cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

What causes VirusScan DAT's to revert to an older version?

5/13/2010 1:05:51 PM Engine version = 5400.1158

5/13/2010 1:05:51 PM AntiVirus DAT version = 5907.0

5/13/2010 1:05:51 PM Number of detection signatures in EXTRA.DAT = None

5/13/2010 1:05:51 PM Names of detection signatures in EXTRA.DAT = None

5/13/2010 1:16:46 PM Engine version = 5400.1158

5/13/2010 1:16:46 PM AntiVirus DAT version = 5981.0

5/13/2010 1:16:46 PM Number of detection signatures in EXTRA.DAT = None

5/13/2010 1:16:46 PM Names of detection signatures in EXTRA.DAT = None

5/18/2010 3:30:55 PM Engine version = 5400.1158

5/18/2010 3:30:55 PM AntiVirus DAT version = 5907.0

5/18/2010 3:30:55 PM Number of detection signatures in EXTRA.DAT = None

5/18/2010 3:30:55 PM Names of detection signatures in EXTRA.DAT = None

5/20/2010 1:56:42 PM Engine version = 5400.1158

5/20/2010 1:56:42 PM AntiVirus DAT version = 5988.0

5/20/2010 1:56:42 PM Number of detection signatures in EXTRA.DAT = None

5/20/2010 1:56:42 PM Names of detection signatures in EXTRA.DAT = None

6 Replies

Re: What causes VirusScan DAT's to revert to an older version?

Was a rollback of the DAT performed?

Andrew

Mal09
Level 12
Report Inappropriate Content
Message 3 of 7

Re: What causes VirusScan DAT's to revert to an older version?

How many repositories do you have? How are dats copied to each repository?

Also the logs:

McScript.Log and agent_<computername>.log found in C:\users\All  Users\McAfee\Common Framework\DB (Or c:\Documents and Settings\All  Users\Application Data\McAfee\Common Framework\DB (not 100% sure on this  path)

should show which repository was used to update the dat.

Also EPO has the information which repository was used. A query should be able to find it.

My suspicion is that you have a repository that is out of date but for some reason the client is downgrading using it. There are normally timestamps used to stop this happening, but I've seen cases where it didn't occur.

Message was edited by: Mal09 on 20/05/10 19:32:02 GMT
apoling
Level 14
Report Inappropriate Content
Message 4 of 7

Re: What causes VirusScan DAT's to revert to an older version?

Hi,

I assume this client is ePO managed. Please check if the McAfee Agent policy for this client is such, that the Updates\DAT file downgrades option is checked. If so, then if there is an out of date repository, it might downgrade regularly (whenever that repository is to take by the agent).

I'm not sure if this option otherwise corresponds to the Rollback DATs function in VirusScan console, but suppose it does not, otherwise after the first downgrade, you'd be stuck with the old DAT (as rollback DAT is a one-way action, I think).

Attila

Mal09
Level 12
Report Inappropriate Content
Message 5 of 7

Re: What causes VirusScan DAT's to revert to an older version?

apoling wrote:

I'm not sure if this option otherwise corresponds to the Rollback DATs function in VirusScan console, but suppose it does not, otherwise after the first downgrade, you'd be stuck with the old DAT (as rollback DAT is a one-way action, I think)


Indeed. Rollback sets a flag so that the machine will not update again to the "faulty" version of the dat. So it's not Rollback causing it.

Your point about "Allow dats to be downgraded" is what I was trying to make, but not sure I was clear enough in my explanation.

Re: What causes VirusScan DAT's to revert to an older version?

Sorry all, these machines are not being managed by ePO....  They are updating from the McAfee http and ftp sites.

apoling
Level 14
Report Inappropriate Content
Message 7 of 7

Re: What causes VirusScan DAT's to revert to an older version?

Then please check if they update from V2 enabled sources: a "2" is to be appended to the end of the HTTP or FTP URL. Perhaps one site URL does not have this and although it is available, it has old versions.

Attila

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center