Virus definition or DAT files contain signatures and other information that our antivirus products use to protect your computer against existing and new potential threats. DAT files are released regularly. To make sure that your antivirus software protects your system against the latest threats, always use the most recent DAT files.
What products use DAT files?
The following products use the Scan Engine and DAT files:
-
Advanced Threat Defense
-
Endpoint Security for Linux before 10.7.0
-
Endpoint Security for Mac before 10.7.0
-
Management for Optimized Virtual Environments
-
SaaS Endpoint Protection
-
Security for Lotus Domino
-
Security for Microsoft Exchange
-
Security for SharePoint (PortalShield)
-
SuperDAT Manager
-
VirusScan Command-Line Scanner
-
VirusScan Enterprise (VSE)
-
VirusScan Enterprise for Linux
-
VirusScan Enterprise for Storage
-
VirusScan for Mac
-
Web Gateway
What integrity and validity checks are performed on the DAT files to make sure that they aren't tampered with?
The DAT files are encrypted and then compressed and signed when they're compiled. The Scan Engine performs a signature verification on the DATs as an integrity check during initialization. The Scan Engine doesn't load the files if they've been modified. The products that use the Scan Engine then verify the integrity of the Scan Engine by verifying whether the digital certificate used to sign the Scan Engine is valid.
Does the DAT perform any proactive detection for scanning of malformed archives?
Our products can handle specific types of malformed archives. Malformed archives cause the Scan Engine to be unable to scan within the archive. This ability enables the products to detect the presence of a bad archive without having to open it. The detection is reported as Malformed Archive.
We continue to refine our detection techniques to tackle the many types of malformed archives that can be created. We also continue to focus on making sure that customers receive maximum protection and providing a rapid response to potential vulnerabilities.
Why does McAfee Labs release regular DAT files?
There has been an exponential rise in the number, propagation rate, and prevalence of new threats. The same applies to the number of virus submissions, rate of new malware development, and number of emergency DAT releases. The growing number and variety of threats make it vital that you update your DAT files regularly.
The DAT files are encrypted and then compressed and signed when they're compiled. The Scan Engine performs a signature verification on the DATs as an integrity check during initialization. The Scan Engine doesn't load the files if they've been modified. The products that use the Scan Engine then verify the integrity of the Scan Engine by verifying whether the digital certificate used to sign the Scan Engine is valid.
Does the DAT perform any proactive detection for scanning of malformed archives?
Our products can handle specific types of malformed archives. Malformed archives cause the Scan Engine to be unable to scan within the archive. This ability enables the products to detect the presence of a bad archive without having to open it. The detection is reported as Malformed Archive.
We continue to refine our detection techniques to tackle the many types of malformed archives that can be created. We also continue to focus on making sure that customers receive maximum protection and providing a rapid response to potential vulnerabilities.
Why does McAfee Labs release regular DAT files?
There has been an exponential rise in the number, propagation rate, and prevalence of new threats. The same applies to the number of virus submissions, rate of new malware development, and number of emergency DAT releases. The growing number and variety of threats make it vital that you update your DAT files regularly.
At what time during the day are DAT files made available?
The regular DAT files are generally available on the day of release at 19:00 (UTC/GMT). But, DAT files might be released earlier if a new threat warrants it. To receive alerts regarding delays or important notifications, subscribe to the Support Notification Service (SNS). For SNS details, see KB67828 - Support Notification Service Frequently Asked Questions.
NOTE: For local time conversion, see the WorldTime Server website or a similar site.
Do you release DAT files on holidays?
We release DAT files on holidays, except for January 1 and December 25. If needed, emergency DAT files are issued on these days.
When should I schedule an automatic update of my system with the regular DAT files?
We recommend that you schedule a daily pull task within a 4–6 hour interval from the time the DAT files are made available to the source repository. This schedule allows enough time for the DAT file to replicate on all our servers globally. See the ePolicy Orchestrator (ePO) product guide for details.
For product documents, go to the Product Documentation portal.
Where can I find the latest DAT files?
The latest DAT files are available from the Security Updates page in XDAT and SDAT format at the Enterprise Product Downloads page. This site also provides access to Beta DAT files.
What's the difference between regular DAT files and Beta DAT files?
DAT files are released regularly and go through a full QA cycle. Beta DAT files are produced hourly and receive only limited false positive testing. We recommend that you use the following:
-
Regular DAT files for desktop deployment
-
Beta DAT files for high-risk computers and perimeter products such as GroupShield.
For more information, see the Beta .DAT File Updates page.
What's the difference between normal DAT files and runtime DAT files?
Each file has its own advantage:
What's the difference between normal DAT files and runtime DAT files?
Each file has its own advantage:
-
Normal DAT files: Normal DAT files are simple in format with optimization designed for downloads of regular incremental files (signatures). A priority for downloading the normal DAT updates is to use as little bandwidth as possible. But, it's not well optimized for local performance.
Advantage: Faster download
-
Runtime DAT files: The runtime DAT file is optimized for high local performance. It's a rebuild of the normal DAT files, so that the memory and CPU resources needed to operate are balanced for best performance.
Advantage: Faster system
Under what circumstances do emergency DAT releases happen?
Outbreaks sometimes require emergency releases. Emergency DAT releases generally ship around 19:00 GMT. But, they might be released earlier or later in the day if a new threat warrants it. When a DAT is released early to preempt a potential outbreak, there's generally no second DAT release that day, unless another emergency situation occurs.
Where can I find the regular DAT Release Notes?
The regular DAT Release Notes are available at the Threat Centre.
In what format are the regular DAT Release Notes provided?
The DAT Release Notes are web-based and offer the option to be emailed as a link or printed.
When are the regular DAT Release Notes published?
The Release Notes are available about two hours after the release of the regular DAT posting.
Back to top
Outbreaks sometimes require emergency releases. Emergency DAT releases generally ship around 19:00 GMT. But, they might be released earlier or later in the day if a new threat warrants it. When a DAT is released early to preempt a potential outbreak, there's generally no second DAT release that day, unless another emergency situation occurs.
Where can I find the regular DAT Release Notes?
The regular DAT Release Notes are available at the Threat Centre.
In what format are the regular DAT Release Notes provided?
The DAT Release Notes are web-based and offer the option to be emailed as a link or printed.
When are the regular DAT Release Notes published?
The Release Notes are available about two hours after the release of the regular DAT posting.
Back to top