I'm pretty sure I'm probably just overlooking something simple, but I've seen this in two labs I've setup. It appears SCEP definition are showing as not required in the ConfigMgr console, but if I look in WMI on the client (Class: root\Ccm\softwareupdates\updatesstore) I can see it appears to be detected as missing (which is correct).
Background:
Site Mode: HTTPS, I was using Configuration Manager 2012 SP1 with the same result. I updated the site to SP1 CU1 (Servers and Clients) same thing (For XP, 7, 8, Server 2012).
I've installed KB2828233 on the site server still can get clients to detect "Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.149.286.0)" as applicable on clients in the console. I've installed KB2831316 on the clients same thing. I'm syncing Forefront Endpoint Protection 2010 for the product as i'm pretty sure these are the definition used to SCEP 2012.
I've tried setting the disable alternative sources for endpoint to yes and no (Same result) although this shouldn't have anything to do with being detected.
I'm not sure if any of you may have advice or seen this. All other Windows updates are showing/detecting correctly in the console i'm even publishing third party updates with SCUP that detecteds just fine.
UPDATE 9:28 - So I downloaded and created an available deployment for the definition update. The clients do get the update in Software Center and I can install it successfully, but it's still showing as not required in ConfigMgr Console even after I install it the update doesn't report back as installed.
On Client connection to updates on WMI using CIM Studio:
On Server (Showing as not applicable):
Thanks,
Justin Chalfant | Blog: setupconfigmgr.com | SCUP Catalog: patchmypc.net/scup | Please mark as helpful/answer if this resolved your issue