How to use custom DATs
Last Modified: 2023-02-22 19:55:43 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
How to use custom DATs
Technical Articles ID:
KB76657
Last Modified: 2023-02-22 19:55:43 Etc/GMT Environment
Trellix Agent (TA) 5.x Trellix ePolicy Orchestrator (ePO) 5.x NOTE: McAfee Agent (MA) was rebranded to Trellix Agent in version 5.7.7. SummaryThe custom DAT package file is a temporary detection file created by the Advanced Research Center. It contains the full production DATs and other detections and cleaning for a new threat that is too complex to be addressed in an
This article explains the different forms and ways to use the custom DAT package. WARNING: A custom DAT package is released with limited testing. It is provided with the sole purpose of addressing a specific, complex threat while maintaining production DAT coverage. It is recommended that when you must deploy a custom DAT package to more than a few nodes, you test with a subset of these nodes first. Deploy the custom DAT package to this subset regardless of the method used for the deployment. Then, deploy the custom DAT package to all affected nodes only after you have verified that there is no problem with it. Custom DATs can come in two different variants and are provided together:
Custom DAT version numbers and naming:
IMPORTANT: Because of the DAT version numbering of custom DAT packages, you must read and follow the Problem and Solution sections below to avoid unexpected update behavior.
ProblemTwo types of common problems can be reported when you use a custom DAT package:
Solution 1Use this solution to resolve the problem where you are unable to update to the normal regular DATs after you use a custom DAT package.
Because the custom DAT package uses a higher version number than the normal regular DATs, you must enable DAT file downgrades by changing the McAfee Agent General Policy:
Solution 2
Use this solution to resolve the problem where:
Disable the DAT file downgrades:
Related InformationAffected ProductsLanguages:This article is available in the following languages: |
|