4 Replies Latest reply on Aug 23, 2012 8:23 PM by kimberlynnh

    How to figure out what definitions are included in a DAT - specifically W32/XDocCrypt.a


      On August 9th  McAfee issued the following Threat Advisory for W32/XDocCrypt.aMcAfee Labs has released a Threat Advisory for W32/XDocCrypt.a.


      W32/XDocCrypt.a belongs to a family of malware which encrypts Microsoft Office Word, Excel and executable files. It encrypts these files using RC4 encryption algorithm. On successful encryption, the original file is replaced with the infector followed by encrypted data; and if the original file name has “.doc”/”.docx” then it is replaced by “U+202Ecod.scr”. If the original filename has “.xls/.xlsx” then it is replaced by “U+202Eslx.scr”.



      I did not deploy the superDAT and am trying to figure out if W32/XDocCrypt.a was included in the regular DAT deployed the following  Friday or over the weekend. Where can I find that information - either on the McAfee site, in ePO4.6 console, or in VSE 8.8 on a local machine.


      Also, in general, is there a list of what is included in a DAT? Where?


      Thank you