In addition to 3 definition update mechanisms defined in the FEP policy (WSUS,UNC and Windows Update), there is actually a little known 4th update mechanism built into the client. This 4th definition update channel is designed to provide a 'fall back' if all of the other methods fail and the client falls more than 14 days out of date.
The 14th day update is accomplished by connecting to Microsoft Malware Protection Center on the internet via HTTP. Although the Windows Update mechanism also connects to Microsoft over the Internet, it utilizes the Windows Update Agent (WUA) API, whereas the 14th day update does not. The value here is that if the WU agent somehow becomes corrupt, a FEP client still has a chance of obtaining an update.
To check if your FEP clients are using the MMPC update mechanism, open your MPlog and search for “MMPC.” This is especially a concern if you’re seeing a large number of these MMPC pulls during your initial deployment of FEP. An occasional MMPC pull is not a big deal, but thousands of clients trying to pull 60+ MB over the internet at the same time could lead to network saturation.
Although it is not currently possible to disable the MMPC mechanism, you can adjust the number of days that will pass before an MMPC pull will execute. This is done by tapping into the extended FEP Policy capabilities via the FEP group policy object.