8 Replies Latest reply on Jan 30, 2014 8:54 AM by somd55

    Announcing McAfee 5600 Engine Beta


      McAfee is pleased to announce the Beta release of McAfee Anti-Malware Engine version 5600. The 5600 Engine will succeed the current 5400/5500 Anti-Malware Engine(s).
      We encourage you to actively participate in this beta program and provide your valuable feedback.


      Includes the following improvements in Beta1:

      • Performance enhancements to Multipurpose Internet Mail Extensions (MIME) scanning
      • File decomposition support for RedHat Package Manager (.rpm) file format
      • DAT loading and updating improvement for better performance during incremental DAT updates
      • General performance optimizations targeting initialization, updating, and scanning
      • End-of-Life platform: Mac OS/X 10.2.8, Mac OS/X 10.3.9, Novell NetWare, HP UX 11.0, Microsoft Windows NT4

      To follow in Beta 2:


      • Enhanced unpacking to detect more threats
      • Enhancements to Office file format scanning to improve exploit detection capabilities
      • Enhancements to Portable Document File (.PDF) scanning to improve exploit detection
      • New supported platforms: FreeBSD 8, Linux Kernel 3.x

      The 5600 Engine beta is available from the McAfee public beta page:

      NOTE: Customers must register for the beta program on the public beta page to obtain the beta package(s)


      The 5600 packages are available as ePO Packages for:


      • Linux
      • Mac OS X Universal
      • Microsoft Windows


      It is expected that the repackage of VirusScan Command Line with a 5600 Engine will be available a few weeks after Engine 5600 RTW.


      NOTE 1: VSE 8.7i Patch 5 and Hotfix 777352 are required for VSE 8.7i to install the 5600 Anti-Malware Engine.  For details, see KB75459 - VirusScan Enterprise 8.7i Patch 5 and Hotfix 777352 are required for VSE 8.7i to install the 5600 Anti-Malware Engine


      NOTE 2: Microsoft Windows January 2013 update or newer required for Win XP SP3 and Win 2003 machines which are not connected to the internet, to trust the digital certificate used to sign the 5600 Engine. For details, see Microsoft KB931125


      The release schedule for the 5600 Engine is currently as follows:

      • Beta 2 later in Q1 2013
      • Release Candidate (RC) in early Q2 2013
      • RTW (Elective download) in Q2 2013
      • RTW (AutoUpdate) in Q3 2013
      • 5400/5500 Engine(s) End Of Life (EOL) in Q4 2013

        • 1. Re: Announcing McAfee 5600 Engine Beta

          Hello... I just installed 5600 on my machine and so far so good.   Do you have a more detailed list of changes with this engine?  Is this engine geared towards behavioral analysis as opposed to signature based detection?

          • 2. Re: Announcing McAfee 5600 Engine Beta

            5600 is the traditional signature based AV Engine

            DAT Loading Performance
            The time taken to initialize the Engine, has been reduced. The performance increase is relative to the hardware and overall system load as usual, it should vary in the range of 15% to 25% of initialization time being saved with the 5600 Engine.


            DAT Updating Memory Footprint
            The peak memory usage to apply a .gem incremental updates to an AVV DAT set, has been reduced significantly by roughly about 20 to 30% across both low-spec and contemporary desktop hardware. The performance of applying incremental updates has additionally been increased by roughly about 10 to 20%.


            The general performance improvements are based on partnering with Intel. Improvements are around optimizing internal Engine codebase. All the performance improvements have been done “under the hood,” they don’t require changes to the existing products.


            Adding decomposition support for RedHat Package Manager and newer versions of packers like UPX will allow the Engine to scan inside of these file formats rather than just seeing the top level object. It will allow researchers to author better generic detections. Same applies to improved support for PDF and OLE file formats for exploit detection.

            • 3. Re: Announcing McAfee 5600 Engine Beta

              Vinoo, just to clarify your statement, is the 5600 engine the "AM Core" engine that I heard described at FOCUS? Or is AMCore still upcoming?

              • 4. Re: Announcing McAfee 5600 Engine Beta

                AM Core is currently incorporated into the Consumer product line. Expect AM Core to debut in VirusScan Enterprise in its next major release version.


                5600 Engine is not AM Core. Think of AM Core as a framework that can consume multiple Engines.


                on 12/2/13 12:44:33 AM IST
                • 5. Re: Announcing McAfee 5600 Engine Beta



                  You've made me curious.  I've associated AM Core with Deep Defender.  I was at the FOCUS discussion on some significant anti-malware enhancements coming, and was under the impression that these were to be in the 5600 engine, but appearently not.   Is what I'm anticipating within AM Core for VSE?  Can you clarify the difference between AM Core for VSE and DD?  What does AM stand for anyway?  Anti-Malware?




                  • 6. Re: Announcing McAfee 5600 Engine Beta

                    Am I correct in assuming this is valid for VSE 8.7 and above only. No VSE8.5?


                    also, is there a standalone package available?


                    Message was edited by: mfaizal on 2/8/13 5:05:49 PM CST
                    • 7. Re: Announcing McAfee 5600 Engine Beta

                      @Daveb3d:  What you're referring to is Anti-Malware Core in upcoming VirusScan Enterprise. AM Core in VSE hasn't been released yet, only in Deep Defender and Consumer products, so I’ll list the difference between these two. DD and the Consumer product both use the AM Core framework for content and scanning capabilities - however they operate quite differently. For example, in Deep Defender OAS is only performed for selected folders and it supports the CPU events generated by the TMSL (Intel) layer.


                      @mfaizal: VSE 8.7 patch 5 with HF777352  and above
                      VSE 8.5 is EOL and was not tested for this release. We're not releasing a SuperDAT standalone package for the beta - only the ePO deployable packages.

                      • 8. Re: Announcing McAfee 5600 Engine Beta

                        8.7 P5 HF777352, yes anything with 8.5 5400 will upgrade to 5600 but not through ePO as it will check for the minimum requirements.