Microsoft Endpoint Protection To Get Faster Updates

Microsoft is accelerating the product update process for its Endpoint Protection security solutions.

Updates to System Center 2012 Endpoint Protection, as well as the older Forefront Endpoint Protection solution, will be released three times per year, starting on April 8. All of the updates will arrive via the Microsoft Update service.

Delivery through Microsoft Update will be a new approach for organizations. They typically downloaded hotfixes to upgrade those products in the past. Microsoft plans to continue issuing hotfixes while also carrying out this new release scheme, according to Minfang Lv, a Microsoft software development engineer for the Configuration Manager Sustained Engineering team, in a blog post on Thursday.

While all of that may sound like good news, Lv pointed to a quirk associated with getting those product updates through the Microsoft Update service.

"When you deploy the anti-malware platform updates through MU (and the Configuration Manager Software Updates Management (SUM) feature) instead of hotfixes, MU leverages the Windows Update Agent to install the platform update instead of the Endpoint Protection Agent. So, you will lose inbox deployment status monitoring in the FEP/SCEP dashboard."

As a workaround, Lv suggested using the compliance report in the Software Updates Management feature to see the inbox deployment status.

Another potentially troublesome aspect of getting the product updates through Microsoft Update is that they only detect past updates going back two generations ("N-2"). So systems might need checking and updating first before receiving the latest update coming through the Microsoft Update service, Lv cautioned.

"Because of this, we recommend that you always install the Configuration Manager hotfix or cumulative updates that contain the latest anti-malware platform updates to re-set the baseline in Forefront Endpoint Protection 2010 Update Rollup 1 and Configuration Manager 2012 SP1/R2, even if you wish to use SUM as the primary deployment method for anti-malware platform updates," Lv explained.

In keeping with that theme, Cumulative Update 1 for System Center 2012 R2 Configuration Manager was released this week.

In a second blog post, Lv described a new Endpoint Protection feature that will arrive on April 8. The System Center 2012 Endpoint Protection and Forefront Endpoint Protection 2010 products will be capable of reporting the lifecycle stages of an operating system in a computing environment with this new update in place. That feature seems timed to coincide with Windows XP's loss of "extended support" on April 8.

For instance, the Endpoint Protection products will send alerts, if configured to do so, indicating three stages. Stage 1 is when the OS is approaching the end of its product lifecycle. Stage 2 is the so-called "grace period," in which the OS continues to run and continues to get antimalware definition updates. Stage 3 is the phase in which the antimalware service stops running altogether. Typically, the alerts would go to the IT pro administering the system, but Stage 3 alerts also will go to end users.

Microsoft noted back in January that it plans to continue delivering antimalware signatures for its security products through July 14, 2015. However, Windows XP still loses product and security patching support on April 8.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Ending Azure Container Service Support in 2020

    Microsoft gave notice earlier this month that it will be ending its Azure Container Service on Jan. 31, 2020.

  • Microsoft Releases Surface Diagnostic Toolkit for Business

    Microsoft released a new tool, Surface Diagnostic Toolkit for Business, earlier this month, providing a means for IT pros to find and troubleshoot problems on Microsoft Surface devices.

  • How To Enable Guest Access for Office 365

    While it's possible to give outside users access to certain content in your organization's Office 365 environment, the process of setting them up requires a few extra steps.

  • Microsoft Now Supports OpenSSH in Windows Server 2019

    Microsoft announced on Tuesday that the OpenSSH solution used for remote management is now a supported "Features on Demand" addition in both Windows 10 version 1809 and Windows Server 2019.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.