After you change this setting, the clients can download and install antimalware definition file updates immediately after installation as long as the client has access to one of the sources that hosts the files.
To work around this problem, set the Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial definition update on client computers option to False. This problem occurs because the Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial definition update on client computers option is set to True which is the default setting. Our business is managing about a hundred PCs with an undocumented installation and exploitation of SCCM 2111, and I recently noticed a problem with the virus and threat protection on some of the computers. In this scenario, client computers are not updated with the latest antimalware definition files. Virus and threat protection not auto updating through SCCM. You install the Endpoint Protection point site system role in Configuration Manager and set the Manage Endpoint Protection client on client computers setting to True on the Endpoint Protection page. Original product version: Microsoft System Center 2012 Configuration Manager Original KB number: 2688242 Symptoms
This article introduces a workaround for the issue that clients are not updated with the latest antimalware definition files after you install the Endpoint Protection point site system role in Configuration Manager.