The answer is it depends, this information is from a icrosoft presentation and the information may change without further notice.
Microsoft reset the definition updates through a process they call ‘re-base’ – currently once a month as part of the engine release
Today there are 4 types of packages which can be used to update FEP clients
- Full (~55MB)
The full signature set (called the base) + any signatures since the last engine release (delta)Most recent engine
- Delta (ranges from ~200KB to ~5MB)
Contains the incremental signatures added since the last engine release (rebase).
- Binary Delta Engine (BDE) (ranges from ~2MB to ~15MB)
Binary diff of the previous base and engine with current base and engine plus the current incremental delta of signatures
- Binary Delta Delta (BDD) (ranges from ~100KB to ~1MB)
BDD package is different than Delta package since it will offer differential content from the previous release. Hence only new content is offered to the user.
All three package types are available on MU
Only Full packages are available on the Download Center
Internal detection logic allows each client to download the smallest package size available
The more up-to-date the client, the smaller package that client needs to download.
- First install or really out-dated (>2 engine releases behind) => Full package
- Older signatures, old engine => BDE package
- signature > 36h, current engine => delta package
- signature < 36h, current engine => bdd package
If you want to track definitions and se how your client behaves have alook in this folder (Win7)
ProgramDataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackup