About updates

Applies To: Forefront Client Security

Client Security is designed to use WSUS to distribute definitions and scan-engine updates to client computers. By centrally managing definition updates, Client Security minimizes the download traffic between your organization and Microsoft Update. It provides you with a means of ensuring that client computers have the latest definitions, and it gives you control of whether updates are approved, which can be useful if your organization wants to test updates before they are distributed.

Finding the latest update versions

You can find the latest updates on the Microsoft Forefront Client Security TechCenter Web site (https://go.microsoft.com/fwlink/?LinkID=86098). Click Downloads. The updates available on the Downloads page are the most recent updates.

Update contents

The definitions that WSUS downloads are contained in update files. The updates can be for definitions, for the scan engine, or both. Scan-engine updates have platform-specific versions, whereas definitions are platform-independent.

Definition updates can be either the base set of definitions or a set of additions or changes, known as deltas. Changes become necessary when a new threat or vulnerability is understood or an existing threat or vulnerability is better understood. Periodically, a new base set of definitions is created when the old base set is merged with the delta set.

The files for definitions updates and scan-engine updates are digitally signed. This ensures that the files are from Microsoft, thereby protecting your organization from false definitions from an attacker.

Update file sizes

The size of update files that WSUS downloads from Microsoft Update varies. As new threats are found, updated definition files will grow. Currently, the base set of definitions is about 1 megabyte (MB), and the delta set is about half that size or 500 kilobytes (KB). When the scan engine is included in an update, the file size can reach 15 MB.