This article describes how to deploy Forefront Client Security definitions by using a file-copy procedure. The Forefront Client Security Antimalware Service monitors a directory in the file system for new definition files and for new engine files. If valid updates are added to that directory, the Antimalware Service uses the updated versions of these files.

If you are an administrator, and you want to update the malware definition files on a client computer, you may want to use a fully updated client computer or extracted installation files as a source. In this situation, you use a file-copy procedure. To support this practice, the Forefront Client Security Antimalware Service monitors a directory in the file system for new definition files and for new engine files.

If new definition files are added to that directory, the Antimalware Service is notified, and it validates the files to make sure that the following conditions are true:

•	The definition files and the engine files are of the correct architecture. (They are Forefront Client Security-compliant.)
•	The engine matches the definition files.
•	The base definitions match the delta definitions.
•	The currently installed files are not newer than the update files.

If these conditions are true, the Antimalware Service uses the standard update process to install the new files.

For more information, click the following article number to view the article in the Microsoft Knowledge Base: The following directory is monitored on the local computer by the Forefront Client Security Antimalware Service: In Windows 2000, in Windows XP, and in Windows Server 2003, this directory typically expands to the following:In Windows Vista and in Windows Server 2008, this directory typically expands to the following:The Forefront Client Security client supports two kinds of updates.

•	Full update A full update includes a new anti-malware engine and copies of the base delta definition files for both antispyware and antivirus functionality. These files include the following: • Mpasbase.vdm • Mpasdlta.vdm • Mpavbase.vdm • Mpavdlta.vdm • Mpengine.dll
•	Delta update A delta update includes only those files that are newer on the source computer than the corresponding files on the destination computer. This update may consist of only the antivirus delta files, or it may consist of both the antivirus delta files and the antispyware delta definition files.

A delta update is most easily applied by running a copy command that updates only newer files on the destination computer. For example, you might apply a delta update by running a command that resembles the following:Note This method depends on the specific configuration of the destination computer. For example, the Update directory on this computer may not contain any definition files.

The source of the file-copy procedure should be either a downloaded and extracted copy of the definition files or the current active definition files on a fully functional Forefront Client Security client. You can find these files in the following registry subkey:Typically, these files reside in the following directory of this subkey:Note This path might be slightly different in Windows Vista or in Windows 2008 because on those systems, the system junction points are fully resolved. The {GUID} placeholder represents a generated unique identifier.

You can copy from a local source to a remote destination by running a command that resembles the following: