Μετάβαση στο κύριο περιεχόμενο
Υποστήριξη
Είσοδος με Microsoft
Είσοδος ή δημιουργία λογαριασμού.
Γεια σας,
Επιλέξτε διαφορετικό λογαριασμό.
Έχετε πολλούς λογαριασμούς
Επιλέξτε τον λογαριασμό με τον οποίο θέλετε να εισέλθετε.
Αγγλικά
Λυπούμαστε. Αυτό το άρθρο δεν είναι διαθέσιμο στη γλώσσα σας.

INTRODUCTION

This article describes how to deploy Endpoint Protection* definitions by using a file-copy procedure. The Antimalware Service monitors a directory in the file system for new definition files and for new engine files. If valid updates are added to that directory, the Antimalware Service uses the updated versions of these files.

* Endpoint Protection is refered to a Group of the Microsoft Antivirus products and includes:

  • Forefront Client Security

  • Forefront Endpoint Protection 2010

  • System Center Endpoint Protection 2012




More Information

If you are an administrator, and you want to update the malware definition files on a client computer, you may want to use a fully updated client computer or extracted installation files as a source. In this situation, you use a file-copy procedure. To support this practice, the Antimalware Service monitors a directory in the file system for new definition files and for new engine files.

If new definition files are added to that directory, the Antimalware Service is notified, and it validates the files to make sure that the following conditions are true:

  • The definition files and the engine files are of the correct architecture. (They are Forefront Client Security-compliant.)

  • The engine matches the definition files.

  • The base definitions match the delta definitions.

  • The currently installed files are not newer than the update files.

If these conditions are true, the Antimalware Service uses the standard update process to install the new files.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

953523How the Microsoft System Center 2012 Endpoint Protection, Forefront Endpoint Protection 2012, and Forefront Client Security Antimalware Services updates the anti-malware engine files and the anti-malware definition files

The following directory is monitored on the local computer by the Antimalware Service:

Forefront Client Security:

%ALLUSERSPROFILE%\APPLICATION DATA\MICROSOFT\MICROSOFT FOREFRONT\CLIENT SECURITY\CLIENT\ANTIMALWARE\DEFINITION UPDATES\UPDATESIn Windows 2000, in Windows XP, and in Windows Server 2003, this directory typically expands to the following:

C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\UpdatesIn Windows Vista and in Windows Server 2008, this directory typically expands to the following:

C:\ProgramData\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Updates
Forefront Endpoint Protection 2010 and System Center Endpoint Protection 2012:

%ALLUSERSPROFILE%\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\UPDATESn Windows XP, and in Windows Server 2003, this directory typically expands to the following:

C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\UpdatesIn Windows Vista and in Windows Server 2008, this directory typically expands to the following:

C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates
The Endpoint Protection client supports two kinds of updates.

  • Full update

    A full update includes a new anti-malware engine and copies of the base delta definition files for both antispyware and antivirus functionality.

    These files include the following:

    • Mpasbase.vdm

    • Mpasdlta.vdm

    • Mpavbase.vdm

    • Mpavdlta.vdm

    • Mpengine.dll

  • Delta update

    A delta update includes only those files that are newer on the source computer than the corresponding files on the destination computer. This update may consist of only the antivirus delta files, or it may consist of both the antivirus delta files and the antispyware delta definition files.

A delta update is most easily applied by running a copy command that updates only newer files on the destination computer. For example, you might apply a delta update by running a command that resembles the following:

xcopy /dNote This method depends on the specific configuration of the destination computer. For example, the Update directory on this computer may not contain any definition files.

The source of the file-copy procedure should be either a downloaded and extracted copy of the definition files or the current active definition files on a fully functional Endpoint Protection client. You can find these files in the following registry subkey:

Forefront Client Security:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0AM\Signature Updates\SignatureLocationTypically, these files reside in the following directory of this subkey:

%ALLUSERSPROFILE%\APPLICATION DATA\MICROSOFT\MICROSOFT FOREFRONT\CLIENT SECURITY\CLIENT\ANTIMALWARE\DEFINITION UPDATES\{GUID}Note This path might be slightly different in Windows Vista or in Windows 2008 because on those systems, the system junction points are fully resolved. The {GUID} placeholder represents a generated unique identifier.

Forefront Endpoint Protection 2010 and System Center Endpoint Protection 2012:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates\SignatureLocationTypically, these files reside in the following directory of this subkey:

%ALLUSERSPROFILE%\MICROSOFT\MICROSOFT ANTIMALWARE\DEFINITION UPDATES\{GUID}Note This path might be slightly different in Windows Vista or in Windows 2008 because on those systems, the system junction points are fully resolved. The {GUID} placeholder represents a generated unique identifier.


You can copy from a local source to a remote destination by running a command that resembles the following:

Forefront Client Security:

xcopy "C:\ProgramData\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{F2D379FD-8365-43FD-9850-05DDAD4C4FE6}" "\\server2\c$\ProgramData\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Updates" /d


Forefront Endpoint Protection 2010 and System Center Endpoint Protection 2012:

xcopy "C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F2D379FD-8365-43FD-9850-05DDAD4C4FE6}" "\\server2\c$\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates" /d


Χρειάζεστε περισσότερη βοήθεια;

Θέλετε περισσότερες επιλογές;

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Σας βοήθησαν αυτές οι πληροφορίες;

Τι επηρέασε την εμπειρία σας;
Πατώντας "Υποβολή" τα σχόλια σας θα χρησιμοποιηθούν για τη βελτίωση των προϊόντων και των υπηρεσιών της Microsoft. Ο διαχειριστής IT θα έχει τη δυνατότητα να συλλέξει αυτά τα δεδομένα. Δήλωση προστασίας προσωπικών δεδομένων.

Σας ευχαριστούμε για τα σχόλιά σας!

×