See Choose a distribution method to update content on clients.
See Choose a distribution method to update content on clients based on the platform.
The content includes virus definitions, intrusion prevention signatures, and Host Integrity templates, among others.
See Making sure that Symantec Endpoint Protection Manager has the latest content.
Since the FEP deployment program will not apply policy after installation complete automatically, so the client need to explicitly run the apply FEP policy program afterwards.
When assign FEP policy to clients, no matter what policy you assign with the specific program, it will always choose from all the FEP policies that are assigned to it and apply the one with the highest precedence.
For more information on deploying Forefront Endpoint Protection 2010 with Configuration Manager as well as how to create an Automatic Deployment Rule for Forefront Endpoint Protection 2010 antimalware definition updates, please see the following:
The issue I wanted to talk about was one where after following antimalware definition updates may not be automatically deployed to clients as expected.Hi everyone, Peter Gallagher here and I wanted to talk about one of the new features in System Center 2012 Configuration Manager (Config Mgr).The feature is the ability to automatically deploy software updates to clients and it can be utilized to automatically deploy Forefront Endpoint Protection 2010 antimalware definition updates to Config Mgr clients.When this occurs, per the Updates and Windows on the client, other software updates may be deployed successfully, but examining the Updates on the client shows that the client is not detecting Forefront Endpoint Protection 2010 as a product.The only indication of an error or problem will be the status of Forefront Endpoint Protection 2010 antimalware definition updates in the Windows Security Center on the client or the Configuration Manager console.This whole thing became a pretty tedious process to setup, but in the end it worked and the clients could get the definitions from their local DPs instead of the Software Update Point, WSUS server, UNC Share, or Microsoft Update.