Keeping FCS up to date

  • Article

FCS antimalware updates are classified in WSUS as critical updates. Therefore, if you want to automatically approve these updates you must create a rule for the Forefront Client Security product and the Critical Updates category in WSUS.

There are two items to note:

  1. Antimalware client updates (not definition updates, but the program updates published periodically) have an End User License Agreement (EULA) that must be manually accepted. You must accept the EULA for these updates before the can be auto approved.

    You must approve the latest update, after which all subsequent updates will be auto approved.

  2. Microsoft has in the past, and may in the future, publish other FCS client updates or FCS server component updates in the Critical Updates category. If you create an auto approval rule any new updates in this category will also be auto-approved.

To configure the auto approval rule, use the following steps (WSUS 3.0):

  1. In WSUS, in the tree, click Options, and then in the details pane, click Products and Classifications.
  2. In the Products and Classifications dialog box, on the Products tab, in the Products list, ensure Forefront Client Security is selected.
  3. On the Classifications tab, under Classifications, ensure Critical Updates is selected, and then click OK.
    1.  
  4. In the details pane, click Automatic Approvals.
  5. In the Automatic Approvals dialog box, on the Update Rules tab, click New Rule.
  6. On the Add Rule dialog box, under Step 1, click the checkboxes for the following items:
    • When an update is in a specific classification
    • When an update is in a specific product
  7. Under Step 2, click the any classification link, click the checkbox for Critical Updates, and then click OK.
  8. Under Step 2, click the any product link, click the checkbox for Forefront Client Security, and then click OK.
    • You can optionally scope the approval rule to a set of computers by clicking the all computers link and then selecting one or more groups of computers to be recipients of the rule.
  9. Under Step 3, type a name for the rule, and then click OK.

To approve an antimalware update that requires a EULA acceptance, or if you don’t want to create an auto approval rule (as above),  you must manually approve antimalware updates. For more information about manually approving updates, see Approving the Updates in the WSUS Operations guide.

The latest antimalware client update as of this blog publication date is 979536; you can search for the update using the following steps:

  1. In the WSUS console, in the tree, right-click the Updates node and then click Search.
  2. In the Search dialog box, on the Updates tab, type the name of the KB article and then click Find Now.
  3. In Update Title list, right-click the name of the discovered update, and then click Approve.

You can also create an update view, using the following steps;

  1. In the WSUS console, in the tree, right-click the Updates node and then click New Update View.
  2. On the Add Rule dialog box, under Step 1, click the checkboxes for the following items:
    • Updates are in a specific classification
    • Updates are in a specific product
  3. Under Step 2, click the any classification link, click the checkbox for Critical Updates, and then click OK.
  4. Under Step 2, click the any product link, click the checkbox for Forefront Client Security, and then click OK.
  5. Under Step 3, type a name for the rule, and then click OK.
  6. The update view is created, listing all the available updates that satisfy the criteria you specified: image