cancel
Showing results for 
Search instead for 
Did you mean: 

How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

On August 9th  McAfee issued the following Threat Advisory for W32/XDocCrypt.aMcAfee Labs has released a Threat Advisory for W32/XDocCrypt.a.

W32/XDocCrypt.a belongs to a family of malware which encrypts Microsoft Office Word, Excel and executable files. It encrypts these files using RC4 encryption algorithm. On successful encryption, the original file is replaced with the infector followed by encrypted data; and if the original file name has “.doc”/”.docx” then it is replaced by “U+202Ecod.scr”. If the original filename has “.xls/.xlsx” then it is replaced by “U+202Eslx.scr”.

I did not deploy the superDAT and am trying to figure out if W32/XDocCrypt.a was included in the regular DAT deployed the following  Friday or over the weekend. Where can I find that information - either on the McAfee site, in ePO4.6 console, or in VSE 8.8 on a local machine.

Also, in general, is there a list of what is included in a DAT? Where?

Thank you

4 Replies
Highlighted
pierce
Level 13
Report Inappropriate Content
Message 2 of 5

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

I find a quick google of what malware your looking for normally turns up a mcafee link with which DAT you need: http://home.mcafee.com/virusinfo/virusprofile.aspx?key=1411863

As for what is in each DAT i dont think they provide that, also I would enable Artemis (GTI lookups) as this is where quite a few of my detections are getting picked up these days. and you will see in some of the recommendations that if your artemis is medium then dont worry about this super DAT update etc....

thanks,

Pierce

alexn
Level 14
Report Inappropriate Content
Message 3 of 5

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

follow this link to find exact DAT definations.

https://kc.mcafee.com/corporate/index?page=content&id=KB75928

mjmurra
Level 12
Report Inappropriate Content
Message 4 of 5

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

Each DAT file released also has an associated readme http://www.mcafee.com/apps/mcafee-labs/release-notes/datreadme.aspx?region=uk which shows the changed detections.

Re: How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a

thank you, all that was the info I needed. not sure why I couldn't find it

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community