O.K, I'm thoroughly confused with Intel/McAfee numbering systems. First, it would be nice if the SNS notices, SW Management ePO team, SW versioning team would list ALL version numbers used by a particular product when it is updated. Second, the SW Management ePO team should quit counting products in the "Previous" and "Evaluation" as needing updates. I'm aware McAfee/Intel sometimes recommends updates be installed from these categories, but they also recommend the latest version be kept in the "Current" and setting the update parameters to use "Previous". My current problem is I cannot tell what version of DAT reputation I'm using and what is appropriate. I have a 220.127.116.11 and a 18.104.22.168 version when I check the extensions. These version numbers do not correspond to the latest SNS notice that version 1.0.3 will be released. I've tried finding 1.0.3 on the Common Updater site the SNS notice recommends, with no luck. When I look at the files in the .zip, they don't look like previous extension files. What extension version number will the 1.0.3 DAT Reputation use?
did you mean this SNS newsletter?
I have the same problem. I can´t see any DAT Reputation Version 1.0.3. Do you have any update?
Yes to the news letter.
No. I've contacted sales rep three times without any success for the version number used by the extension. Nor do I find any mention of the version number in the updater links, either two or three.
If you add a comment to my post, it may make them a little happier and help to get a response. Not really knocking McAfee, I just get frustrated with the different versioning levels they use.
similar frustration here. I can only assume that there isn't a dependency between the extension version checked into your ePO and the version of the DAT reputation agent on the endpoint. Suffice to say I would imagine is best to keep up to date with the latest extension available from McAfee (refer this document here for download locations). At last check the latest extension was 22.214.171.124 (10-Jun-2015). If you do find out from McAfee support I'd love to know a definitive answer.
In terms of knowing which version of the DAT reputation agent you have your environment there isn't a query available to give you a view of your fleet - you can only query on the status of DAT reputation and the safety pulse functions from what I can ascertain. I did find though that if you navigate to your DAT content directory on the ePO (default path would be "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Software\Current\VSCANDAT1000\DAT\0000\") and extract the contents of the file DATRep.zip to a temporary location then look at the properties of the file mcdatrep.exe you can see the product version information. In the example below the first is what is in my Master Repository currently and the second is the properties of the DATRep.zip I just downloaded from the commonupdater3 site. You can also achieve the same on an endpoint by navigating to "C:\Program Files (x86)\Common Files\McAfee\DATReputation\" but probably not practical in an environment of 7,000+ endpoints. An opportunity for a product enhancement request in the ePO DAT Reputation extension.
Ultimately we have no choice in adopting DAT Reputation version 1.03, McAfee are merely giving us an opportunity to socialise and test within our environments in advance of the forced deployment included in the DAT update on the nominated dates. I'm just hoping that the DAT Reputation policies we have previously defined in the ePO to manage these features are still applicable post the 1.03 update.
I'd love to hear any feedback you receive from McAfee support on this item.
thanks for the hint.... so i checked some things.
- EPO Repository holds a DAT Reputation Version of 1.0.3 -> OK
- Extension 126.96.36.199 is fine, there is no newer Version available -> OK
- My Client has version 1.0.1 installed. I checked the files on my dis. The version is also reported to EPO right -> OK
The Problem is.... DAT Reputation is not upgraded on my endpoint. Neither if removed, it is not installed again.... 😞
I removed DAT Reputation manually. My Client is not reporting DAT Reputation back to EPO.
Let´s see what happens with the next DAT update
i removed DAT Reputation 1.01 completely from my system. This includes removing the files and removing the Plugin Entry in the Registry.
Now with the new DATs my system was upgraded to version 1.0.3.
Also my clients are starting to upgrade to version 1.0.3. Seems anything is okay with the deployment.
It only looks like there are some troubles with the DAT reputation lookup.
You will also find that if your endpoints don't have a up to date certificate store and is missing the VeriSign Class 3 Public Primary Certification Authority - G3
certificate the DAT reputation component wont run and therefore doesn't report a version back to the ePO (see KB85680). I have actually found that you need the VeriSign Class 3 Public Primary Certification Authority - G5 certificate to be in the endpoints local certificate store in order to the DAT Reputation 1.0.4 to be reported. If your looking at applying VirusScan Enterprise 8.8 Patch 7 the certificate is a prerequisite anyway (see KB86972).
Still running 188.8.131.52, appears to work correctly but no way to verify. Policies in place and sent to Agents. 184.108.40.206 still shows up in SW manager. ePO version is 5.1.3.
I check the certificate per the KB before starting to move systems to P7, so that isn't a problem on my end. Thanks for the reminder.
Thanks to all,