How the Microsoft System Center 2012 Endpoint Protection, Forefront Endpoint Protection 2012, and Forefront Client Security Antimalware Services updates the anti-malware engine files and the anti-malware definition files
The Forefront Client Security Antimalware Service updates the anti-malware engine files and the anti-malware definition files without leaving a gap in malware protection.
To stay current with malware threats, the System Center 2012 Endpoint Protection, Forefront Endpoint Protection 2010, and Forefront Client Security Antimalware Services must be updated with new engine files and with new definition update files as they become available. You can perform this update process by using the following methods:
Microsoft Update or Windows Server Update Services (WSUS) through Automatic Updates
The stand-alone installer package
When you use Automatic Update or the stand-alone installer, the package is extracted to a temporary directory, and the installer (MpSigStub.exe) is used. The installer verifies that Forefront Client Security, Forefront Endpoint Protection 2010, or System Center 2012 Endpoint Protection is installed, and then the installer signals the service to update itself by using the extracted files.
When you use the file-copy deployment method, the anti-malware service is notified when the new files are copied into the update folder, and then the service begins the update process.
The update process consists of the following steps:
Makes sure that there is only one update occurring at a time.
Creates a new update folder that has a unique identifier (GUID) name in the following directory: