Checking for definition updates when starting
Next up in our registry key series: enabling definition updates upon service start.
By default (out of box), the FCS client will check for definition updates:
- Before starting a scan
- At the configured interval
- Manually
However, there is a registry key available that you can use to cause the FCS client to check for definition updates whenever the service (FCSAM) starts. As in the first post of this series (https://blogs.technet.com/clientsecurity/archive/2010/01/29/scanning-removable-drives.aspx), you must use either an ADM file via Group Policy or a .reg file to add the key.
The key name is UpdateOnStartup, and has two possible settings:
- Missing or 0 (zero): the FCS client will not check for updates when the FCSAM service starts.
- 1: the FCS client will check for updates when the FCSAM service starts.
A couple of notes about this key:
- This key does not use the same formats as the earlier keys in this series: a 0 (zero) turns off the service start definition update check.
- There is a few minute delay after the FCSAM service starts and the definition update check begins. The definition update may cause additional workload on system start, but not enough to cause a delay in login.
For the ADM file, start Notepad, and then copy and paste the following text into the Notepad file:
CLASS MACHINE
CATEGORY !!FCSCategory
POLICY !!UpdateOnStartup_Name
KEYNAME "SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates"
EXPLAIN !!UpdateOnStartup_Explain
VALUENAME UpdateOnStartup
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
[strings]
FCSCategory="Microsoft Forefront Client Security"
UpdateOnStartup_Name="Enable definition update on startup"
UpdateOnStartup_Explain="This setting instructs the FCS antimalware client to update definitions on startup."
Save the file as an ADM file, making sure to choose All files *.* as the file type (the KB suggests saving it with the KB ID number – for this one, you could use UpdateOnStartup.ADM as the file name), and then use Group Policy to deploy the new setting, as described in Option 1, step 2, in the KB article.
If you want to deploy the UpdateOnStartup key via a .reg file, follow the steps described in Option 2 in the KB article, substituting the following registry information for step 4:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates]
"UpdateOnStartup"=dword:1
Comments
Anonymous
January 01, 2003
Hi Tim, Take a look in your Windowsupdate.log to see if htere is a failure reason in there... (search for Error). Thanks for your comment!Anonymous
June 18, 2010
on standalone computer running Win7 pro x67, when fcs update at startup is always fail to install definition with error 0x80070643.Anonymous
June 18, 2010
{4027D370-9463-4E54-A0F8-5368E382C211} 2010-06-18 07:09:26:627+0800 1 182 101 {F16C5EE3-8676-41D2-99D8-EEA92B049B4B} 100 80070643 Microsoft Forefront Client Secu Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Forefront Client Security - KB977939 (Definition 1.85.111.0).