Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 4

DAT Update Process


I am trying to find out exactly what process occurs when a VirusScan DAT update occurs.

I am aware of the 3 files on the PC (AVVCLEAN, AVVNAMES and AVVSCAN) which are updated by the new DAT, but what happens next in the process?

Specifically, I have devices with low RAM (512mb) and these show problems around the update time and I wold like to understand the process fully before I look to introduce Low Risk Policies and Lower the Thread priority that are mentioned in several KB articles.

Any indication of the process undertaken would be much appreciated.



3 Replies
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: DAT Update Process

I am sure there is a much more detailed explanation, but here's a stab at oversimplifying it.

  1. Current content is compared with available content
  2. New content is downloaded and temporarily stored on the disk (regardless of .GEM, .ZIP, XDAT, etc)
  3. Once downloaded the new AVV*.DAT files are prepared (decompress/compiled/whatever)
  4. Old AVV*.DAT files are backed-up (overwriting any existing old files)
  5. New files are swapped into place
  6. (Depending of version) Engine Service should create a new runtime DAT file
  7. If enabled, "Scan processes on enabled" feature runs
  8. Update event should be generated (and possibly sent)
  9. Normal operation resumes

Somewhere in there, is a clean-up of the temporary files, but I'm not entirely sure--guessing between 5 & 6.

Level 7
Report Inappropriate Content
Message 3 of 4

Re: DAT Update Process

afaik, the dat extraction is done in memory. that's why the memory usage grows temporarily during a

signature update. we saw systems with less than 1GB of ram to experience poor performance during

a signature update due to swapping. as the result we defined two cores and 1GB ram as the minimal

requirements in our company for windows xp (we shipped around the problem one could say).

we also have a couple of registry tweaks in operation which do lower the impact on legacy systems when

they are running jobs during a signature update. we even had a case when a measurement software

crashed repeatedly during the signature update. registry tweaks and specific exclusions solved this issue.

we also disabled "scan processes on enable" for performance reasons.



Level 7
Report Inappropriate Content
Message 4 of 4

Re: DAT Update Process

Thanks for the responses - looking at recent KB articles the 'scan processes on enable' feature is disabled by default after 8.7 Patch 1 - we are running patch 4 so this should not be running.

Any other secific prcess related infor would be great.

Thanks again


You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community