Loading...

Knowledge Center


Planned changes to McAfee DAT files in Q2 2019
Technical Articles ID:   KB91485
Last Modified:  6/13/2019
Rated:


Environment

McAfee DAT files

McAfee products affected:
McAfee corporate products that use DAT files (excludes End of Life products):
  • Endpoint Security Threat Prevention 10.x
  • MOVE Antivirus Agentless 4.x
  • MOVE Antivirus Multi-platform 4.x
  • VirusScan Command-Line Scanner 6.1.x
  • VirusScan Enterprise 8.8

Summary

Planned changes to V2 and V3 DAT files:
There is a change to V2 and V3 DAT files planned for deployment:
  • The digital certificates used to sign some DAT components will be updated. They will continue to be dual-signed with both SHA-1 and SHA-256 certificates.
  • The XDAT executable package is the only V2 DAT element using this form of validation. The V3 executable update packages and cab files are signed with these certificates. ePO packages are not signed in this way.
  • Executable update packages signed with the new digital certificates were posted to http://downloadcenter.mcafee.com/products/mcafee-avert/dats/certificate2019 to allow customers to evaluate the change and ensure compatibility within their environments. The packages were available from May 8, 2019.
This article provides more information about these changes, why they must occur, and how you can prepare for them.

Impact of these changes:
The changes are not expected to impact customers or their installed products.

We are providing customer evaluation examples to allow you to test and evaluate these DAT changes before they are deployed to live operating environments.

DAT change and evaluation - Update to digital certificates used to dual-sign DATs using SHA-1 and SHA-2 certificates:
As part of the broader security industry push, McAfee products deprecate SHA-1 (Secure [cryptographic] Hash Algorithm 1) based digital certificates used in content and products, in favor of the more secure SHA-2 (SHA256) based certificates. Certain McAfee DAT files must be dual-signed with both SHA-1 and SHA-2 certificates to support older Microsoft operating systems, such as Windows XP and Windows Server 2003, that do not recognize SHA-2.

Because of the expiration of existing certificates, McAfee is changing the certificates used to perform this signing. For V2 DATs, used by products such as VirusScan Enterprise, only executable DATs (XDATs) are signed in this way. McAfee plans to change these certificates on June 26, 2019. We provided an opportunity for customers to test this change. DAT packages were available on http://downloadcenter.mcafee.com/products/mcafee-avert/dats until May 31, 2019, for customer evaluation.

This change is expected to be transparent to customers and no McAfee product or configuration changes are required. If you use a third-party software deployment solution to deploy xdat.exe to your systems or have systems that verify the digital certificates in your environment, verify compatibility of these updates with the third-party software.

Planned customer communications:
Support Notification Service (SNS) communications will be sent to announce the start of the evaluation periods and also to remind customers of upcoming go-live dates.

How to participate in evaluation periods:
The changes to DAT files are not expected to impact your installed McAfee products. We are providing customer evaluation examples so you can test and evaluate these changes before they are deployed in live operating environments. Two sets of DAT packages were supplied and posted to http://downloadcenter.mcafee.com/products/mcafee-avert/dats/certificate2019. Both sets of content are signed with the new certificates. Two sets of packages were supplied for both V2 and V3 DATs so that customers can verify updates from one DAT version to the following one. V2 DATs were supplied as XDATs. Executing these packages on a client system with a McAfee product updates it using a dual-signed package. The /F (Force) parameter enables a downgrade to an earlier version. V3 content was supplied as a V3 executable package.

NOTE: Host Intrusion Prevention Content 8.0.0.9184 is not compatible with these McAfee certificates. The new McAfee certificate exclusions have been made available with the May 2019 release package.

IMPORTANT: Customers participating in the evaluation must ensure that their test clients have the minimum DAT revision of 3668 (V3) / 9237 (V2) before they update their clients with an evaluation package.

Issues to look for:
If you see any of the following results during evaluation, inform McAfee through the DAT Evaluation group in the McAfee Community forums at https://community.mcafee.com/t5/DAT-Evaluation/gp-p/dat-evaluation.
  • Operating system security alerts stating a security certificate is invalid
  • Failure to update to the expected DAT version
  • Update showing as Available even though an update has already been completed
  • A Not Protected status in the local system console or ePolicy Orchestrator (ePO) console
Feedback and questions:
For feedback or questions about these DAT file changes, use the DAT Evaluation group in the McAfee Community forums at https://community.mcafee.com/t5/DAT-Evaluation/gp-p/dat-evaluation.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Spanish Spain

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.