Forefront Endpoint Protection (FEP) 2010 - Update SchedulingWritten by Andy
This is just a quick post to suggest a great way of using the SoftwareUpdateAutomation.exe utility used with FEP 2010 SU1. You first need to copy the SoftwareUpdateAutomation.exe to the “<ConfigMgrInstallDir>\AdminUI\bin” folder on your Central Site server.
I have seen various blog posts that suggest creating a scheduled task to run on an interval appropriate to how often you expect FEP updates to be released by Microsoft, but I feel the best thing would be to schedule this utility (which updates your FEP Definitions Deployment and Software Update package) to run after a Synchronisation by your Software Update Point component. Part of my reasoning for this is that the SoftwareUpdateAutomation.exe will trigger an update of your FEP 2010 Definitions Package regardless of the fact that there might be no changes to replicate.
To do this, simply create a scheduled task on your central server to run under an account with the proper permissions, use the command line;
SoftwareUpdateAutomation.exe /AssignmentName <YourAssignmentName> /PackageName <YourDeploymentPkgName> /RefreshDP /UpdateFilter "ArticleID='2461484' AND IsSuperseded=0 AND IsEnabled=1 AND IsExpired=0
For the New Trigger properties, choose to begin the task ‘On an event’ and use the following parameters;
This will cause the task to fire shortly after a successful WSUS Synchronisation event (Log: Application; Source: SMS Server; Event ID: 6702.) The 30 minute delay should allow sufficient time for your Software Update Point to complete the post-synchronisation shuffle of Status Messages around your infrastructure.
I think this is a more elegant solution than having it run regardless of your WSUS schedule and you can now control the frequency of this tool simply by altering your SUP Synchronisation Schedule – which you should be mindful of NOT doing too often if your infrastructure simply isn’t capable of making the changes on all Site Servers and Distribution Points before the next scheduled run.
Latest from Andy
- ConfigMgr 2012 SP1 with MDT 2012 Update 1, UDI Task Sequence and Bitlocker Error 6767
- ConfigMgr 101: Patience dear boy… SMS_SERVER_BOOTSTRAP
- ConfigMGr MPControl.log: Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden
- ATI Catalyst Drivers Installation
- ConfigMgr 2012: 64bit file system redirection bites again…