Definition updating software
This article includes best practices for software updates in Configuration Manager.
The information is sorted into best practices for initial installation and for ongoing operations.
When you use an ADR to deploy Endpoint Protection definition updates on a frequent basis, always use an existing software update group.
Otherwise, the ADR potentially creates hundreds of software update groups over time.
When you create an automatic deployment rule, verify that the specified criteria doesn't result in more than 1000 software updates.
If you manually deploy software updates, don't select more than 1000 updates.
A software vulnerability is a security hole or weakness found in a software program or operating system.
Hackers can take advantage of the weakness by writing code to target the vulnerability.
If it’s a ransomware attack, they might encrypt your data.
The WSUS Synchronization Manager component of the software update point verifies that this setting is enabled every 60 minutes, by default.
Use the following best practices when you use software updates: Limit the number of software updates to 1000 in each software update deployment.
Use different SQL Server instances for Configuration Manager and WSUS.
This configuration makes it easier to troubleshoot and diagnose resource usage issues that might occur for each application.