In case anyone else is suprised to find the 5301 engine in their repository this morning:
https://kc.mcafee.com/corporate/index?page=content&id=KB51132 McAfee is releasing the 5301 Anti-Malware Incremental Engine Update for elective download on January 28th 2009. From this date you will be able to download 5301 Engine packages for manual installation. This release includes packages that can be used with ePolicy Orchestrator (ePO), ProtectionPilot (PrP) and McAfee AutoUpdate Architect (MAA)
This release will not include SuperDAT packages or Command Line Scanners, as they do not use Incremental Engine Update technology. The daily SuperDATs (SDat and XDat) will continue to contain the 5.3.00 Engine.
After a review of the 5301 elective download the McAfee AutoUpdate sites will be updated with the 5301 Engine. If you do not want to receive this update automatically when this occurs, please reconfigure your update procedures accordingly. The AutoUpdate posting is scheduled for April 15th 2009.
https://kc.mcafee.com/corporate/index?page=content&id=KB59951 What is the 5301 Anti-Malware incremental Engine Update? 5301 is a minor revision to the engine which includes enhancements to NSIS and Adobe Flash support. These enhancements are being delivered to allow for better protection to the end user. The release also contains minor bug fixes.
Why is there an incremental Engine release? The threat landscape is evolving on an hourly basis. While McAfee has mechanisms in place to respond these threats, enhancements in the Engine allow for a faster and more powerful method to AVERT Researchers to deliver effective detection to our customers.
What are the benefits of the 5301 Incremental Engine Update over the 5300 Release? As noted above, the benefits of 5301 will be enhanced detection rates for threats utilizing the widespread NSIS installer format, as well as Adobe’s Flash format (Shockwave Flash) which is widely used on the web today, and known for being a highly exploitable format.
I am curious as to how much testing time folks devote to these sorts of updates? Even if you have a devoted QA team, there still isn't any prescribed testing "plan", per se.
For instance, I loaded it on a few test machines/VMs and let it run for a few days (OAS, and a few ODS). I didn't really specifically "test" anything, just kept an eye out for any false positives or other odd behavior.
The FP were in the nsis of an app that regularly comes up FP on many malware scanners, so apart from that one I'm pretty happy with it, it didint thro up any other FP on the machines I tested it on before it went live