avvclean.dat -> cleaning instructions for malware
avvnames.dat -> names of signatures/malware
avvscan.dat -> signatures for malware detections
All three are needed and combined represent the actual DAT.
Additional to the full DAT there are 30 incremental update files (.gem).
If the signature is within the last 30 updates VSE update incrementally rather than downloading the full DAT.
If something is "stuck" on the client I would first check Windows taskmanager which process consumes high CPU ...
thanks for the answer !
I'll monitor this but from what I remember it was mcshield
is there any particular policy to set up (like prevent scanning the DAT file by the on access protection)?
You can just add it to the Exclusions under the Access Protection, The On Access Scanner and if need be even in on demand scans ..
With the default setting the On Access Scanner (McShield.exe) scans the new DAT files when downloaded.
Best practise imho would be to put the mcafee processes "frameworkservice.exe" and "mcscript_inuse.exe" in a "Low-Risk" policy and add the appropriate exclusions and scan settings there.
Also patching could help - for further information check this link: