[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3208
  • Last Modified:

Forefront Client Security Automatic Update

I am sure many IT guys want to be able to automatically update Forefront client Security without using WSUS or standard windows updates, so here's what I need and hopefully it'll help those who have the same need.

to update manually, you go to this link:
this link will prompt you to download a file, and then after you clink on Run, it downloads the file to a temp directory, and then you get another prompt to run the file, and this is it.

this updates FCS.

what I'd like to do is have some sort of scripts that would actually go to this link and run the  file automatically, so that we can schedule a job to run once or twice a day to update the servers.

so I am looking for that expert who would help me get this script.

any help is much appreciated.

1 Solution
Hmm...  That will get you the latest definitions but when FCS is initially installed isn't the client version/engine version and then it updates itself when you run Microsoft update to the latest client/engine version (clientsetup.exe) AND definition updates (mpam-fe.exe)

In any event, let's suppose this works, and it probably does, this is what I would do:
1. create a file share or an existing share that every user has access to (\\servername\shares)
2. put the updated file there every night or whenever
3. use a gpo login script to deploy file (or create sched tasks, etc)

all your script would be is a simple .bat file:

start \\servername\shares\mpam-fe.exe

only problem you might run into is user prompts.. there might be a silent switch for the .exe


Once you enable Microsoft (not Windows) Update and update Forefront, even without WSUS it should update itself.

 If you don't want to use WSUS/Forefront Client Security Management Console just install Forefront using the /NOMOM switch.  Once it's installed, update via Microsoft Update and then it should update itself...

Here are some instructions I sent out to some of our IT techs that were deploying FCS on non-domained machines (no WSUS/FCS Mgmt). I created a self extracting .exe with /nomom switch built in.  Instructions are for XP but Vista/7 just different place to go for Microsoft Updates ('Find updates for more products' in Windows Update control panel):

1.       Enable Microsoft Update.
Most machines, by default, have Automatic Updates/Windows Update enabled but may not have Microsoft Updates enabled.   Automatic Updates by default only update OS components and do not include all Microsoft products (like MS Office, Forefront, etc).
To enable Microsoft Updates go to the following website and follow the prompts:
2.       Installing Forefront Client Security
There is a self extracting .exe out on \\SERVERNAME\SHARE\Frontfront.exe that will install Microsoft Forefront Client Security using the /NOMOM (unmanaged) switch.  You can copy this file to a USB drive or to another location to install on a non-domain machine.  If you’d like to access \\SERVERNAME from a non-domain machine that is on our network using \\SERVERNAME.local.valenciacc.edu and entering valid domain credentials will also work.
3.       Updating Forefront Client Security
Once you have installed Microsoft Forefront Client Security you will notice that the icon in the system tray is orange with an exclamation point. This means Forefront needs to be updates via Microsoft Update. Updating through the Forefront application will not work.  Once Microsoft Updates in enabled go to http://update.microsoft.com/microsoftupdate and follow the prompts to install Forefront updates.  If you do not wish to update other   products (Windows Updates, Office, etc) just unselect all and only choose the Items under “Microsoft Forefront”.
After you have completed these steps Forefront should automatically update itself without worry.
MedquestAuthor Commented:
I appreciate all the comments, but I think I found a solution for this.
I had a script to download the file from microsoft ftp site: ftp://ftp.microsoft.com/Products/AMSigs/AntiMalware/Latest/Distribution_Packages/x86fre/EXE
and then it runs the file with the /Q switch.
if you guys need a copy of this script, please let me know and I'll be more than happy to share it with you all.
Any chance I could have a copy of that script? :P
I'd love a copy of that script as well.
I'm looking to run it as a Task in SCCM...and this would be a great start.



Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now