -> Microsoft Operations Manager -> Management Packs -> Tasks

2. Right Click Tasks -> Create Task.

3. On the welcome wizard, click next.

4. On the Task Run Location and Type page, choose run location: "Agent-Managed computer" and Task Type: "Command line"

5. On the task configuration page, type the application Task name,"mpam-fe.exe".

6. On the task configuration window, select "Microsoft Forefront Client Security Agent" Target Role.
On the Task command line, type the full UNC path of the definitions file you configured at the scheduled download phase earlier. Leave the task remote start and task output behavior as is.

7. Last, type the task name, and put a shortcut key if you wish.

Deploy definitions to FCS Client using MOM 2005

  1. Open MOM2005 Operator Console and enter the state view.
  2. Now you click each and every one of the computers where FCS client is installed and choose "updating forefront client security definitions" from the task list.
  3. On the welcome to launch task wizard, click next.
  4. On the command line task paramaters, click next.
  5. On the task target page, verify that the targets are indeed those you have chosen to deploy definitions to and click next.
  6. Click finish on the completing page, will deploy FCS definitions file to the designated target.

Important Note: This Guide explains how to download and distributes the full version of the definitions update (about 20MB). You should take this under consideration when scheduling your downloads, client definitions deployment.

הוסף תגובה
facebook linkedin twitter email

כתיבת תגובה

האימייל לא יוצג באתר. שדות החובה מסומנים *

7 תגובות

  1. Dany T4 באוגוסט 2008 ב 12:13


    Great article i was looking for something like this for a few weeks now very helpful.

    Although i followd your instructions and left the files in the default folder c:\FCSDef but for some reason i get the message in the log

    => `Definitions/@LinkID=87342'
    Connecting to…
    connect: No such file or directory

    What do i have wrong?
    Do i need to change the script?

  2. Wayne D7 באוגוסט 2008 ב 18:59

    1. On the system where you are running the script set a permanent System environment variable. Right click on "My Computer". Go to Properties –> Advanced –> Environment Variables. Under System Variables click on "New" (note – it must be a system variable). Variable Name = http_proxy Variable value = http://x.x.x.x:80

    _________then change____________________________________
    Wget = "C:\FCSDef\wget.exe"


    Wget = "C:\FCSDef\wget.exe –user-agent " & chr(34) & "Mozilla/4.0 (Compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" & chr(34) & " –proxy-user=dummy –proxy-password=pass123"

    NOTE — the above line should be in the script on one line (the email automatically wrapped it into 2 lines).

  3. Charl18 בפברואר 2009 ב 15:56

    Great article! I am using this to deploy the definition files via sccm. Had the same issue with –16:14:31–

    => `Definitions/@LinkID=87342'

    Connecting to…

    connect: No such file or directory


    and made the changes as you mentioned. My question is.
    We have a proxy and we are using port 8080 for http wil this still word? what is the impact on the system variable and in the vbs where it specifies the user=dummy and password=pass123 must that stay as is or be changed to a specific user that has permission to download exe files?

  4. occuckgar2 באפריל 2009 ב 22:20

    Everyone at Delicious Monster has been hard at work for the past several months on Delicious Library 1.5, a free upgrade that will be made available on April 29th

  5. occuckgar3 באפריל 2009 ב 18:36

    Hello !Oh hubba hubba! Forget the sportscar, been there, done that, got the T shirt, wore it out, gave it to goodwill.

  6. kass17 ביוני 2009 ב 18:49


    i tried the above method but i get the following error that says:

    Microsoft Operations Manager was unable to create a process to run a batch response.

    User Command: mpam-fe.exe
    User Arguments: \\forefront\ForefrontClientFiles\mpam-fe.exe
    Command executed:mpam-fe.exe \\forefront\ForefrontClientFiles\mpam-fe.exe
    Error details: 2:The system cannot find the file specified.

    the file exists & the everyone group has read permissions to the folder/share.

    any suggestions?