The one I'm using is "Definition Update Automation Tool for Forefront Endpoint Protection 2010". This tool enables you to automate downloading and publication of FEP definition updates using the Configuration Manager 2007 Software Update feature. This is a command line tool that uses the Configuration Manager API to download new definitions from Microsoft Update, distribute them to the software update point, and publish the definitions to the endpoints. To automate the tool, you must add a Windows task to run it automatically at a scheduled interval. More information about "Definition Update Automation with Configuration Manager" can be found here: http://technet.microsoft.com/en-us/library/hh297450.aspx
Point is, it isn't working in my environment. It's true that new definitions are downloaded automatically in Deployment Packages. But distribute them and publish the definitions isn't working yet. This because Distribution Points are not updated after running the tool and new definitions are not added to Deployment Management. The command I'm using is: SoftwareUpdateAutomation.exe
- /AssignmentName <AssignmentName>
- /PackageName <PackageName>
- /UpdateFilter "ArticleID=2461484 AND IsSuperseded=0 AND IsEnabled=1 AND IsExpired=0"