Block updating definitions on workstation startup

All,

I'm working on a scenario where definition updates are only installed manually by using Update button.

Client is managed by SCCM (in SCCM EP policy, no definition updates are configured).

What I have noticed in this scenario is that SCEP will reach out to MS upon windows update service startup and grab latest definitions.

How can I adjust this behavior?

March 10th, 2015 12:22pm

Hi,

>>in SCCM EP policy, no definition updates are configured

The default Definition update policy will be applied when you do not configure the policy.

You need to configure the definition updates policy to adjust this behavior.

Best Regards,

Joyce

Free Windows Admin Tool Kit Click here and download it now
March 11th, 2015 4:28am

When I said they are not configured, I meant turned off. The policy applies fine and has higher priority than default antimalware policy.

I've deselected all of the sources, yet shortly after 2 am, client reaches out to Microsoft Update and grabs latest definitions. I think it's using fallback source defined here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates\FallbackOrder

Is it ok to modify that key? Permissions are stripped down on that key and I'm sure it is for a reason.

Policy in SCCM for definition updates is configured as follows:

Client gets updates at 2 am as configured. Because I have to use either interval or fixed time, timing adds up.

I thought that deselecting all sources of updates would prevent the client from getting anything, but it doesn't.

Is there a "nice" way of telling client to stop updating definitions?

Thanks for any feedback.

March 12th, 2015 8:47am

Hi,

Have you resolved this issue?

>>I think it's using fallback source defined here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates\FallbackOrder

Yes, the client looks for a FallbackOrder registry key in HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates. The client will check each update source in the FallbackOrder registry key in the order that they are listed until it locates a source that has available definitions.

>>Is it ok to modify that key?

It is not supported by Microsoft. It may cause unexpected error.

You could have a look at the "More Information" section in the article below to know more about FallbackOrder registry.

Clicking the Update button in the System Center 2012 Endpoint Protection client user interface fails with error 0x8024402c

Best Regards,

Joyce

Free Windows Admin Tool Kit Click here and download it now
March 27th, 2015 3:35am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics