Recently, we had a large increase in the number of systems with old DATs (over 2% which is huge for us). I also noticed many of them had OAS disabled. I downloaded and ran an XDAT on them, and it fixed about 75% of the problem systems. I also periodically force deploying the Agent on problem systems, which helps with a few, but the XDAT had a much bigger impact.
I want to run a current XDAT on systems with old DATs via SCCM at least once a month to reduce the number of systems we have to fix manually. But our Desktop Engineering group wanted to find out why we are continually seeing VSE breaking on workstations before we start this as a regular task.
What are some of the main things that cause VSE to have these types of issues (old DATs and/or OAS being disabled)?
What does the XDAT do, that sometimes fixes these symptoms?
We currently have all sorts of patch levels in our environment, but we are in the process of upgrading to Patch 8.
One thing to keep in mind is that it is the McAfee Agent that performs the DAT update task.
That being said, some old versions of VSE such as 8.8 P4, you might see a situation where the DAT update task may run, but doesn't ever look to complete successfully because the McShield service doesn't get started, sometimes due to the McAfee Validation Trust Protection Service being in a "not started" or disabled state. This can happen for a few reasons, but typically it will be something like untrusted DLL injection or a failed patch update.
Your best bet on looking into why the DAT updates fail would be to investigate the logs found in %deflogdir%\updatelog.txt or Programdata\McAfee\Agent (or Common Framework)\logs\masvc.log and McScript.log.