cancel
Showing results for 
Search instead for 
Did you mean: 
McDuff
Level 10
Report Inappropriate Content
Message 1 of 6

Extra.dat Deployment Client Task Behaviours

Jump to solution

Greetings,

I wanted to clarify the behavior of performing Extra.dat upgrades via ePO client tasks.

Scenario: 

We have an extra.dat checked into the master repository.

We have multiple distributed repositories.

We have initiated a replication task to deploy the extra.dat to the have multiple distributed repositories, but, either:

  1. The replication has not completed on repositories yet, or
  2. The replication has failed on some repositories.

Questions:

  1. If we run a client update task to deploy the Extra.dat to a PC whose closest repository doesn't have the new Extra.DAT (it still has an old Extra.DAT), will the clients attempt to pull the Extra.dat from another repository?  Or will the update task fail?
  2. If we have an existing client update task created already for an old Extra.dat that's been set to run "asap" months ago, will the client task re-run again "asap" once the new Extra.dat is checked in?  Usually to be on the safe side I delete and recreate the client task, but I just wanted to confirm the behavior.
1 Solution

Accepted Solutions
McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Extra.dat Deployment Client Task Behaviours

Jump to solution

I suggest you to kindly make sure the Extra dat file is replicated to the distributed repository. If replication is failing, you will need to check EPOAPSVR logs on EPO server to correct that issue.

 

If we run a client update task to deploy the Extra.dat to a PC whose closest repository doesn't have the new Extra.DAT (it still has an old Extra.DAT), will the clients attempt to pull the Extra.dat from another repository?  Or will the update task fail?

Ans - In case a client is not able to update the extra dat from the closest repository, it will attempt to update the extra dat from the next repository configured in the Repository list in the McAfee Agent > Repository > My Default Policy. Please refer to the attached screen shot.

Repository List.pngRepository List

The other option is to enable Peer to Peer communication McAfee Agent > General > My Default Policy

Peer to Peer communication.PNGPeer to Peer communication

If we have an existing client update task created already for an old Extra.dat that's been set to run "asap" months ago, will the client task re-run again "asap" once the new Extra.dat is checked in?  Usually to be on the safe side I delete and recreate the client task, but I just wanted to confirm the behavior.

Ans - A client update task if still valid will run as per the schedule and update the extra dat. Also if the master repository has a new extra dat file to be updated, whenever the agent server communication happens the new extra dat package will be applied on the client machine

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Tajammul Hussain
McAfee Technical Support

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
5 Replies
McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Extra.dat Deployment Client Task Behaviours

Jump to solution

I suggest you to kindly make sure the Extra dat file is replicated to the distributed repository. If replication is failing, you will need to check EPOAPSVR logs on EPO server to correct that issue.

 

If we run a client update task to deploy the Extra.dat to a PC whose closest repository doesn't have the new Extra.DAT (it still has an old Extra.DAT), will the clients attempt to pull the Extra.dat from another repository?  Or will the update task fail?

Ans - In case a client is not able to update the extra dat from the closest repository, it will attempt to update the extra dat from the next repository configured in the Repository list in the McAfee Agent > Repository > My Default Policy. Please refer to the attached screen shot.

Repository List.pngRepository List

The other option is to enable Peer to Peer communication McAfee Agent > General > My Default Policy

Peer to Peer communication.PNGPeer to Peer communication

If we have an existing client update task created already for an old Extra.dat that's been set to run "asap" months ago, will the client task re-run again "asap" once the new Extra.dat is checked in?  Usually to be on the safe side I delete and recreate the client task, but I just wanted to confirm the behavior.

Ans - A client update task if still valid will run as per the schedule and update the extra dat. Also if the master repository has a new extra dat file to be updated, whenever the agent server communication happens the new extra dat package will be applied on the client machine

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Tajammul Hussain
McAfee Technical Support

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
McDuff
Level 10
Report Inappropriate Content
Message 3 of 6

Re: Extra.dat Deployment Client Task Behaviours

Jump to solution

Just a follow-up question.  I was just checking my McAfee Agent status monitor during the deploy of another product, and I just happened to notice this message:

Repo missing extradat.png

The wording on the message seems to imply that the DAT/Extra.DAT update will only occur IF the particular repository I'm currently connected to has the latest DAT/Extra.dat, and if the files aren't there, it's not going to check another repository. 

Reliable Contributor bodysoda
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: Extra.dat Deployment Client Task Behaviours

Jump to solution

I won't worry too much about the old Extra.DAT. An Extra.DAT file is a temporary detection signature that is provided by McAfee Labs for malware that is not detected in the regular .DAT files. These signatures are usually distributed after submission and testing of infected files that were not properly detected or cleaned.

 Only a single Extra.DAT can be used at any given time. In some cases, you may need to combine several Extra.DAT files to defend against multiple new threats. You can upload multiple Extra.DAT files and combine them into a single signature file through the ServicePortal or Platinum Portal.

See this KB KB68061

 

 

 

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Highlighted
McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: Extra.dat Deployment Client Task Behaviours

Jump to solution

Thank you for posting your query

The DAT files will be downloaded from the repository as per the settings in the McAfee Agent > Repository > My Default policy. If the Dat file is not found in the first repository it will look into the next repository as per the settings you have selected. Please take a look at the below screen shot. MA Repository policy.PNG

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
McDuff
Level 10
Report Inappropriate Content
Message 6 of 6

Re: Extra.dat Deployment Client Task Behaviours

Jump to solution

Thanks very much for the responses.  Just one more clarification:

If a client has two defined repositories, and for some reason one of the repositories has not received the updated source files, but has some files in it, which coincidentally match what's currently on the PC, will the PC try another repository?

My PC has DAT v1000 and ENS 10.5.3 and I perform an Update Security, or I push a deploy/upgrade task to the PC.

My PC is configured to use two repositories:  Repository 1 or Repository 2, and McAfee Agent has determined that Repository 1 is the preferred repository, but repository 1 had a failed replication and doesn't match the master repository, i.e.:

Out of date Repository 1 contains:  Product X version 1 (e.g. DAT v1000, or ENS v10.5.3, which is already installed on the client)

Up to date Repository 2 contains:  Product X version 2 (e.g. DAT v1001, or ENS v10.5.5, which is not yet installed on the client)

In this case, will the McAfee Agent be smart enough to know what the files on Repository 1 are not what's in the master repository, and move to Repository 2, or will it just compare what's in Repository 1 (DAT v1000, or ENS 10.5.3) to what's installed on the PC (which happens to be DAT v1000, or ENS 10.5.3) and end the task reporting that no deploys/upgrades need to be performed?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community