Ensuring that updates were deployed

Applies To: Forefront Client Security

It is important that you monitor deployment of definitions and investigate computers that have out-of-date definitions or engines. Allowing computers to use out-of-date versions of definitions or an engine increases the risk to your organization from newer threats and vulnerabilities.

The most common cause for out-of-date components is offline computers, such as portable computers removed from your organization or computers that are shutdown while their users are out of the facility for several days.

If a definition update or engine update fails for a client computer and the computer is protected by a policy with an alert level of 5, 4, or 3, Client Security creates a "Service Update Failed" or "Definition Update Failed" alert, as applicable. For computers protected by policies at other alert levels, you can check MOM events for service or definition update failure event messages.

Use the Deployment Summary report to monitor the deployment of definitions and engines. From that report, you can access Computer Detail reports for computers that have out-of-date components.

To find computers with out-of-date definitions and engines

  1. On the management server, open Microsoft Forefront Client Security Management Console.

  2. Under Summary Reports, click Deployment Summary. The report opens in a Web browser.

  3. Search the following sections of the Deployment Summary report for computers with out-of-date definitions or engines:

    • Spyware Definitions Deployment Status

    • Virus Definitions Deployment Status

    • Antimalware Engine Deployment Status

    • Vulnerabilities Engine Deployment Status

    • Vulnerabilities Definitions Deployment Status

  4. If there are computers with out-of-date definitions or engines, click the name of the applicable section, and under Group by in the report that appears, click the names of computers with out-of-date components. A Computer Detail report appears. Use the information displayed to locate and begin investigating the computer.

To resolve a "Service Update Failed" or "Definition Update Failed" alert or event

  1. Use the Properties tab of the alert or event to learn which computer could not be updated with a newer version of a Client Security engine or definitions.

  2. Examine the Computer Detail report for this computer. Make sure the computer is operating correctly, has resources available for a service update, and can connect to the distribution server.

  3. Perform a scan on the computer. If Client Security detects any issues, resolve them and scan the computer again.

  4. After resolving any issues you find on the computer, use the Client Security agent to get the updated engine or definitions. On the Help menu, click Check for Updates.


Access to the Client Security agent user interface is controlled by the policy protecting the computer. For more information, see Controlling the end-user experience.