Loading...

Knowledge Center


Information about the Anti-Malware Scan Engine and its digital signature
Technical Articles ID:   KB52425
Last Modified:  8/31/2018
Rated:


Environment

McAfee Anti-Malware Scan Engine (Scan Engine) Windows version
McAfee VirusScan Enterprise (VSE) and other related products

Summary

The Scan Engine is central to McAfee Antivirus software. This article provides a high-level description of its function, where to download it, and instructions to verify its Verisign certificate.

The Scan Engine consists of a single file (mcscan32.dll or mscan64a.dll) that contains the program logic to do the following:
  • Scan files at particular points
  • Process and pattern-match virus definitions with data it finds within scanned files
  • Decrypt and run virus code in an emulated environment
  • Apply heuristic techniques to recognize new viruses
  • Remove infectious code from legitimate files

The Scan Engine uses information contained in the DAT files to identify and take action against viruses. It is updated frequently to implement new advances in anti-virus technology and to provide the greatest level of protection against virus threats.

You can download the latest Scan Engine from the Engines tab on the McAfee Downloads site:

To download a DAT, Engine, XDAT, or Stinger file, go to https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html.

You might need to download these files if your automated update fails, or if you want to use an Extra.DAT on an infected system.


Verisign certificate
The Windows Scan Engine is digitally signed with a public key certificate issued by Verisign. This key allows managed products to verify the origin and integrity of the Scan Engine using standard Win32 Application Programming Interface (API) calls. Only Windows 32-bit and 64-bit DLL files are signed with the Verisign certificate.

To verify the Engine's digital signature:

  1. Use Windows Explorer to locate mcscan32.dll or mscan64a.dll.
  2. Right-click the file, and select PropertiesDigital Signatures.
  3. Select the entry that begins with McAfee, Inc. from the Signature List.
  4. Click Details, then verify that the Digital Signature Information section states This digital signature is OK.
  5. In the Signer information section, verify that the Name field contains the text McAfee Inc.
  6. In the Countersignatures section, click Details, and then verify that the Name of signer field contains VeriSign Time Stamping Services Signer - G2.
  7. Click OK, and then close the Properties screen.

Rate this document

Affected Products

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.