3 Replies Latest reply on Feb 27, 2012 6:42 AM by dmease729

    DAT updates for hosts without Internet or Repository access

    dmease729

      Hi,

       

      I need to install VSE8.8 on multiple servers that will not have any access to the Internet.  These instances of VSE8.8 will all be standalone as there is currently no ePO server in the environment.  The plan is to download the DATs manually onto a host that has Internet access.  The network that that host resides on has no access to the server environment, and vice-versa.  The DAT files will be burned onto CD and manually copied across to the protected servers.

       

      As I have not come across this situation before, I am wondering what the process can be used to ensure that DATs are kept up to date at regular intervals.  As there is no repository list, then I believe standard update tasks cannot be used as they try to connect to the first enabled repository, of which there are none.

       

      Normally I believe the update task would check the catalog file in the repository to see if there were actually any updated files in there, and then download the files required.  Is there any way of essentially dropping the latest DAT zip on to a host in order to update?

       

      The only way I would be sure of anything that works at present is to edit the autoupdate repository list, and add a local path repository.  But to to that, I would need to at least copy the AVVDAT-xxxx.zip and the catalog.z file.  However, if we are within the last 35 DAT updates, will it try to use the .gem's, in which case we would need to essentially copy across the entire repository file structure...  And if *that* is the case, the host with Internet access should really be running its own copy of VSE8.8, so the directory structure would be as required.

       

      I maybe making this more complicated than is neccessary, however i am trying to get this process fully sorted in my own head.  And the coffee isnt working...

       

      Any feedback appreciated as always!

       

      cheers,

        • 1. Re: DAT updates for hosts without Internet or Repository access
          hem

          I will suggest you to use either SDAT file from the McAfee website which will have both DAT/engine or copy/burn Engine folder from the machine which is updated.

          1 of 1 people found this helpful
          • 2. Re: DAT updates for hosts without Internet or Repository access
            dmease729

            Hi,

             

            I had previously thought that you had to package SDAT files yourself, but have found KB66694 that led me to http://www.mcafee.com/apps/downloads/security-

            updates/security-updates.aspx.  From the SuperDAT tab, I downloaded SDAT6607.exe, and ran it on my test server.
            Before SDAT6607.exe was run, the DAT version showed as 1111.0000 (creation date Feb 2, 2010), and the scan engine version showed as 5400.1158.  Buffer overflow

            and access protection DAT version was 567.

             

            The install runs through smoothly, until it gets to the window 'please wait while the 64-bit anti-virus files are being copied into installation directory'.  This

            window gets to the stage 'Removing temporary files.' and an error message pops up in another window advising 'error: product already running latest engine files'.

            Clicking OK on this error window closes both windows.  On checking VSE, the DAT version now shows as 6607.0000, the engine version as 5400.1158 (may well be the

            latest, I will need to confirm), and Buffer Overflow and Access Protection DAT Version shows as 567.  A window in the background advised that SuperDAT2.5.0 had

            finished successfully.

             

            After a browse around, I stumbled across KB59164 - 'How to Perform a forced installation of a SuperDAT file'.  Out of curiosity (and the fact I never like getting

            error messages...), I reverted the state of my test machine (to DAT1111.0000 and all), and followed this article through.  Everything happened the same as before,

            with the only exception being the lack of error message regarding the latest engine files.  DAT = 6607.0000, engine version 5400.1158 and Buffer Overflow and

            Access Protection DAT version 567.  All looks ok.  There is no explanation in this KB as to what situation you would need to run a forced install in, however,

            which makes me curious...

             

            Anyhoo, that appears to have done the trick, so I am happy for now.  Still going to raise a query regarding the lack of explanation on the forced install, but will do that in another discussion.  Similar issue seen in KB52858 for 8.5i, and that suggests running the install in silent mode with /s!  Seems to imply that there isnt a problem and the error is meant be informational?

             

            With regard to the suggestion on the Engine folder, given the fact that a manual copy would run into issues with Access Protection stopping the copy of files, my concerns over file locks (not sure what processes the SDAT exe stops in order copy files etc), and the fact that license files and config.dat files look to be in there - I am stepping away from that one for now just in case I run into unexpected issues.  That and that fact that the operator would need to run an integrity check on every file copied across!

            cheers,