Article ID: 953524 - Last Review: June 17, 2008 - Revision: 1.1 How to deploy Forefront Client Security definitions by using a file-copy procedureINTRODUCTIONThis article describes how to deploy Forefront Client Security definitions by using a file-copy procedure. The Forefront Client Security Antimalware Service monitors a directory in the file system for new definition files and for new engine files. If valid updates are added to that directory, the Antimalware Service uses the updated versions of these files. MORE INFORMATIONIf you are an administrator, and you want to update the malware definition files on a client computer, you may want to use a fully updated client computer or extracted installation files as a source. In this situation, you use a file-copy procedure. To support this practice, the Forefront Client Security Antimalware Service monitors a directory in the file system for new definition files and for new engine files. If new definition files are added to that directory, the Antimalware Service is notified, and it validates the files to make sure that the following conditions are true:
For more information, click the following article number to view the article in the Microsoft Knowledge Base: 953523
(http://support.microsoft.com/kb/953523/
)
How the Forefront Client Security Antimalware Service updates the anti-malware engine files and the anti-malware definition files
The following directory is monitored on the local computer by the Forefront Client Security Antimalware Service: %ALLUSERSPROFILE%\APPLICATION DATA\MICROSOFT\MICROSOFT FOREFRONT\CLIENT SECURITY\CLIENT\ANTIMALWARE\DEFINITION UPDATES\UPDATES In Windows 2000, in Windows XP, and in Windows Server 2003, this directory typically expands to the following:C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Updates In Windows Vista and in Windows Server 2008, this directory typically expands to the following:C:\ProgramData\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Updates The Forefront Client Security client supports two kinds of updates.
xcopy /d Note This method depends on the specific configuration of the destination computer. For example, the Update directory on this computer may not contain any definition files.The source of the file-copy procedure should be either a downloaded and extracted copy of the definition files or the current active definition files on a fully functional Forefront Client Security client. You can find these files in the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0AM\Signature Updates\SignatureLocation Typically, these files reside in the following directory of this subkey:%ALLUSERSPROFILE%\APPLICATION DATA\MICROSOFT\MICROSOFT FOREFRONT\CLIENT SECURITY\CLIENT\ANTIMALWARE\DEFINITION UPDATES\{GUID} Note This path might be slightly different in Windows Vista or in Windows 2008 because on those systems, the system junction points are fully resolved. The {GUID} placeholder represents a generated unique identifier.You can copy from a local source to a remote destination by running a command that resembles the following: xcopy "C:\ProgramData\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{F2D379FD-8365-43FD-9850-05DDAD4C4FE6}"
"\\server2\c$\ProgramData\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Updates" /d
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Help and Support
Back to the top
|
