1 Reply Latest reply on Feb 23, 2012 1:07 PM by wwarren

    Which registry entry to count on?


      We had some machines that tried to update to Patch 1 for VSE 8.8 and failed which in turn left them in a half installed state.  So I learned that I can run the VSE 8.8 install without patch 1 and that fixes the issue but I noticed that in ePO they are registering as updated but in the registry it shows two different dat files.  The paths are






      HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8800.



      The network associates is up to date, and the mcafee one still shows an out of date dat file.  My question is, should I be concerned that they don't match up?  Which one is the correct one?

        • 1. Re: Which registry entry to count on?

          The AVEngine values are correct. Meaning, that is what the product is actually using.

          The McShield process writes these values after the service starts and it has successfully loaded the Engine/DATs into memory.

          Should the values be old or missing, it's reason for concern.


          The other key is maintained by the McAfee Agent, and is accurate inasmuch as it shows what the Agent believes it has done.


          Adding to the complexity is what gets reported back to ePO.

          Neither of these values are used though AVEngine will be the more accurate.

          When full property collection occurs the data reported is obtained from memory - so if the DAT version shown in ePO is old or missing, you probably have an unhealthy client.


          Further complicating matters for ePO users, is when an update task runs you'll get an initial event back from the Agent indicating what DAT version the client allegedly updated to - whether or not that update successfully occurred. It's not until a full property collection occurs, usually at your ASCI interval, that you really know what the client node is running. Therefore, you can trust the data if you know a full property collection has occurred.