Recent updates to this article

Date	Update
March 27, 2024	Updated the NOTE under the "Release schedule" section.

This article contains information about the 6700 Scan Engine release schedule for ENS 10.x endpoints. It includes instructions about how to evaluate V3 DAT packages that contain this engine during the Beta and Elective Update periods.

6700 Scan Engine Improvements
The 6700 Scan Engine includes the following improvements:

• ​Normalization support for PowerShell scripts
• Increased coverage of MIME samples
• Performance improvement of internal API and the vulnerability fixes
• Multiple bug fixes and minor feature enhancements

Release Schedule

Phase	Start Date	End Date	Update Site
6700 Scan Engine Beta for Endpoint Security	December 12, 2023	January 5, 2024	Beta Programs
6700 Scan Engine Elective Update for Endpoint Security	January 9, 2023	No end date	HTTPS CommonUpdater3 / HTTP CommonUpdater3
6700 Scan Engine Managed Throttled Update for Endpoint Security	February 5, 2024	February 14, 2024	HTTPS Common Updater / HTTP CommonUpdater Or HTTPS CommonUpdater2 / HTTP CommonUpdater2
6700 Scan Engine General Availability (GA) for Endpoint Security	February 14, 2024	No end date	HTTPS CommonUpdater / HTTP CommonUpdater Or HTTPS CommonUpdater2 / HTTP CommonUpdater2

NOTE: The schedule mentioned above is for Windows, Mac, and Linux operating systems only. Engines for other platforms were made available from March 26, 2024.

IMPORTANT: These timelines are estimates and are subject to change.

NOTE: This Scan Engine update is mandatory and is contained within the V3 DAT package. ENS endpoints that currently run the 6600 Scan Engine, and that aren't updated during the managed throttled update, will complete updating to the 6700 Scan Engine using the V3 DAT that will be released at the start of February 2024. The GA date will be at the mid of February, 2024, so the 6600 Scan Engine will no longer be present in the V3 DAT released on that day.

How to Evaluate the 6700 Scan Engine
During the Beta and Elective Update periods, V3 DATs that contain only the 6700 Scan Engine are made available from the above Beta and CommonUpdater3 sites referenced for these phases. They also persist in these locations until a subsequent engine release cycle replaces them. Keep any test nodes intended to evaluate the 6700 Scan Engine pointed at one of these repositories until the GA date. This approach avoids rolling back to the 6600 Scan Engine during the managed throttled update period. For more information about how content throttling works, see the "Frequently Asked Questions" section below.

Follow the instructions below to configure ePolicy Orchestrator (ePO) to download and test V3 DATs that contain the 6700 Scan Engine. Instructions are also provided to revert clients to update with the standard V3 DAT where the release is managed.

To set up a Repository Pull task to pull the V3 DAT evaluation package into the Evaluation Branch, follow the steps below:

1. In ePO, select Menu, Configuration, Server Settings.
2. Select Source Sites, and then click Edit, Add Source Site.
3. Type a source site name, select HTTP, and click Next.
4. In the URL field, make sure that DNS Name is selected as the default, and type one of the following repositories:
   • betaupdate.mcafee.com
   • update.nai.com/products/commonupdater3
      
5. Type 80 for the Port and click Next.
6. Continue to click Next until the last screen, and then click Save.
7. Click Enable Fallback, and then click Save.
8. Select Menu, Automation, Server Tasks.
9. Select the Update Master Repository task and click Edit.
10. Click Next to navigate to the Actions tab, and then click +.
11. In the new Actions section, select Repository Pull.
12. Select the source site created in step 3 as the Source site, select Evaluation for Branch, and click Save.
13. Select the Update Master Repository task and click Run.

To change the Trellix Agent (TA) policy to pull client updates from the Evaluation Branch, follow the steps below:

1. In ePO, edit the Trellix Agent General policy assigned to the endpoints that you use for evaluation.
2. Click the Updates tab.
3. Select Evaluation from the AMCore Content Package drop-down list, and then click Save.

To revert the TA policy on completion of the evaluation:

1. In ePO, edit the Trellix Agent General policy assigned to the endpoints that you use for evaluation.
2. Click the Updates tab.
3. Select Current from the AMCore Content Package drop-down list, and then click Save.
4. If no longer needed, you can delete the source site set up for evaluation.

Frequently Asked Questions

• Do I need to change anything to update the Scan Engine?
  No. For ENS customers, the Scan Engine update occurs automatically with no option to opt out. No additional action is needed to update the Scan Engine. The instructions provided in this article apply to customers interested to evaluate the Scan Engine before or during the managed throttled update.
   
• What's a managed throttled update?
  A managed throttled update uses randomization to control the number of client nodes that receive an upgraded component, in this case, the 6700 Scan Engine, through content updates. During a throttle period, the number of client nodes that receive the new component version increases daily according to a velocity that we set. After the throttle period, every client node that supports the new component receives the updated version by default during their next update. There's no action needed on the client node that receives the update.
   
• How does the managed throttled update work?
  • During this period, Scan Engine 6700 is gradually released to the endpoints controlled via the throttle value set from the back-end, such as 1%, 2%, 5%, or 10%. Systems are randomly selected for upgrade.
  • After the release in the third week of February 2024, the throttle will be disabled, and all remaining systems will receive the upgrade with the V3 content from February 14, 2024 onward.
  
  NOTE: During the throttle period, if a new system has a fresh product installation, it always takes the new engine version, and never the old one (a fresh product installation is not one from an upgrade).
   
• How do you roll back to a previous Scan Engine?
  The concept of engine updates has changed with AMCore technology; they're no longer separate packages from content. When AMCore content requires an update to any one of its engines that's used during scanning, the engine update is included in the V3 content update releases.
  
  We'll decide to roll back any component included in the V3 content if such a response is needed. The rollback would take effect in a subsequent V3 content release.
   
• Does this release schedule apply to VirusScan Enterprise?
  No. This schedule applies only to ENS endpoints.
   
• Do the ENS 10.x updates include the 6700 Scan Engine update?
  Yes. Customers currently using ENS 10.x who update to the next ENS 10.x version, including all updates, will receive an update to the 6700 Scan Engine. No additional action is needed to update the Scan Engine.

Feedback and Questions
For any feedback or questions about the 6700 Scan Engine, contact Technical Support.

• If you are a registered user, type your User ID and Password, and then click Log In.
• If you are not a registered user, click Register and complete the fields to have your password and instructions emailed to you.