Configuring engine and definition updates
Applies to: Forefront Protection 2010 for SharePoint
After Microsoft Forefront Protection 2010 for SharePoint (FPSP) is installed, updates automatically begin downloading five minutes after your installation is complete. By default, FPSP ensures that you are protected by performing updates every day on an hourly basis. Engine updates and definition updates can be downloaded automatically from the Microsoft HTTP server, or from another SharePoint server running FPSP (see Distributing updates by using UNC updating). When FPSP downloads an update, it takes the engine offline (provided it has been enabled for a currently-running scan job), automatically installs the update, and then puts the engine back online. The other engines continue to scan for malware.
Engine updates are stored in the \Data\Engines subfolder of the installation path folder. On a server that is not enabled to be a redistribution server, one copy of the engine is stored. (If an update occurs and the scan-engine test fails, the engine is rolled back to the last saved engine.) If the Redistribution Server option is enabled, two engine versions are stored, in order to avoid file contention issues.
It is recommended that you use the default schedule to update scan engines hourly. However, if you so choose, you can create your own schedules for performing updates (see Configuring and scheduling updates). You can also run updates immediately as needed (see Downloading updates immediately). After you have configured your update settings, you can view engine summary information (see “Viewing engine summary information” in Monitoring performance and health).
An engine update refers to updating to a new version of a scan engine (which replaces the old version), whereas a definition update refers to new definitions being added to an existing scan engine. You should expect to see definition updates occur frequently, but not engine updates. Nevertheless, an update-check for both is done at the frequency and repeat interval that you have specified. If no new files are available, nothing is downloaded for that engine during that update cycle.
It is recommended that you use the Universal Naming Convention (UNC) method of updating your engines. That is, use one server (the redistribution server) to download updates from the Microsoft HTTP server and then share those updates among the rest of the servers (the receiving servers) in your environment. After the redistribution server downloads an engine update, it can share that update with any receiving server whose network update path points to it. This can save greatly on Internet bandwidth and make your updates quicker and more efficient. For more information about using this method, see Distributing updates by using UNC updating.
You can manage engine and definition updates on multiple Forefront Protection 2010 for SharePoint servers by using the Microsoft Forefront Protection Server Management Console (FPSMC). You can download FPSMC from the Microsoft Download Center at the following location: Microsoft Forefront Protection Server Management Console (FPSMC) 2010. Documentation that covers engine and definition updates with FPSMC can be found in the TechNet library at Signature Redistribution Jobs.