Virus definition or DAT files contain signatures and other information that McAfee antivirus products use to protect your computer against existing and new potential threats. DAT files are released regularly. To make sure that your antivirus software protects your system against the latest threats, always use the most recent DAT files.
What products use DAT files?
The following products use the Scan Engine and DAT files:
-
Advanced Threat Defense
-
Endpoint Security for Linux before 10.7.0
-
Endpoint Security for Mac before 10.7.0
-
Management for Optimized Virtual Environments (MOVE)
-
SaaS Endpoint Protection
-
Security for Lotus Domino
-
Security for Microsoft Exchange
-
Security for SharePoint (PortalShield)
-
SuperDAT Manager
-
VirusScan Command-Line Scanner
-
VirusScan Enterprise
-
VirusScan Enterprise for Linux
-
VirusScan Enterprise for Storage
-
VirusScan for Mac
-
Web Gateway
What integrity and validity checks are performed on the DAT files to make sure that they are not tampered with?
The DAT files are encrypted and then compressed and signed when they are compiled. The Scan Engine performs a signature verification on the DATs as an integrity check during initialization. The Scan Engine does not load the files if they have been modified. The products that use the Scan Engine then verify the integrity of the Scan Engine by verifying whether the digital certificate used to sign the Scan Engine is valid.
Does the DAT perform any proactive detection for scanning of malformed archives?
McAfee products can handle specific types of malformed archives. Malformed archives cause the Scan Engine to be unable to scan within the archive. This ability enables the products to detect the presence of a bad archive without having to open it. The detection is reported as Malformed Archive.
McAfee continues to refine our detection techniques to tackle the many types of malformed archives that can be created. McAfee continues to focus on making sure that customers receive maximum protection and providing a rapid response to potential vulnerabilities.
Why does McAfee Labs release regular DAT files?
There has been an exponential rise in the number, propagation rate, and prevalence of new threats. The same applies to the number of virus submissions, the rate of new malware development, and the number of emergency DAT releases. The growing number and variety of threats make it vital that you update your DAT files regularly.
The DAT files are encrypted and then compressed and signed when they are compiled. The Scan Engine performs a signature verification on the DATs as an integrity check during initialization. The Scan Engine does not load the files if they have been modified. The products that use the Scan Engine then verify the integrity of the Scan Engine by verifying whether the digital certificate used to sign the Scan Engine is valid.
Does the DAT perform any proactive detection for scanning of malformed archives?
McAfee products can handle specific types of malformed archives. Malformed archives cause the Scan Engine to be unable to scan within the archive. This ability enables the products to detect the presence of a bad archive without having to open it. The detection is reported as Malformed Archive.
McAfee continues to refine our detection techniques to tackle the many types of malformed archives that can be created. McAfee continues to focus on making sure that customers receive maximum protection and providing a rapid response to potential vulnerabilities.
Why does McAfee Labs release regular DAT files?
There has been an exponential rise in the number, propagation rate, and prevalence of new threats. The same applies to the number of virus submissions, the rate of new malware development, and the number of emergency DAT releases. The growing number and variety of threats make it vital that you update your DAT files regularly.
At what time during the day are DAT files made available?
The regular DAT files are generally available on the day of release at 19:00 (UTC/GMT). But, DAT files might be released earlier if a new threat warrants it. To receive alerts regarding delays or important notifications, subscribe to the Support Notification Service (SNS). For SNS details, see KB67828 - Support Notification Service Frequently Asked Questions.
NOTE: For local time conversion, see http://www.worldtimeserver.com/current_time_in_UTC.aspx or a similar site.
Does McAfee release DAT files on holidays?
McAfee releases DAT files on holidays, except for January 1 and December 25. If needed, emergency DAT files are issued on these days.
When should I schedule an automatic update of my system with the regular DAT files?
McAfee recommends that you schedule a daily pull task within a 4–6 hour interval from the time the DAT files are made available to the source repository. This schedule allows enough time for the DAT file to replicate on all McAfee servers globally. See the ePolicy Orchestrator (ePO) product guide for details.
For McAfee product documents, go to the Enterprise Product Documentation portal at https://docs.mcafee.com.
Where can I find the latest DAT files?
The latest DAT files are available from the Security Updates page in XDAT and SDAT format at: http://www.mcafee.com/apps/downloads/security-updates/security-updates.aspx. This site also provides access to Beta DAT files.
What is the difference between regular DAT files and Beta DAT files?
DAT files are released regularly and go through a full QA cycle. Beta DAT files are produced hourly and receive only limited false positive testing. McAfee recommends that you use:
-
Regular DAT files for desktop deployment
-
Beta DAT files for high-risk computers and perimeter products such as GroupShield.
For more information, see http://www.mcafee.com/apps/mcafee-labs/beta/dat-file-updates.aspx?region=us.
What is the difference between normal DAT files and runtime DAT files?
Each file has its own advantage:
What is the difference between normal DAT files and runtime DAT files?
Each file has its own advantage:
-
Normal DAT files: Normal DAT files are simple in format with optimization designed for downloads of regular incremental files (signatures). A priority for downloading the normal DAT updates is to use as little bandwidth as possible. But, it is not well optimized for local performance.
Advantage: Faster download
-
Runtime DAT files: The runtime DAT file is optimized for high local performance. It is a rebuild of the normal DAT files, so that the memory and CPU resources needed to operate are balanced for best performance.
Advantage: Faster system
Under what circumstances do emergency DAT releases happen?
Outbreaks sometimes require emergency releases. Emergency DAT releases generally ship around 19:00 GMT. But, they might be released earlier or later in the day if a new threat warrants it. When a DAT is released early to preempt a potential outbreak, there generally is no second DAT release that day, unless another emergency situation occurs.
Where can I find the regular DAT Release Notes?
The regular DAT Release Notes are available at www.mcafee.com/apps/mcafee-labs/release-notes/datreadme.aspx?region=us.
In what format are the regular DAT Release Notes provided?
The DAT Release Notes are web based and offer the option to be emailed as a link or printed.
When are the regular DAT Release Notes published?
The Release Notes are available about two hours after the release of the regular DAT posting.
Back to top
Outbreaks sometimes require emergency releases. Emergency DAT releases generally ship around 19:00 GMT. But, they might be released earlier or later in the day if a new threat warrants it. When a DAT is released early to preempt a potential outbreak, there generally is no second DAT release that day, unless another emergency situation occurs.
Where can I find the regular DAT Release Notes?
The regular DAT Release Notes are available at www.mcafee.com/apps/mcafee-labs/release-notes/datreadme.aspx?region=us.
In what format are the regular DAT Release Notes provided?
The DAT Release Notes are web based and offer the option to be emailed as a link or printed.
When are the regular DAT Release Notes published?
The Release Notes are available about two hours after the release of the regular DAT posting.
Back to top