New sub-domain for Microsoft AV definition updates

This morning I was surprised by my Configuration Manager server with alerts that the software updates synchronization was failing.

Luckily for me I decided to check my other emails before diving right into the hell called SCCM logging. My FortiGate cluster was sending me emails that it was blocking some files. Files with file name: mpam-fe.exe.

HEJ !! I recognize that file-name… Those are the definition updates for Security Essentials, Forefront Endpoint Protection and System Center Endpoint Protection.

But that’s weird… I was pretty sure I excluded all windows update domains in our firewalls so no updates will be stopped. After further examination of the alert I saw that that Microsoft is using a new domain for the definition updates. They are now using definitionupdates.microsoft.com.

After adding this domain to the exclusion list, all went back to OK status 🙂

Currently I have the following Microsoft domains in my updates policy:

  • *.download.windowsupdate.com
  • *.update.microsoft.com
  • *.windowsupdate.com
  • *.windowsupdate.microsoft.com
  • definitionupdates.microsoft.com
  • download.microsoft.com
  • download.microsoft.com
  • download.windowsupdate.com
  • download.windowsupdate.com
  • ds.download.windowsupdate.com.edgesuite.net
  • ntservicepack.microsoft.com
  • test.stats.update.microsoft.com
  • update.microsoft.com
  • windowsupdate.microsoft.com
  • www.windowsupdate.com