We are testing ENS 10.1 and that it seems that the DAT file for VirusScan seems to be updated faster than the AMCore package. Some machines with VSE 8.8 P7 detected a suspicious file and others systems with ENS 10.1 latest AMCore Package did not. Actually, a case was submitted and extraDAT was issued but only for ENS 10.1
Reviewing the FAQs for V2 DAT files, it says:
At what time during the day will the daily DAT files be made available?
The daily DAT files are generally available by 19:00 (UTC/GMT). However, if a new threat warrants this, daily DAT files may be released earlier. Under some circumstances daily DAT releases may be delayed. To receive alerts regarding delays or important notifications, subscribe to the Support Notification Service (SNS). For SNS details, see articleKB67828.
However, for McAfee Endpoint Security 10.0.0 Software For use with the McAfee SecurityCenter, it says:
McAfee Labs finds and adds known threat information (signatures) to the content files. With the signatures, AMCore content files include information on cleaning and counteracting damage that the detected virus can cause.
If the signature of a virus isn't in any of the installed content files, the scan engine can't detect and clean that virus.
New threats appear regularly. McAfee Labs releases engine updates and new content files that incorporate the results of ongoing threat research almost every day at about 6:00 PM (GMT).To make sure that Threat Prevention uses the latest content files and engine, retrieve these files from McAfee and update your systems daily.
My bet is; seems there is a delay of 23 hours where AMCore Content package get updated at 18:00 with the same definitions for DATs. Then, at 19:00, DAT definitions are more updated than AMCore Content Package.
Anybody has experienced something similar? What am I missing?