Large Update in progress today?

We are seeing an update rolling out as well - believe it's detection data 5.12

Opened a support case a couple days ago regarding an issue with an update, but it looks like the initial round might have been pulled back.  This morning - looks like endpoints are pulling the detection update.  The one earlier in the week was considered a "Major" updgrade as it was installing the new RMS 4.0 - which kicks off the full client installer from what our Support tech stated.  When talking with Support yesterday the tech noticed that the RMS version had apparently been reverted to the earlier 3.4.x version. 

I wasn't aware that Major updates are installed from the Update policy's Initial Installation source as opposed to the policy's defined Primary\Secondary update sources - we have been seeing our VPN users hitting an internal SUM as opposed to using their assigned source which is an external CID...was causing some network issues with the unexpected traffic of a full install.

Still waiting to hear back from Support after providing additional logs yesteday afternoon.

So did you notice if endpoints were showing a downloading status in the enterprise console at any point?  I don't have any that are doing that now, but they're still downloading something. Can't quite sort out what it is exactly.  I actually had to limit the number of connections to the update share through windows just to get things under control, so that's throwing up errors for the machines that can't connect now and makes things a little more confusing.  I think they'll all get through and finish eventually but it would be nice to know what's going on. 

Also of note, in our endpoint's updating policies, we have them set to limit the amount of bandwidth they can use.  Whatever is going on, that limit does not appear to be applying.  Which happens if I do a re-protect, or maybe if it's going through whatever you described with regard to the RMS update.

Yeah I could see where they were in downloading status (assuming you mean the yellow\orange down arrow and hourglass).

Looks like some of the servers are asking for a reboot post update but most workstations are not.

Whatever changed in this update was hammering the internal update server to the point that a throttle was applied at the firewall so our VPN users didnt affect other connections on the pipe (could be some other infrastructure challenges at play here though too...).

Well, that sure sounds like something similar.  I think my machines have just about plowed through whatever this was. On machines that appear to still be downloading, they show Detection Data of 5.12 and 181 IDE's.  On one that seems to be up to date, I see 5.12 and 183 IDE's.  Think I might looking into adding some Update Managers to our branch locations since this seems to come up about twice a year in one form or another.