Knowledge Center

FAQs for V3 DAT files
Technical Articles ID:   KB82396
Last Modified:  9/29/2017


NOTE: This article applies only to McAfee business and enterprise products. If you need information or support for McAfee consumer or small business products, visit https://service.mcafee.com.

McAfee V3 DAT files
McAfee Labs (AVERT)
McAfee Endpoint Security Threat Prevention 10.x


This article is a consolidated list of common questions and answers and is mainly intended for users who are new to the product, but can be of use to all users.

Compatibility with other products and software
How do I know which DAT to use?  
With the introduction of the V3 DAT, McAfee will be supporting two independent DAT packages at the same time. If you use the auto-update functionality in your products, no action is required. The automatic update mechanism will download and install the correct DAT update.

If you elect to download the DAT package for your product manually via the Security Updates page http://www.mcafee.com/apps/downloads/security-updates/security-updates.aspx you will need to know whether you require either the V2 or the V3 DAT.
  • Only Endpoint Security for Windows requires the V3 DAT.
  • Any other enterprise products (including Endpoint Security for Mac and Endpoint Security for Linux) will continue to use the V2 DAT.
Why is McAfee introducing a new V3 DAT? 
The new architecture used in Endpoint Security for Windows required structural changes to the DAT. The existing V2 DAT could not be modified to support existing products and Endpoint Security for Windows.

What is the difference between the V2 DAT and V3 DAT? 
The V3 DAT incorporates a new structure that is compatible with AMCore-based products such as Endpoint Security for Windows.

Will the current V2 DAT be discontinued in the future? 
There are no plans to End of Life V2 DATs.

What is the size of the V3 DAT? 
The size may vary over time. At the time of publication, the V3 DAT is approximately 30 MB compressed.

Is there a detection and performance advantage using the V3 DAT?
Products that use V3 DATs offer protection that is comparable to V2 DATs.

How has the quality, efficacy, and performance of the V3 DAT been validated?
The technology in V3 DATs has been used in Consumer products since December 2012.  It is already running on tens of millions of Consumer endpoints and has been tested extensively in the field.  It has also been subjected to numerous efficacy, performance, and false tests by third-party organizations such as AV-Test.org and AV-Comparatives.org. As with the V2 DAT, each release of the V3 DAT undergoes extensive quality and safety testing.

Is there any change to the concept of a full DAT and incremental DAT? 
There is no change from the current behavior.

Is there any change to the incremental period before a full DAT file is downloaded?
There is no change from the current behavior.

Will McAfee continue to develop content updates for the V2 DAT? 
Yes. There are no plans to change support for V2 DATs at this time.

Will McAfee continue to enhance performance of both DATs?
Yes. This remains a constant, ongoing process for V2 and V3 DATs. The recent performance improvements exhibited in third-party tests such as AV-Test.org are attributable in part to DAT performance optimizations.

Will the V2 DAT size decrease over time?
McAfee expects to continue efforts to decrease the V2 DAT size.

Is there a V1 DAT?
Support for the V1 DAT ended in 2010.

Back to Contents  
Is it possible to use V3 DATs for V2 DAT products and vice versa?
No. Products that are not designed for the V3 DAT architecture are not compatible with the V3 DATs and will not be able to initialize them.

What corporate products use the V3 DAT?
Endpoint Security for Windows uses the V3 DAT.

Will point products be able to choose the correct DAT file?
Yes, each product will request only the content type that it requires. 

Are V3 DATs compatible with extra.DATs?
Yes, V3 DATs are compatible with extra.DATs and are managed in the same way as V2 DATs.

Will V3 DATs be ePolicy Orchestrator (ePO) deployable?
Yes, V3 DAT deployment can be managed using ePO.

Can ePO support both versions of the DATs?
Yes, both versions can be managed separately.

Does this change affect gateway and network products?
There is no change for existing products that use the V2 DAT.

Does anything change with existing auto-updates?
There is no change for existing products.

Does this change affect AV Engine upgrades?
No. Scan engines continue to support both DATs and associated products. 
Back to Contents
As an ePO administrator, do I need to change my update process to accommodate V2 and V3 DATs?
As long as your ePO installation replicates from the McAfee Common Updater, the process will remain the same.

Do I need to change my ePO update process?
As long as your ePO installation replicates from the McAfee Common Updater, the process will remain the same.

Will I have the flexibility within ePO to choose whether to download one or both DATs, or will both be retrieved automatically?
The V3 DAT will be downloaded only if a product that requires it (Endpoint Protection for Windows) is being actively managed by ePO. 

If my VPN checks endpoint compliance before establishing the VPN, how would it deal with looking for a DAT being within x versions from V2 and V3 DATs? 
McAfee recommends examining the timestamp rather than the DAT version number to determine compliance.

My environment does not allow cloud access. Will I have reduced detection effectiveness with V2 or V3 DATs?
McAfee products provide the best possible detection effectiveness and safety capabilities when configured to use Global Threat Intelligence (GTI) level medium or higher. Endpoints that are not cloud connected might require stricter policy configuration.

Back to Contents  

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.