Notifying them every few hours would surely annoy them, which in turn they will annoy the Administrator. Choose the option that is suitable to your environment.
It is always a good idea, if you have lots of remote sites without an SCCM distribution Point available, to allow the clients to share content with other clients on the same subnet.
Make sure that the search criteria is correct, that the Product says Forefront Endpoint Protection 2010 or Windows Defender and that the Update Classification shows Definition Updates and choose next.
This scanner/protection is in SCCM 2012 integrated and it will be installed automatically if the client has the Configmgr client installed. (You must already have installed the WSUS and installed and configured the Software Update Point role (SUP)) First, we have to make a new collection. Open the tab Alerts Enable View this collection in the Endpoint Protection dashboard. Step 2 (Configure Software Update Point and Software updates) Go to Administration - Software Update Point You have to select Forefront Endpoint Protection 2010 in the tab Products. Collection is the new collection All Windows 8 Computers. Check Date Released or Revised and choose for last 1 day.
This collection is for all Windows 7 clients or Windows 8 clients. The Endpoint Protection updates works only with Device collection. Check Product and choose for Forefront Endpoint Protection 2010. Change Time based to UTC and Software available time to 2 hours.
If not, choose Download Software Updates from the Internet and click on Next. The Automatic Deployment Rule will run with all the settings you have selected.
If you ever wish to manually run the rule, right click it and choose run now.
I then verified that everything downloaded properly by updating the WSUS Server itself with the patches-- everything worked as expected.
Now, this morning, after everything should have scanned for the updates (and they did scan), only a few computers are showing as needing the updates-- in fact, the vast majority are showing as installed/not applicable.
Then Click on Next I left the settings as default on this page as I want to automatically approve any license agreements and dont have a requirement to wake up client computers.
If you want to deploy the SCEP updates after hours while your client computers are off and wish to wake them up for the client updates (this depends on if your environment has Wake On Lan capability) choose the Wake On Lan checkbox.
On this page, we are creating a new deployment package for the Definitions Updates.
Again, it is good practice to give a descriptive name and description that is easily identifiable to others.
The following screen is where you set whether or not you will notify the users that there is a new SCEP definition update available for their machines.