Currently, the Update button in SCEP does not perform any function when you want to use the SUP as a definition source. Per: https://support.microsoft.com/en-us/kb/2831244 - When you click Update in the SCEP UI, the client looks for a FallbackOrder registry key in HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates. The client will check each update source in the FallbackOrder registry key in the order that they are listed until it locates a source that has available definitions. If it goes through all sources without detecting available definitions, it returns an error and the update attempt is unsuccessful. Configuration Manager is never listed in the FallbackOrder registry key, as the SCEP client does not recognize a Configuration Manger Software Update Point agent (and associated infrastructure) as a valid definition source and cannot pull definitions from Configuration Manager.

The SCEP Client needs to be updated to recognize the SUP as a valid definition source - rather than having to open the ConfigMgr Control Panel window, and running a "Software Deployment and Evaluation" cycle. Running the SDEC is a labor intensive operation for the WUAHandler and Software Updates agent on the client, requires a full sync of the WSUS info, which puts additional load on the WSUS server.