Guidance on install anti-malware platform updates for FEP 2010 SU1 and SCEP 2012 SP1

<updated on 9/18/2013 to update the latest anti-malware platform update link>

Configuration Team has released anti-malware platform update for FEP 2010 SU1 and SCEP 2012 SP1 CU2:

https://support.microsoft.com/kb/2865173

 

These updates are server side hotfixes and should be installed on the Configuration Manager Site servers. After you install the updates, you will need to do some operations on the site to make the CCM clients automatically install the anti-malware platform update. In this blog, I will show what you should do.

FEP 2010 SU1

After you install the update on FEP 2010 SU1 (KB282764), you will need to create a new FEP client installation deployment or re-advertise the old one.

If you doesn’t have an FEP client installation deployment created, you can following the link https://technet.microsoft.com/en-us/library/ff823885.aspx to deploy the FEP client software.

If you have already an FEP client installation deployment created, you can re-use the deployment. Go to advertisements node and you can see the FEP-Deployment advertisement and then click Re-run Advertisement.

 

Wait till the client receives the policy changes and install the latest FEP client software.

It takes time for the client to update to the latest FEP client software. During the intermittent, these computers will be moved out of the Deployment Succeeded collection and be temporally moved to other collections (depending on the previous status of these clients, the computers may be move to any collections, but most likely they will be moved into “Deployment Pending” collection). Once the install succeeds and the next hardware inventory cycle returns back the new inventory data, these computers will be moved back to the “Deployment Succeeded” collection.

 

SCEP 2012 SP1

After you install the SCEP hotfix, you will need to enable Automatic Client Upgrade.

Automatic Client Upgrade is new feature introduced in SCCM 2012 SP1. It can be used in the following scenarios:

  • The client version is lower that the version being used in the hierarchy.
  • The client on the central administration site has a language pack installed and the existing client does not.
  • A client prerequisite in the hierarchy is a different version than the one installed on the client.
  • One or more of the client installation files are a different version.

As SCEP client software is one of CCM client’s prerequisite, so we can leverage this new feature here.

To enable the client auto upgrade

1)       In the Configuration Manager console, click Administration.

2)      In the Administration workspace, click Site Configuration.

3)      Click Sites.

4)      On the Home tab, in the Properties group, click Hierarchy Settings.

5)      Enable Upgrade client automatically when new client updates are available

 

After that, CCM client will find that there is a new SCEP client software available and install it automatically. Depending on the policy retrieval interval and the setting of “Automatically upgrade client within days”, it could be from 4 hours to several days.

 

--Nina Qin