FAQs for V2 DAT files
Technical Articles ID:
KB55986
Last Modified: 8/27/2019
Last Modified: 8/27/2019
Environment
McAfee V2 DAT Files
McAfee ExtraDAT files
McAfee Signed ExtraDAT files
McAfee Labs (AVERT)
McAfee DAT Reputation
McAfee ExtraDAT files
McAfee Signed ExtraDAT files
McAfee Labs (AVERT)
McAfee DAT Reputation
Summary
This article is a consolidated list of common questions and answers and is intended for users who are new to the product. But it can be of use to all users.
Contents:
| General |
| DAT Reputation |
| XDAT |
| ExtraDAT |
| Signed ExtraDAT |
| CommonUpdater |
What are DAT files?
Virus definition or DAT files contain virus signatures and other information that McAfee antivirus products use to protect your computer against existing and new potential threats. DAT files are released daily. We also release new DAT files when McAfee Labs assesses any threat to have a medium or higher risk. To ensure that your antivirus software protects your system or network against the latest threats, make sure that you always use the most recent DAT files.
What products use DAT files?
The following products use the AV Scanning Engine and DAT files:
What integrity and validity checks are performed on the DAT files to make sure that they are not tampered with?
The DAT files are encrypted and then compressed and signed when they are compiled. The Scan Engine performs a signature verification on the DATs as an integrity check during initialization. The Engine does not load the files if they have been modified. The products that use the Engine in turn verify the integrity of the Engine by checking whether the digital certificate used to sign the Engine is valid.
Does the DAT perform any proactive detection for scanning of malformed archives?
McAfee products can handle specific types of malformed archives that cause the Scan Engine to be unable to scan within the archive by providing proactive detection of malformed archives within our DAT files. This ability enables the products to detect the presence of a bad archive without having to open it. The detection is reported as Malformed Archive.
As more testing is done around the many types of malformed archives that can be created, McAfee continues to refine our detection techniques and update the driver in the DAT files. McAfee continues to focus on making sure that customers receive maximum protection and providing a rapid response to potential vulnerabilities.
Why does McAfee Labs release DAT files daily?
There has been an exponential rise in the number, propagation rate, and prevalence of new threats. The same applies to the number of virus submissions, the rate of new malware development, and the number of emergency DAT releases. The growing number and variety of threats make it vital that you update your DAT files daily.
Virus definition or DAT files contain virus signatures and other information that McAfee antivirus products use to protect your computer against existing and new potential threats. DAT files are released daily. We also release new DAT files when McAfee Labs assesses any threat to have a medium or higher risk. To ensure that your antivirus software protects your system or network against the latest threats, make sure that you always use the most recent DAT files.
What products use DAT files?
The following products use the AV Scanning Engine and DAT files:
- Advanced Threat Defense
- Email and Web Security - End of Life (EOL) March 31, 2017
- Email Gateway
- Endpoint Security for Linux
- Endpoint Security for Mac
- Management for Optimized Virtual Environments (MOVE)
- SaaS Endpoint Protection
- Security for Lotus Domino
- Security for Mac - EOL September 30, 2016
- Security for Microsoft Exchange
- Security for SharePoint (PortalShield)
- SuperDAT Manager
- VirusScan Command Line Scanner
- VirusScan Enterprise
- VirusScan Enterprise for Linux
- VirusScan Enterprise for Storage
- VirusScan for Mac
- Web Gateway
What integrity and validity checks are performed on the DAT files to make sure that they are not tampered with?
The DAT files are encrypted and then compressed and signed when they are compiled. The Scan Engine performs a signature verification on the DATs as an integrity check during initialization. The Engine does not load the files if they have been modified. The products that use the Engine in turn verify the integrity of the Engine by checking whether the digital certificate used to sign the Engine is valid.
Does the DAT perform any proactive detection for scanning of malformed archives?
McAfee products can handle specific types of malformed archives that cause the Scan Engine to be unable to scan within the archive by providing proactive detection of malformed archives within our DAT files. This ability enables the products to detect the presence of a bad archive without having to open it. The detection is reported as Malformed Archive.
As more testing is done around the many types of malformed archives that can be created, McAfee continues to refine our detection techniques and update the driver in the DAT files. McAfee continues to focus on making sure that customers receive maximum protection and providing a rapid response to potential vulnerabilities.
Why does McAfee Labs release DAT files daily?
There has been an exponential rise in the number, propagation rate, and prevalence of new threats. The same applies to the number of virus submissions, the rate of new malware development, and the number of emergency DAT releases. The growing number and variety of threats make it vital that you update your DAT files daily.
Can there be more than one DAT release per day?
McAfee Labs releases at least one DAT file every day of the year, except for January 1 and December 25. If needed, emergency DAT files are issued on these days.
At what time during the day are daily DAT files made available?
The daily DAT files are generally available by 19:00 (UTC/GMT). But, if a new threat warrants it, daily DAT files might be released earlier. Sometimes daily DAT releases might also be delayed. To receive alerts regarding delays or important notifications, subscribe to the Support Notification Service (SNS). For SNS details, see article KB67828.
NOTE: For local time conversion, see http://www.worldtimeserver.com/current_time_in_UTC.aspx or a similar site.
For what time should I schedule a daily automatic update of my system with the daily DAT files?
McAfee recommends scheduling a daily pull task within a 4–6 hour interval from the time the daily DAT files are made available to the source repository. This schedule allows enough time for the DAT file to be replicated on all McAfee servers globally. See your ePolicy Orchestrator Product Guide for details.
For McAfee product documents, go to the Enterprise Product Documentation portal at https://docs.mcafee.com.
Where can I find the latest DAT files?
The latest DAT files are available from the Updates page in XDAT and SDAT format at: http://www.mcafee.com/apps/downloads/security-updates/security-updates.aspx. This site also provides access to Beta DAT files.
What is the difference between daily DAT files and Beta DAT files?
Daily DAT files are released once per day and go through a full QA cycle. Beta DAT files are produced hourly and receive only limited false positive testing. McAfee recommends that you use the daily DAT files for desktop deployment, and the Beta DAT files for high-risk computers and perimeter products such as GroupShield.
For more information, see http://www.mcafee.com/apps/mcafee-labs/beta/dat-file-updates.aspx?region=us.
What is the difference between Normal DAT files and Runtime DAT files?
Each has its own advantage:
- Normal DAT files
The normal copy of DAT files are much simpler in format with optimization designed for downloads of daily incremental files (signatures). It is a priority for downloading the normal DAT updates that as little bandwidth as possible be used. But, it is not well optimized for local performance.
Advantage: Faster download
- Runtime DAT files
The runtime DAT is optimized for high local performance. It is a rebuild of the normal DAT files, so that the memory and CPU resources needed to operate are balanced for best performance.
Advantage: Faster system
Outbreaks sometimes require emergency releases. Daily releases generally ship around 19:00 GMT every day, but they might be released earlier or later in the day if a new threat warrants it. When a daily DAT is released early to pre-empt a potential outbreak, there will generally be no second DAT release that day at the normally scheduled time, unless another emergency situation warrants one.
Where can I find the daily DAT Release Notes?
The daily DAT Release Notes are available at www.mcafee.com/apps/mcafee-labs/release-notes/datreadme.aspx?region=us.
In what format are the daily DAT Release Notes provided?
The daily DAT Release Notes are web based and offer the option to be emailed (as a link) or printed.
When are the daily DAT Release Notes published?
The release notes are available about two hours after the release of the daily DAT.
NOTE: The daily DAT Release Notes were first published in the location mentioned above on September 24, 2012 with the release of DAT ID 6845.
Back to Contents
What is DAT Reputation?
DAT Reputation is an endpoint technology that contacts the GTI Cloud before an endpoint DAT update. The call-back component checks the reputation of a DAT package before installing the update. Also, an endpoint safety pulse component runs periodically on a Microsoft Windows endpoint to check for potential product or operating system issues that have occurred since the installation of a DAT update package. Data collected from the endpoint safety pulse tests are transferred back to McAfee Labs and monitored for anomalies. If a significant problem is found with a DAT package after it has been released, it is marked as Blocked in the Cloud to prevent endpoints from installing the DAT.
Does McAfee contact me using the Support Notification Service (SNS) if there is a problem found with the current DAT?
Yes. McAfee Incident Response procedures are invoked if a significant problem is found with a DAT. McAfee recommends that all corporate customers register for SNS.
Which products can use DAT Reputation?
DAT Reputation is for all supported products on Microsoft Windows that update using a DAT. The minimum supported McAfee Agent (MA) version for DAT Reputation is MA 4.6.
What happens if my endpoints update using ePolicy Orchestrator?
The endpoints call the GTI Cloud individually, in case a problematic DAT has already been downloaded to a local repository.
What are the system requirements for DAT Reputation?
DAT Reputation has been tested with Windows Vista and later. The recommended system requirements are:
DAT Reputation is an endpoint technology that contacts the GTI Cloud before an endpoint DAT update. The call-back component checks the reputation of a DAT package before installing the update. Also, an endpoint safety pulse component runs periodically on a Microsoft Windows endpoint to check for potential product or operating system issues that have occurred since the installation of a DAT update package. Data collected from the endpoint safety pulse tests are transferred back to McAfee Labs and monitored for anomalies. If a significant problem is found with a DAT package after it has been released, it is marked as Blocked in the Cloud to prevent endpoints from installing the DAT.
Does McAfee contact me using the Support Notification Service (SNS) if there is a problem found with the current DAT?
Yes. McAfee Incident Response procedures are invoked if a significant problem is found with a DAT. McAfee recommends that all corporate customers register for SNS.
To receive information about McAfee product updates, sign up for the Support Notification Service at https://sns.secure.mcafee.com/signup_login.
Which products can use DAT Reputation?
DAT Reputation is for all supported products on Microsoft Windows that update using a DAT. The minimum supported McAfee Agent (MA) version for DAT Reputation is MA 4.6.
What happens if my endpoints update using ePolicy Orchestrator?
The endpoints call the GTI Cloud individually, in case a problematic DAT has already been downloaded to a local repository.
What are the system requirements for DAT Reputation?
DAT Reputation has been tested with Windows Vista and later. The recommended system requirements are:
- Processor
Minimum: Pentium class processor
Recommended: Pentium IV class processor or higher
- Physical RAM
Minimum: 512 MB
Recommended: 1 GB or greater
Where are the DAT Reputation files installed?
DAT Reputation files are installed to the following locations:
- 64-bit computers: %programfiles(x86)%\common files\McAfee\DATReputation
- 32-bit computers: %programfiles%\common files\McAfee\DATReputation
Where do I download DAT Reputation?
DAT Reputation is installed as part of a standard DAT update. Customers can electively download DATs containing DAT Reputation for about six months before AutoUpdate. The elective download period began on August 19, 2014.
New health check content might be added later, if further diagnostic tests are needed. Health check content is also delivered as part of a standard DAT update. Customers are notified through SNS when new health check content is going to be deployed.
What is the increase in download size when DAT Reputation is installed?
The update size is about 1 MB, in addition to the size of the standard DAT content.
Do updates fail if my endpoints can't connect to the GTI Cloud?
DAT Reputation will not block updates if the endpoint can't make a connection to the GTI Cloud.
Does DAT Reputation work in an environment using proxy servers?
Yes. DAT Reputation works provided the endpoint is able to communicate on port 443 using SSL over TCP. The following proxy servers are supported:
DAT Reputation is installed as part of a standard DAT update. Customers can electively download DATs containing DAT Reputation for about six months before AutoUpdate. The elective download period began on August 19, 2014.
New health check content might be added later, if further diagnostic tests are needed. Health check content is also delivered as part of a standard DAT update. Customers are notified through SNS when new health check content is going to be deployed.
What is the increase in download size when DAT Reputation is installed?
The update size is about 1 MB, in addition to the size of the standard DAT content.
Do updates fail if my endpoints can't connect to the GTI Cloud?
DAT Reputation will not block updates if the endpoint can't make a connection to the GTI Cloud.
Does DAT Reputation work in an environment using proxy servers?
Yes. DAT Reputation works provided the endpoint is able to communicate on port 443 using SSL over TCP. The following proxy servers are supported:
-
Basic proxy
-
NTLM
-
LDAP
-
Proxy without Authentication (Transparent Proxy)
NOTE: Kerberos authentication is not currently supported.
Can I configure DAT Reputation to use GTI Proxy?
No. There are no current plans to introduce this functionality with GTI Proxy.
What type of data is collected when checking the DAT reputation?
The DAT version number and the DAT type (V2 or V3) are securely transmitted to verify the reputation of the DAT file. No additional information about the endpoint is uploaded.
What type of data is collected during the endpoint safety pulse health check?
The only data collected are the results of a few tests being run on the endpoint following a DAT download. These results contain data such as:
Why is this data collected?
This data helps McAfee ascertain whether the recently downloaded DAT is behaving as expected and is providing value to the security of your endpoint.
How frequently does the health check component run on an endpoint?
The health check component runs between 6–8 times per day.
What size are the data packets sent for the DAT Reputation check and Health Check data?
About 200 bytes of data for a reputation check, and between 1–2 kb of data is transferred per instance of health check data.
How is the Health Check data encrypted and transferred?
The data is encrypted using SSL and transferred using SSL over TCP, which uses port 443.
How is the health check data stored?
The data is stored and secured on McAfee’s back-end databases.
Which domain does DAT Reputation connect to?
It connects to datreputation.gti.mcafee.com and datreputation.mcafee.com.
Do endpoints that cannot connect to the Internet try to use DAT Reputation?
Endpoints on closed or limited networks can be configured to disable the DAT Reputation check and endpoint safety pulse. But, in the unlikely case of a Bad DAT update, these computers must have their update tasks disabled by an administrator. An ePO extension will be provided for policy management and reporting. Customers with unmanaged endpoints can contact Technical Support for further information on how to configure DAT Reputation settings. For details, see the Related Information section below.
NOTE: McAfee does not recommend disabling DAT reputation unless absolutely necessary.
Who should I contact if I have further questions or ideas for a future release of DAT Reputation?
Contact your local Technical Support representative (for details, see the Related Information section below).
Back to Contents
Can I configure DAT Reputation to use GTI Proxy?
No. There are no current plans to introduce this functionality with GTI Proxy.
What type of data is collected when checking the DAT reputation?
The DAT version number and the DAT type (V2 or V3) are securely transmitted to verify the reputation of the DAT file. No additional information about the endpoint is uploaded.
What type of data is collected during the endpoint safety pulse health check?
The only data collected are the results of a few tests being run on the endpoint following a DAT download. These results contain data such as:
- Whether a test passed or failed.
- Some metadata about the endpoint, such as the operating system name and version, the DAT and engine versions, and what product/versions are installed.
Why is this data collected?
This data helps McAfee ascertain whether the recently downloaded DAT is behaving as expected and is providing value to the security of your endpoint.
How frequently does the health check component run on an endpoint?
The health check component runs between 6–8 times per day.
What size are the data packets sent for the DAT Reputation check and Health Check data?
About 200 bytes of data for a reputation check, and between 1–2 kb of data is transferred per instance of health check data.
How is the Health Check data encrypted and transferred?
The data is encrypted using SSL and transferred using SSL over TCP, which uses port 443.
How is the health check data stored?
The data is stored and secured on McAfee’s back-end databases.
Which domain does DAT Reputation connect to?
It connects to datreputation.gti.mcafee.com and datreputation.mcafee.com.
Do endpoints that cannot connect to the Internet try to use DAT Reputation?
Endpoints on closed or limited networks can be configured to disable the DAT Reputation check and endpoint safety pulse. But, in the unlikely case of a Bad DAT update, these computers must have their update tasks disabled by an administrator. An ePO extension will be provided for policy management and reporting. Customers with unmanaged endpoints can contact Technical Support for further information on how to configure DAT Reputation settings. For details, see the Related Information section below.
NOTE: McAfee does not recommend disabling DAT reputation unless absolutely necessary.
Who should I contact if I have further questions or ideas for a future release of DAT Reputation?
Contact your local Technical Support representative (for details, see the Related Information section below).
Back to Contents
What is an XDAT?
XDAT is an application that you can double-click to start from Windows. It shuts down any active anti-virus scans, services, and other memory-resident software components that might interfere with your updates. It then copies the new files to the required location and enables your antivirus software to use the update immediately. XDAT files contain virus definitions without the Engine.
How do I recognize an XDAT file?
The file has a name in the format nnnnXDAT.EXE, where nnnn is the DAT version number. The daily XDAT file includes the DAT files plus an executable that installs them. Running an XDAT with non-Administrative privileges is not supported. For more information about XDAT files, see http://download.nai.com/products/datfiles/4.x/nai/readme.txt.
Back to Contents
XDAT is an application that you can double-click to start from Windows. It shuts down any active anti-virus scans, services, and other memory-resident software components that might interfere with your updates. It then copies the new files to the required location and enables your antivirus software to use the update immediately. XDAT files contain virus definitions without the Engine.
How do I recognize an XDAT file?
The file has a name in the format nnnnXDAT.EXE, where nnnn is the DAT version number. The daily XDAT file includes the DAT files plus an executable that installs them. Running an XDAT with non-Administrative privileges is not supported. For more information about XDAT files, see http://download.nai.com/products/datfiles/4.x/nai/readme.txt.
Back to Contents
What is an ExtraDAT file?
An ExtraDAT is a temporary definition file in response to malware that is not yet covered in the daily DAT files. The ExtraDAT is intended to provide emergency coverage until detection for the new malware can be added into the daily DAT files. You must apply an ExtraDAT to the infected system and any systems that could potentially be compromised.
What is a custom DAT package?
A custom DAT package is a temporary detection file created by McAfee Labs, containing the full production DATs and other detections and cleaning for a new threat that is too complex to be addressed in an ExtraDAT. For how to use a custom DAT package, see KB76657.
Is an ED still available when emergency releases happen?
Yes. ED files are still available from McAfee Labs and are still be made available for download for threats that reach a medium-risk assessment or higher. Also, you still receive an ED for any new samples submitted to McAfee Labs.
How safe are ED files?
ED files get released after limited testing and are provided with the sole purpose of addressing a specific threat. When you have to deploy an ED to more than a few nodes, McAfee recommends that you test the ED on a subset of these nodes before deploying to all systems. After you have verified that there is no problem with the ED, you can deploy it to the remaining nodes.
How long can I use my ED file?
The standard expiration for an ED is 30 days, but the expiration varies. Detection in an ED automatically expires when the date embedded in the daily DAT files is the same as or later than the expiration date of the detection in the ED.
How do I get an ED file?
These files are provided directly by McAfee Labs in response to submitted malware. For instructions on how to submit malware samples, see KB68030.
How many ED files can I use?
Only one file can be active on a computer at any given time. You can combine multiple ED files to provide protection for multiple new threats. For detailed instructions, see KB68061.
How do I apply an ED?
To deploy and apply an ED file through ePolicy Orchestrator 4.x, see KB67602.
To apply an ED locally, see the following:
How does an ED relate to the daily DAT?
Detection in an ED takes precedence over detection in the standard DAT files. If the remediation method of an ED differs from the method of the standard DAT, the method specified by the ED is used.
Why are ED files removed from a system, and what determines when an ED should be removed?
The removal of an expired ED is determined by comparing the expiration date of the detection in the ED to the date embedded in the applied DATs. This removal is done when the engine loads the DAT.
When the embedded date of the DATs is equal to or greater than the expiration date of the detection in the ED, the Engine sees the detection in the ED as expired.
Example: If on August 11, 2019 you are running a DAT from August 8, 2019 and your ED expires on August 9, 2019, the Engine will continue to use the ED until the DATs are updated to the DAT from August 9, 2019, even though the date is August 11, 2019.
What do I do when an ED detects a virus but does not clean or repair files?
See the VirusScan Enterprise ED checklist. For details, see KB54996.
Back to Contents
An ExtraDAT is a temporary definition file in response to malware that is not yet covered in the daily DAT files. The ExtraDAT is intended to provide emergency coverage until detection for the new malware can be added into the daily DAT files. You must apply an ExtraDAT to the infected system and any systems that could potentially be compromised.
What is a custom DAT package?
A custom DAT package is a temporary detection file created by McAfee Labs, containing the full production DATs and other detections and cleaning for a new threat that is too complex to be addressed in an ExtraDAT. For how to use a custom DAT package, see KB76657.
Is an ED still available when emergency releases happen?
Yes. ED files are still available from McAfee Labs and are still be made available for download for threats that reach a medium-risk assessment or higher. Also, you still receive an ED for any new samples submitted to McAfee Labs.
How safe are ED files?
ED files get released after limited testing and are provided with the sole purpose of addressing a specific threat. When you have to deploy an ED to more than a few nodes, McAfee recommends that you test the ED on a subset of these nodes before deploying to all systems. After you have verified that there is no problem with the ED, you can deploy it to the remaining nodes.
How long can I use my ED file?
The standard expiration for an ED is 30 days, but the expiration varies. Detection in an ED automatically expires when the date embedded in the daily DAT files is the same as or later than the expiration date of the detection in the ED.
How do I get an ED file?
These files are provided directly by McAfee Labs in response to submitted malware. For instructions on how to submit malware samples, see KB68030.
How many ED files can I use?
Only one file can be active on a computer at any given time. You can combine multiple ED files to provide protection for multiple new threats. For detailed instructions, see KB68061.
How do I apply an ED?
To deploy and apply an ED file through ePolicy Orchestrator 4.x, see KB67602.
To apply an ED locally, see the following:
- For SaaS Endpoint Protection, see KB51459.
- For Security for Microsoft Exchange 7.6, see KB76201.
- For VirusScan Enterprise 8.x, see KB50642.
How does an ED relate to the daily DAT?
Detection in an ED takes precedence over detection in the standard DAT files. If the remediation method of an ED differs from the method of the standard DAT, the method specified by the ED is used.
Why are ED files removed from a system, and what determines when an ED should be removed?
The removal of an expired ED is determined by comparing the expiration date of the detection in the ED to the date embedded in the applied DATs. This removal is done when the engine loads the DAT.
When the embedded date of the DATs is equal to or greater than the expiration date of the detection in the ED, the Engine sees the detection in the ED as expired.
Example: If on August 11, 2019 you are running a DAT from August 8, 2019 and your ED expires on August 9, 2019, the Engine will continue to use the ED until the DATs are updated to the DAT from August 9, 2019, even though the date is August 11, 2019.
What do I do when an ED detects a virus but does not clean or repair files?
See the VirusScan Enterprise ED checklist. For details, see KB54996.
Back to Contents
What is a Signed ExtraDAT (SED) file?
An SED has the portability of an ED and the comprehensive detection and cleaning functionality of a Beta and full DAT. The SED is designed for you to apply it without having to change your infrastructure.
When is a SED sent?
A SED is only sent when there are cleaning limitations in the current ED solution, for example, when there is a need to have process ejection or parasitic file cleaning.
Why are SEDs not used all the time?
A SED is not sent when there are adequate capabilities in the ED solution. There might also be occasions where Beta DAT files are still needed for full cleaning of a specific threat. The McAfee Labs Global Threat Response team advises on an individual basis what solution is best for you.
How can I see the difference between an SED and an ExtraDAT?
In addition to the added cleaning abilities, the SED file size is slightly larger than an ED because of the additional code it contains. The file names are identical (ExtraDAT), and concatenation works as normal.
Back to Contents
An SED has the portability of an ED and the comprehensive detection and cleaning functionality of a Beta and full DAT. The SED is designed for you to apply it without having to change your infrastructure.
When is a SED sent?
A SED is only sent when there are cleaning limitations in the current ED solution, for example, when there is a need to have process ejection or parasitic file cleaning.
Why are SEDs not used all the time?
A SED is not sent when there are adequate capabilities in the ED solution. There might also be occasions where Beta DAT files are still needed for full cleaning of a specific threat. The McAfee Labs Global Threat Response team advises on an individual basis what solution is best for you.
How can I see the difference between an SED and an ExtraDAT?
In addition to the added cleaning abilities, the SED file size is slightly larger than an ED because of the additional code it contains. The file names are identical (ExtraDAT), and concatenation works as normal.
Back to Contents
What are the CommonUpdater Repositories?
The following update sites are used by ePolicy Orchestrator:
FTP Sites
The following update sites are used by ePolicy Orchestrator:
FTP Sites
HTTP Sites
NOTE: You can use the following alternative update sites if you do not use ePolicy Orchestrator:
FTP Sites
ftp://ftp.nai.com/pub/datfiles/
ftp://ftp.nai.com/pub/antivirus/datfiles/4.x/
ftp://ftp.nai.com/pub/antivirus/superdat/intel/
ftp://ftp.nai.com/pub/antivirus/datfiles/4.x/
ftp://ftp.nai.com/pub/antivirus/superdat/intel/
HTTP Sites
What is the difference between the CommonUpdater and CommonUpdater2 sites?
The CommonUpdater2 download site does not have a copy of the DAT files in its root folder.
What are the benefits of the CommonUpdater2 download site?
If you have no products installed that look for DAT content in the root directory of the site, selecting the CommonUpdater2 site offers bandwidth benefits because fewer files need to be replicated.
Can I use a direct IP address instead of DNS resolution for updating?
Hosting the DAT content requires hundreds of IP addresses for load balancing and high availability. These IP addresses are not static and their direct use is unsupported. For details, see KB54974.
Back to Contents
Related Information
See also:
- For FAQs about the new V3 DAT files, see KB82396.
- For information about the latest Scan Engine, see KB66741.
- For information about how to run Command Line Scan using an ExtraDAT, see KB75078.
- For information about why an ExtraDAT file might not be applied, see KB52590.
- For information about how to determine which computers have an ExtraDAT installed via ePO 4.x reporting, see KB59410.
NOTE: The content of the following articles have been integrated into this consolidated FAQ: KB57339, KB76558, KB76657, KB76662, KB53333, KB69862.
For product lifecycle details, see the McAfee Product and Technology Support Lifecycle page at: http://www.mcafee.com/us/support/support-eol.aspx.
For End of Life (EOL) policy details, see the Corporate Products EOL policy at: https://www.mcafee.com/enterprise/en-us/assets/misc/support-policy-product-support-eol.pdf.
Definitions:
For End of Life (EOL) policy details, see the Corporate Products EOL policy at: https://www.mcafee.com/enterprise/en-us/assets/misc/support-policy-product-support-eol.pdf.
Definitions:
- EOL period—The time frame that runs from the day McAfee announces product discontinuation, until the last date that McAfee formally supports the product. In general, after the EOL period is announced, no enhancements are made.
- EOL date—The last day that the product is supported, according to the terms of the McAfee standard support offering.
Affected Products
Languages:
This article is available in the following languages:
GermanEnglish United States
Spanish Spain
French
Italian
Japanese
Korean
Dutch
Portuguese Brasileiro
Chinese Simplified
Chinese Traditional
