eyetea6 Posted August 25, 2013 Report post Posted August 25, 2013 I am testing clients downloading from WSUS only and something has got me confused. 1) This client checks for updates from WSUS every hour. 2) The SUP is configured to sync at 1:00am. 3) All ADRs run between 3:00 am and 4:00 am. What I saw in this clients MpCmdRun.log was that it was checking in to the wsus server every hour and not getting updates. Then, at 1:20am (after the 1:00am SUP sync), it checks in and gets updates. ------------------------------------------------------------------------------------- MpCmdRun: Command Line: "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -ManagedUpdate Start Time: Sun Aug 25 2013 01:20:28 Start: Signatures Update Service Update Started Search Started (WSUS update) (Path: http://wsus-server:8530)... Search Completed Download Started... Download Progress- Update Index:0 of 1 - 0% Download Progress- Update Index:0 of 1 - 0% Download Progress- Update Index:0 of 1 - 2% Download Progress- Update Index:0 of 1 - 4% Download Progress- Update Index:0 of 1 - 6% Download Progress- Update Index:0 of 1 - 11% Download Progress- Update Index:0 of 1 - 20% Download Progress- Update Index:0 of 1 - 38% Download Progress- Update Index:0 of 1 - 75% Download Progress- Update Index:0 of 1 - 100% Download Progress- Update Index:0 of 1 - 100% Download Completed Download Completed Installation Started... Installation Progress- Percent Complete:0, Current Update Index:0 (of 1) Installation Progress- Percent Complete:0, Current Update Index:0 (of 1) Time Info - Sun Aug 25 2013 01:20:56 Installation Progress- Percent Complete:100, Current Update Index:0 (of 1) Installation Progress- Percent Complete:100, Current Update Index:0 (of 1) Installation Completed Update completed succesfully End: Signatures Update Service MpCmdRun: End Time: Sun Aug 25 2013 01:20:56 ------------------------------------------------------------------------------------- This confuses me because I didn't think that the wsus server would have any updates until after ADR runs and actually downloads updates since SUP syncs, as far as I know, don't actually download updates and make them available. And when I look at PatchDownloader.log on the server, I see that no updates are downloaded until 3:00am which is after this client updated at 1:20 am. So the question is this: How did this client (which only is configured to update from wsus) get new definitions from the wsus server AFTER the SUP sync but BEFORE any ADR ran? Quote Share this post Link to post Share on other sites More sharing options...
