- Copy the supplied
Extra.DAT file to the following directory, and change the permission to the correct one:
# cp extra.dat /var/McAfee/ens/tp/dat/extra/avvextra.dat
# chmod 600 /var/McAfee/ens/tp/dat/extra/*
- Restart the
mfetpd service to reflect the change:
# /opt/McAfee/ens/tp/init/mfetpd-control.sh restart
- Confirm that the
Extra.DAT is loaded as expected using the following command:# grep Extra /var/McAfee/ens/log/tp/mfescanfactory.log
Dec 21 03:40:47 localhost INFO AMScanEngineMain [7130] The Extra DAT is available, initialising engine with Extra DATs
Manually update DAT and Extra.DAT files for ENSL
Technical Articles ID:
KB88234
Last Modified: 2023-11-22 13:10:26 Etc/GMT
Last Modified: 2023-11-22 13:10:26 Etc/GMT
Environment
Endpoint Security for Linux Threat Prevention (ENSLTP) 10.x
Summary
Recent updates to this article
Contents
Click to expand the section you want to view:
To manually update ENSLTP Extra.DAT files:
To manually update ENSLTP DAT files:
NOTE: It's also possible to provision a repository that's accessible within the air-gapped environment. For more information, see KB96730 - Exploit Prevention content isn't updated in air-gapped environments.
| Date | Update |
| November 22, 2023 | Added link to KB96730. |
| May 9, 2022 | Added Expand All/Collapse All sections. |
Contents
Click to expand the section you want to view:
- Copy the supplied
Extra.DAT file to the following directory, and change the permission to the correct one:
# cp extra.dat /var/McAfee/ens/tp/engine/dat/extra/avvextra.dat
# chmod 600 /var/McAfee/ens/tp/engine/dat/extra/*
- Restart the
mfetpd service to reflect the change:
# /opt/McAfee/ens/tp/init/mfetpd-control.sh restart
- Confirm that the
Extra.DAT is loaded as expected using the following command:# grep Extra /var/McAfee/ens/log/tp/mfescanfactory.log
Dec 21 03:40:47 localhost INFO AMScanEngineMain [7130] The Extra DAT is available, initialising engine with Extra DATs
- Copy the supplied
Extra.DAT file to the following directory, and change the permission to the correct one:
# cp extra.dat /opt/isec/ens/threatprevention/var/engine/dat/extra/avvextra.dat
# chmod 600 /opt/isec/ens/threatprevention/var/engine/dat/extra/*
- Restart the
isectpd service to reflect the change:
# /opt/isec/ens/threatprevention/bin/isectpdControl.sh restart
- Confirm that the
Extra.DAT is loaded as expected using the following command:# grep Extra /opt/isec/ens/threatprevention/var/isecscanfactory.log
Dec 21 03:40:47 localhost INFO AMScanEngineMain [7130] The Extra DAT is available, initialising engine with Extra DATs
To manually update ENSLTP DAT files:
- Download the latest MED package from one of the following locations:
HTTPS CommonUpdater site
HTTP CommonUpdater siteThe file name is similar tomediumdat-XXXX.zip , where XXXX is the regular DAT number. - Copy the
mediumdat -<DAT version>.zip file to a temporary folder on the Linux server and decompress the ZIP archive. For example, copy themediumdat-<DAT version>.zip file to/tmp/dat/mediumdat-<DAT version>.zip and then run the following commands:# cd /tmp/dat
# unzip mediumdat-<DAT version>.zip - Change the current directory to the following:
/var/McAfee/ens/tp/dat/ - Create a directory with the name of the DAT version to which you want to update, and change the permission to the correct one. For example, if the DAT version you downloaded is 4250:
# mkdir /var/McAfee/ens/tp/dat/4250
# chmod 600 /var/McAfee/ens/tp/dat/4250 - Copy the DAT files under the directory created in step 5, and change the permission to the correct one. For example:
# cp /tmp/dat/*.dat /var/McAfee/ens/tp/dat/4250
# chmod 600 /var/McAfee/ens/tp/dat/4250/*
- Edit the
/var/McAfee/ens/tp/prefs.xml file and change the value of the<MajorDATVersion> tag to the DAT version to which you want to update. For example, if the DAT version you downloaded is 4250:<MajorDATVersion>4250</MajorDATVersion>
<ExtraDATVersion>0</ExtraDATVersion>
<MajorEngineVersion>5800</MajorEngineVersion>
<MinorDATVersion>0</MinorDATVersion>
<MinorEngineVersion>7501</MinorEngineVersion>
- Restart the
mfetpd service to reflect the change:
# /opt/McAfee/ens/tp/init/mfetpd-control.sh restart
- Confirm that the DAT version is reflected as expected. Also, confirm that the following command shows the correct version for the DAT Version item:
# /opt/McAfee/ens/tp/bin/mfetpcli --version
- Download the latest V2 DAT Package For Use with ePO:
DAT downloads siteThe file name is similar to
avvepoXXXXdat.zip , where XXXX is the regular DAT number. - Extract the
avvdat-<DAT version>.zip file from theavvepoXXXXdat.zip archive file. - Copy the
avvdat-<DAT version>.zip file to a temporary folder on the Linux server and decompress the ZIP archive. For example, copy theavvdat-<DAT version>.zip file to/tmp/dat/avvdat-<DAT version>.zip and then run the following commands:# cd /tmp/dat
# unzip avvdat-<DAT version>.zip - Change the current directory to:
/var/McAfee/ens/tp/dat/ - Create a directory with the name of the DAT version to which you want to update, and change the permission to the correct one. For example, if the DAT version you downloaded is 8372:
# mkdir /var/McAfee/ens/tp/dat/8372
# chmod 600 /var/McAfee/ens/tp/dat/8372 - Copy the DAT files under the directory created in step 5, and change the permission to the correct one. For example:
# cp /tmp/dat/*.dat /var/McAfee/ens/tp/dat/8372
# chmod 600 /var/McAfee/ens/tp/dat/8372/*
- Edit the
/var/McAfee/ens/tp/prefs.xml file and change the value of the<MajorDATVersion> tag to the DAT version to which you want to update. For example, if the DAT version you downloaded is 8372:<MajorDATVersion>8372</MajorDATVersion>
<ExtraDATVersion>0</ExtraDATVersion>
<MajorEngineVersion>5800</MajorEngineVersion>
<MinorDATVersion>0</MinorDATVersion>
<MinorEngineVersion>7501</MinorEngineVersion>
- Restart the
mfetpd service to reflect the change:
# /opt/McAfee/ens/tp/init/mfetpd-control.sh restart
- Confirm that the DAT version is reflected as expected. Also, confirm that the following command shows the correct version for the DAT Version item:
# /opt/McAfee/ens/tp/bin/mfetpcli --version
- Download the latest V2 DAT Package For Use with ePO:
DAT downloads siteThe file name is similar to
avvepoXXXXdat.zip , where XXXX is the regular DAT number. - Extract the
avvdat-<DAT version>.zip file from theavvepoXXXXdat.zip archive file. - Copy the
avvdat-<DAT version>.zip file to a temporary folder on the Linux server and decompress the ZIP archive. For example, copy theavvdat-<DAT version>.zip file to/tmp/dat/avvdat-<DAT version>.zip and then run the following commands:# cd /tmp/dat
# unzip avvdat-<DAT version>.zip - Change the current directory to:
/var/McAfee/ens/tp/engine/dat/ - Create a directory with the name of the DAT version to which you want to update, and change the permission to the correct one. For example, if the DAT version you downloaded is 8372:
# mkdir /var/McAfee/ens/tp/engine/dat/8372
# chmod 600 /var/McAfee/ens/tp/engine/dat/8372 - Copy the DAT files under the directory created in step 5, and change the permission to the correct one. For example:
# cp /tmp/dat/*.dat /var/McAfee/ens/tp/engine/dat/8372
# chmod 600 /var/McAfee/ens/tp/engine/dat/8372/*
- Edit the
/var/McAfee/ens/tp/prefs.xml file and change the value of the<MajorDATVersion> tag to the DAT version to which you want to update. For example, if the DAT version you downloaded is 8372:<MajorDATVersion>8372</MajorDATVersion>
<ExtraDATVersion>0</ExtraDATVersion>
<MajorEngineVersion>5800</MajorEngineVersion>
<MinorDATVersion>0</MinorDATVersion>
<MinorEngineVersion>7501</MinorEngineVersion>
- Restart the
mfetpd service to reflect the change:
# /opt/McAfee/ens/tp/init/mfetpd-control.sh restart
- Confirm that the DAT version is reflected as expected. Also, confirm that the following command shows the correct version for the DAT Version item:
# /opt/McAfee/ens/tp/bin/mfetpcli --version
- Download the latest V2 DAT Package For Use with ePO:
DAT downloads siteThe file name is similar to
avvepoXXXXdat.zip , where XXXX is the regular DAT number. - Extract the
avvdat-<DAT version>.zip file from theavvepoXXXXdat.zip archive file. - Copy the
avvdat-<DAT version>.zip file to a temporary folder on the Linux server and decompress the ZIP archive. For example, copy theavvdat-<DAT version>.zip file to/tmp/dat/avvdat-<DAT version>.zip and then run the following commands:# cd /tmp/dat
# unzip avvdat-<DAT version>.zip - Change the current directory to:
/opt/isec/ens/threatprevention/var/engine/dat/ - Create a directory with the name of the DAT version to which you want to update, and change the permission to the correct one. For example, if the DAT version you downloaded is 8372:
# mkdir /opt/isec/ens/threatprevention/var/engine/dat/8372
# chmod 600 /opt/isec/ens/threatprevention/var/engine/dat/8372 - Copy the DAT files under the directory created in step 5, and change the permission to the correct one. For example:
# cp /tmp/dat/*.dat /opt/isec/ens/threatprevention/var/engine/dat/8372
# chmod 600 /opt/isec/ens/threatprevention/var/engine/dat/8372/*
- Edit the
/opt/isec/ens/threatprevention/var/prefs.xml file and change the value of the<MajorDATVersion> tag to the DAT version to which you want to update. For example, if the DAT version you downloaded is 8372:<MajorDATVersion>8372</MajorDATVersion>
<ExtraDATVersion>0</ExtraDATVersion>
<MajorEngineVersion>5800</MajorEngineVersion>
<MinorDATVersion>0</MinorDATVersion>
<MinorEngineVersion>7501</MinorEngineVersion>
- Restart the
isectpd service to reflect the change:
# /opt/isec/ens/threatprevention/bin/isectpdControl.sh restart
- Confirm that the DAT version is reflected as expected, and that the following command shows the correct version for the DAT Version item:
# /opt/isec/ens/threatprevention/bin/isecav --version
NOTE: It's also possible to provision a repository that's accessible within the air-gapped environment. For more information, see KB96730 - Exploit Prevention content isn't updated in air-gapped environments.
Affected Products
Languages:
This article is available in the following languages:
