3 Replies Latest reply on Jul 13, 2011 11:02 AM by rc-uk

    DAT Update Process

    rc-uk

      Hi,

       

      I am trying to find out exactly what process occurs when a VirusScan DAT update occurs.

       

      I am aware of the 3 files on the PC (AVVCLEAN, AVVNAMES and AVVSCAN) which are updated by the new DAT, but what happens next in the process?

       

      Specifically, I have devices with low RAM (512mb) and these show problems around the update time and I wold like to understand the process fully before I look to introduce Low Risk Policies and Lower the Thread priority that are mentioned in several KB articles.

       

      Any indication of the process undertaken would be much appreciated.

       

      Thanks

       

      Russ

        • 1. Re: DAT Update Process
          joeleisenlipz

          I am sure there is a much more detailed explanation, but here's a stab at oversimplifying it.

           

          1. Current content is compared with available content
          2. New content is downloaded and temporarily stored on the disk (regardless of .GEM, .ZIP, XDAT, etc)
          3. Once downloaded the new AVV*.DAT files are prepared (decompress/compiled/whatever)
          4. Old AVV*.DAT files are backed-up (overwriting any existing old files)
          5. New files are swapped into place
          6. (Depending of version) Engine Service should create a new runtime DAT file
          7. If enabled, "Scan processes on enabled" feature runs
          8. Update event should be generated (and possibly sent)
          9. Normal operation resumes

           

          Somewhere in there, is a clean-up of the temporary files, but I'm not entirely sure--guessing between 5 & 6.

          1 of 1 people found this helpful
          • 2. Re: DAT Update Process
            nbaumann

            afaik, the dat extraction is done in memory. that's why the memory usage grows temporarily during a

            signature update. we saw systems with less than 1GB of ram to experience poor performance during

            a signature update due to swapping. as the result we defined two cores and 1GB ram as the minimal

            requirements in our company for windows xp (we shipped around the problem one could say).

             

            we also have a couple of registry tweaks in operation which do lower the impact on legacy systems when

            they are running jobs during a signature update. we even had a case when a measurement software

            crashed repeatedly during the signature update. registry tweaks and specific exclusions solved this issue.

             

            we also disabled "scan processes on enable" for performance reasons.

             

            regards,

            nik

            1 of 1 people found this helpful
            • 3. Re: DAT Update Process
              rc-uk

              Thanks for the responses - looking at recent KB articles the 'scan processes on enable' feature is disabled by default after 8.7 Patch 1 - we are running patch 4 so this should not be running.

               

              Any other secific prcess related infor would be great.

               

              Thanks again

               

              Russ