Checking for definition updates when starting

  • Article

Next up in our registry key series: enabling definition updates upon service start.

By default (out of box), the FCS client will check for definition updates:

  • Before starting a scan
  • At the configured interval
  • Manually

However, there is a registry key available that you can use to cause the FCS client to check for definition updates whenever the service (FCSAM) starts. As in the first post of this series (https://blogs.technet.com/clientsecurity/archive/2010/01/29/scanning-removable-drives.aspx), you must use either an ADM file via Group Policy or a .reg file to add the key.

The key name is UpdateOnStartup, and has two possible settings:

  • Missing or 0 (zero): the FCS client will not check for updates when the FCSAM service starts.
  • 1: the FCS client will check for updates when the FCSAM service starts.

A couple of notes about this key:

  • This key does not use the same formats as the earlier keys in this series: a 0 (zero) turns off the service start definition update check.
  • There is a few minute delay after the FCSAM service starts and the definition update check begins. The definition update may cause additional workload on system start, but not enough to cause a delay in login.

For the ADM file, start Notepad, and then copy and paste the following text into the Notepad file:

CLASS MACHINE
CATEGORY !!FCSCategory
POLICY !!UpdateOnStartup_Name
KEYNAME "SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates"
EXPLAIN !!UpdateOnStartup_Explain
VALUENAME UpdateOnStartup
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY

END CATEGORY
[strings]
FCSCategory="Microsoft Forefront Client Security"
UpdateOnStartup_Name="Enable definition update on startup"
UpdateOnStartup_Explain="This setting instructs the FCS antimalware client to update definitions on startup."

 

Save the file as an ADM file, making sure to choose All files *.* as the file type (the KB suggests saving it with the KB ID number – for this one, you could use UpdateOnStartup.ADM as the file name), and then use Group Policy to deploy the new setting, as described in Option 1, step 2, in the KB article.

If you want to deploy the UpdateOnStartup key via a .reg file, follow the steps described in Option 2 in the KB article, substituting the following registry information for step 4:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates]

"UpdateOnStartup"=dword:1