This post is based on blogs that covers “How to Use Definition Update Automation Tool with Status Filter Rule”.
From technet:
http://blogs.technet.com/b/clientsecurity/archive/2011/11/03/how-to-use-the-definition-update-automation-tool-for-forefront-endpoint-protection-2010-update-rollup-1.aspx
There has been updates made to the KB being used for Software Update Automation in SCCM/FEP 2010 that I have seen.

In this scenarios¬†are both KB’s active in the system and needed to be deployed to agents (required).

The solution is to create an extra cmd file and schedule this to be run after the first one is being run.
Create a new Deplyment and Package that is named FepDefinitionUpdates2.
Create a new cmd file named FEPSoftwareUpdateAutomation2.cmd and place it in any local folder on the Site Server:

“<DRIVE:>\program files (x86)\Microsoft Configuration Manager\AdminUI\bin\SoftwareUpdateAutomation.exe” /UpdateFilter “articleid=’2461484′ AND IsSuperseded=0 AND IsEnabled=1 AND IsExpired=0 AND IsDeployed=0” /AssignmentName FepDefinitionUpdates2 /PackageName FepDefinitionUpdates2

When adding IsDeployed=0 as a parameter can this command file be run after the normal Wsus sync and status message rule.

Create a task schedule that runs the command file (use svc account for enabled run when logged on or not+highest priv.).