Enterprise Mobility and Security Blog

RSS

The anti-malware platform will be updated Tuesday April 9, 2013 across multiple products. These products include Forefront Endpoint Protection 2010 and System Center 2012 Endpoint Protection SP1 standalone clients, and the managed versions of both.

The standalone updates will be made available via Microsoft Update and WSUS as Critical Updates. The installation packages are approximately 25MB; WSUS administrators should review auto-approval rules in advance of the April 9 release to avoid any unexpected increase in network traffic.

This anti-malware platform update contains the following improvements:

•         Adds new malware remediation functionality to the anti-malware platform.

•         Adds anti-tampering improvements to the anti-malware platform.

•         Improves overall performance of the anti-malware platform.

Update April 16, 2013

The KB articles for these updates are as follows:

Stand-alone / Unmanaged clients:

KB2831312         An anti-malware platform update for stand-alone Forefront Endpoint Protection 2010 clients is available from Microsoft Update

KB2831316         An anti-malware platform update for stand-alone System Center 2012 Endpoint Protection Service Pack 1 clients is available from Microsoft Update

 Managed (by Configuration Manager 2007 for FEP, or by System Center 2012 Configuration Manager for SCEP):

KB2827684         An anti-malware platform update for Forefront Endpoint Protection 2010 clients is available from Microsoft Support

KB2828233         An anti-malware platform update for System Center 2012 Endpoint Protection Service Pack 1 clients is available from Microsoft Support

 As noted in the KB articles, these updates may require reboots during installation.

 The two stand-alone releases (2831312 and 2831316) were temporarily removed from Microsoft Update on April 10; they will be restored on Wednesday April 17.
This is because of a detection logic issue that was discovered with the Windows Defender platform update made available to Windows 8 clients: http://support.microsoft.com/kb/2781197

The Windows Defender update was being erroneously offered to clients that had the new FEP or SCEP platform updates applied. This led to installation failures of KB2781197 that are misleading, as the update does not actually apply when FEP or SCEP have been updated to the latest platform.

Note that managed customers (using Configuration Manager 2007 or System Center 2012 Configuration Manager) may also see failures when installing update KB2781197 on Windows 8 clients that have the FEP or SCEP platform update applied. These failures can also be ignored and should cease now that the update KB2781197 detection logic is revised (effective April 16).

–The Configuration Manager Team

This posting is provided “AS IS” with no warranties and confers no rights.