Configuration manager endpoint protection not updating definitions instant message dating
1, through antimalware policies where the client is configure to looks for updates from defined sources. Setting up an Auto Deployment rule to push updates to SCEP. I thought option 1 is best as this removes some of the overhead from running deployment rules.But, option 2 gives you the reports natively to check deployment. I recommend reading this Tech Net blog post to get a good understanding of what the SCEP Definition Update policy settings actually do: Ask Premier Field Engineering (PFE) Platforms - Endpoint Protection Updates for Configuration Manager Here are what I would consider to be the main takeaways: One thing I haven't seen mentioned anywhere else: in my experience, to have the clients successfully update their definitions from Microsoft Update, you have to ensure that Windows is configured to allow updates from Microsoft Update (as opposed to Windows Update).If that isn't a concern, you can still get reporting and use Microsoft as the update source. This assumes you are using WSUS in conjunction with SCCM.
When the endpoint client updates via Config Mgr it using the Software update component piece of the Config Mgr Client.
You can check if this issue is affecting you by looking at C:\Windows\Temp\Mp Cmd on one of your clients.
If you're seeing lines saying "Update failed with hr: 0x80248014", you need to enable Microsoft Update.
The second error started to happen just after the above error was resolved.
Error 0x8024402c happens when the Windows update client can’t connect and download the proper definitions. Our client decided to change their Config Mgr Antimalware settings to disable the user from manually updating the definitions.
In this clients case, they have a policy set that doesn’t allow the Windows Update clients to go to Microsoft Updates. Which brings us to the third issue we had to resolve.