cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 11

MEDDAT pulled into ePO repository?

Jump to solution

Yesterday, I noticed all of my ePO servers had a new entry in the master repository - MEDDAT, version 4228.  I have not seen that before.  When I search Google for this, I see an indexed McAfee KB article - KB92818.  The page title is "INTERNAL - Medium DAT (MEDDAT) appears in the ...".  I cannot see what this KB article says, and I have never seen MEDDAT in any of our repositories to date.

 

Does anyone know what this update is for, and why we just now started pulling it from McAfee?

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 11

Re: MEDDAT pulled into ePO repository?

Jump to solution

Hi @kb1 ,

The MEDDAT package you are seeing here is the individual signature component of the V3 DAT, which as you reference from that linked KB article is one portion of the AMCore content package currently in use on Windows. Both ENS for Linux and ENS for Mac will be utilizing this content type as of the 10.7 release, as my colleague has pointed out, to bring all platforms of the ENS product line into shape with using the same signature content. There is no set release date yet for either the ENS for Mac or ENS for Linux 10.7 release, but it should be coming in the near future.

It appears the MEDDAT content was added to the public repository a bit early, possibly in anticipation of the release and most likely for testing and validation purposes from the standard public repo. The content type has been available for some weeks now on the Beta repository.

Thank you,

Thank you,
Mitchell Buehler

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

10 Replies
Highlighted

Re: MEDDAT pulled into ePO repository?

Jump to solution

HI,

Same with me. I'm even searching for this, but of no luck. @vnaidu can you help us..

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 11

Re: MEDDAT pulled into ePO repository?

Jump to solution

Hello @Hemurali 

Thanks for your post.

Just wanted to inform you that Starting from ENS 10.7 version for ENS linux and ENS Mac will uses Medium DATs (MEDDAT) for scanning and they will not use the V2 Dats.

This is as Designed.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 11

Re: MEDDAT pulled into ePO repository?

Jump to solution

Hello @kb1 

Thanks for your post.

Just wanted to inform you that Starting from ENS 10.7 version for ENS linux and ENS Mac will uses Medium DATs (MEDDAT) for scanning and they will not use the V2 Dats.

This is as Designed.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

Highlighted
Level 7
Report Inappropriate Content
Message 5 of 11

Re: MEDDAT pulled into ePO repository?

Jump to solution

I do not see ENS 10.7 for Linux or Mac available -- I only show 10.6 as the latest I can pull.  I have been running ENS 10.7 for Windows for months, and have not seen this repo package until yesterday.  Does this mean ENS 10.7 for Linux and Mac is coming soon?

Also, under KB86704, section "AMCore Content - ...", there is a reference to medium DATs. (https://kc.mcafee.com/corporate/index?page=content&id=KB86704) -- I still dont understand why we are just now seeing this repo package, cannot find hardly ANY information about it, and the one KB that mentions this type of update just glosses over it.

Why is the V3 DAT still a 100 MB+ file when I was told the new DATs are much smaller?
The smaller size of DAT refers to the comparison of the AVV versus the MED (medium) DATs. These DATs offer equivalent functionality between VirusScan Enterprise and Endpoint Security.

  • For ENS:
    The MED DATs are found in the following location (note that the versioned folder changes):
     
    C:\Program Files\Common Files\McAfee\Engine\content\avengine\med\2647.0
     
    The combined size of medscan.dat, mednames.dat, and medclean.dat is 62.7 MB.

 

My organization still has scars from the 5958 DAT fiasco, so any sort of new definition/update type that shows up unknown and unannounced is not taken well.  The least that could have been done was send out an SNS about new content to support ENS 10.7 for Mac and Linux, or actually update a public KB article that will reference this.

Is there any public KB article you can point me to that references this new update? With all due respect, if I reference a community forum post to my customers when explaining this new update, that won't pass the smell test.

 

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 11

Re: MEDDAT pulled into ePO repository?

Jump to solution

Hello @kb1 

Thanks for your response.

Once this will get released you will get notified.

As of now i don't have any ETA available with me.

Once i have any information i will update this thread as well.

Thanks.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 11

Re: MEDDAT pulled into ePO repository?

Jump to solution

Hi @kb1 ,

The MEDDAT package you are seeing here is the individual signature component of the V3 DAT, which as you reference from that linked KB article is one portion of the AMCore content package currently in use on Windows. Both ENS for Linux and ENS for Mac will be utilizing this content type as of the 10.7 release, as my colleague has pointed out, to bring all platforms of the ENS product line into shape with using the same signature content. There is no set release date yet for either the ENS for Mac or ENS for Linux 10.7 release, but it should be coming in the near future.

It appears the MEDDAT content was added to the public repository a bit early, possibly in anticipation of the release and most likely for testing and validation purposes from the standard public repo. The content type has been available for some weeks now on the Beta repository.

Thank you,

Thank you,
Mitchell Buehler

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

Highlighted

Re: MEDDAT pulled into ePO repository?

Jump to solution

If we only have ENSL 10.6.8 and see this MEDDAT in our repo, does this mean we need to use this new from of DAT's for our endpoints now?  What are the re-precautions if a human error occurs and this new meddat is deployed to Linux systems running ENSL 10.6.*?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: MEDDAT pulled into ePO repository?

Jump to solution

Hi @Sourcefire 

The MEDDAT package will not work with ENSL versions prior to 10.7.0. Even if you include it in your update task for your 10.6.X endpoints, it will do nothing and will not be deployed as there will not be a product on the endpoints that supports it.

Thanks,

Thank you,
Mitchell Buehler

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted

Re: MEDDAT pulled into ePO repository?

Jump to solution

Ok thank you Mitchell! 🙂

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community