Knowledge Center

FAQs for V3 DAT files
Technical Articles ID:   KB82396
Last Modified:  3/28/2018



McAfee V3 DAT files
McAfee Labs (AVERT)
McAfee Endpoint Security (ENS) Threat Prevention 10.x


Recent updates to this article
Date Update
March 29, 2018 Added this table to track updates to this article.

This article is a consolidated list of common questions and answers about V3 DAT files.

Click to expand the section you want to view:
Why did McAfee introduce a V3 DAT?
The new architecture used in Endpoint Security for Windows, requires structural changes to the DAT. The existing V2 DAT could not be changed to support existing products and Endpoint Security for Windows.

What is the difference between the V2 DAT and V3 DAT?
The V3 DAT incorporates a new structure that is compatible with AMCore-based product Endpoint Security for Windows.

Will the V2 DAT be discontinued?
No. There are no plans to bring V2 DATs to End of Life. McAfee continues to develop content updates for the V2 DAT.

How do I know which DAT to use?
To determine which DAT to use:
  • If you use the AutoUpdate functionality in your products, no action is required. The automatic update mechanism downloads and installs the correct DAT update.
  • If you elect to download the DAT package for your product manually via the Security Updates page at http://www.mcafee.com/apps/downloads/security-updates/security-updates.aspx, you need to know whether you require either the V2 or the V3 DAT.
    • Only Endpoint Security for Windows requires the V3 DAT.
    • Any other enterprise products, including Endpoint Security for Mac and Endpoint Security for Linux, continue to use the V2 DAT
What is the size of the V3 DAT?
The size might vary over time. Currently the V3 DAT is about 30 MB compressed.

Is there a detection and performance advantage using the V3 DAT?
Products that use V3 DATs offer protection that is comparable to V2 DATs.

How has the quality, efficacy, and performance of the V3 DAT been validated?
The technology in V3 DATs has been used in Consumer products since December 2012. It is already running on tens of millions of Consumer endpoints and has been tested extensively in the field. It has also been subjected to numerous efficacy, performance, and false tests by third-party organizations such as AV-Test.org and AV-Comparatives.org. As with the V2 DAT, each release of the V3 DAT undergoes extensive quality and safety testing.

Is there any change to the concept of a full DAT and incremental DAT, or the incremental period before a full DAT file is downloaded?
No. There is no change from the current behavior.

Will McAfee continue to enhance performance of both DATs?
Yes. Performance improvement remains a constant and ongoing process for V2 and V3 DATs. The recent performance improvements exhibited in third-party tests such as AV-Test.org are attributable in part to DAT performance optimizations.

Back to top
Is it possible to use V3 DATs for V2 DAT products and vice versa?
No. Products that are not designed for the V3 DAT architecture are not compatible with the V3 DATs and cannot initialize them.

What corporate products use the V3 DAT?
Endpoint Security for Windows uses the V3 DAT.

Will point products be able to choose the correct DAT file?
Yes. Each product requests only the content type that it requires.

Are V3 DATs compatible with Extra.DATs?
Yes. V3 DATs are compatible with Extra.DATs and are managed in the same way as V2 DATs.

Are V3 DATs ePolicy Orchestrator (ePO) deployable?
Yes. V3 DAT deployment can be managed using ePO.

Can ePO support both versions of the DATs?
Yes. Both versions can be managed separately.

Does this change affect gateway and network products?
No. There is no change for existing gateway and network products that use the V2 DAT.

Does anything change with existing AutoUpdates?
No. There is no change for existing products.

Does this change affect AV Engine upgrades?
No. Scan engines continue to support both DATs and associated products.
As an ePO administrator, do I need to change my update process to accommodate V2 and V3 DATs?
As long as your ePO installation replicates from the McAfee Common Updater, the process remains the same.

Do I need to change my ePO update process?
As long as your ePO installation replicates from the McAfee Common Updater, the process remains the same.

Do I have the flexibility in ePO to choose whether to download one or both DATs, or are both retrieved automatically?
The V3 DAT is downloaded only if a product that requires it, which is Endpoint Protection for Windows, is actively managed by ePO.

If my VPN checks endpoint compliance before establishing the VPN, how would it deal with looking for a DAT being within x versions from V2 and V3 DATs? 
McAfee recommends examining the time stamp rather than the DAT version number to determine compliance.

My environment does not allow cloud access. Do I have reduced detection effectiveness with V2 or V3 DATs?
McAfee products provide the best possible detection effectiveness and safety capabilities when configured to use Global Threat Intelligence (GTI) level medium or higher. Endpoints that are not cloud connected might require stricter policy configuration.


The content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.