This article contains information about the 6600 Scan Engine release schedule for ENS 10.x endpoints. It includes instructions about how to evaluate V3 DAT packages that contain this engine during the Beta and Elective Update periods.

6600 Scan Engine Improvements
The 6600 Scan Engine includes the following improvements:

• New Musarubra platform certificates
• Scanning capability for the DEX file-type
• New PDF 256-bit AES and RC4 40-bit Encryption support
• Enhancements on the supported APK extensions file
• Extended AutoIT 2.x support
• Handling of manipulated MIME headers
• Multiple bug fixes and minor feature enhancements

Release Schedule

Phase	Start Date	End Date	Update Site
6600 Scan Engine Beta for Endpoint Security	November 24, 2022	December 12, 2022	Beta Programs
6600 Scan Engine Elective Update for Endpoint Security	December 13, 2022	No end date	HTTPS CommonUpdater3 / HTTP CommonUpdater3
6600 Scan Engine Managed Throttled Update for Endpoint Security	January 17, 2023	January 25, 2023	HTTPS Common Updater / HTTP CommonUpdater Or HTTPS CommonUpdater2 / HTTP CommonUpdater2
6600 Scan Engine General Availability (GA) for Endpoint Security	January 25, 2023	No end date	HTTPS CommonUpdater / HTTP CommonUpdater Or HTTPS CommonUpdater2 / HTTP CommonUpdater2

IMPORTANT: These timelines are estimates and are subject to change.

NOTE: This Scan Engine update is mandatory and is contained within the V3 DAT package. ENS endpoints that currently run the 6500 Scan Engine, and that aren't updated during the managed throttled update, will complete updating to the 6600 Scan Engine using the V3 DAT that will be released at the end of January 2023. The GA date will be at the end of January, 2023, so the 6500 Scan Engine will no longer be present in the V3 DAT released on that day.

How to Evaluate the 6600 Scan Engine
During the Beta and Elective Update periods, V3 DATs that contain only the 6600 Scan Engine are made available from the above Beta and CommonUpdater3 sites referenced for these phases. They also persist in these locations until a subsequent engine release cycle replaces them. Keep any test nodes intended to evaluate the 6600 Scan Engine pointed at one of these repositories until the GA date. This approach avoids rolling back to the 6500 Scan Engine during the managed throttled update period. For more information about how content throttling works, see the "Frequently Asked Questions" section below.

Follow the instructions below to configure ePolicy Orchestrator (ePO) to download and test V3 DATs that contain the 6600 Scan Engine. Instructions are also provided to revert clients to update with the standard V3 DAT where the release is managed.

To set up a Repository Pull task to pull the V3 DAT evaluation package into the Evaluation Branch, follow the steps below:

1. In ePO, select Menu, Configuration, Server Settings.
2. Select Source Sites, and then click Edit, Add Source Site.
3. Type a source site name, select HTTP, and click Next.
4. In the URL field, make sure that DNS Name is selected as the default, and type one of the following repositories:
   • betaupdate.mcafee.com
   • update.nai.com/products/commonupdater3
      
5. Type 80 for the Port and click Next.
6. Continue to click Next until the last screen, and then click Save.
7. Click Enable Fallback, and then click Save.
8. Select Menu, Automation, Server Tasks.
9. Select the Update Master Repository task and click Edit.
10. Click Next to navigate to the Actions tab, and then click +.
11. In the new Actions section, select Repository Pull.
12. Select the source site created in step 3 as the Source site, select Evaluation for Branch, and click Save.
13. Select the Update Master Repository task and click Run.

To change the Trellix Agent (TA) policy to pull client updates from the Evaluation Branch, follow the steps below:

1. In ePO, edit the Trellix Agent General policy assigned to the endpoints that you use for evaluation.
2. Click the Updates tab.
3. Select Evaluation from the AMCore Content Package drop-down list, and then click Save.

To revert the TA policy on completion of the evaluation:

1. In ePO, edit the Trellix Agent General policy assigned to the endpoints that you use for evaluation.
2. Click the Updates tab.
3. Select Current from the AMCore Content Package drop-down list, and then click Save.
4. If no longer needed, you can delete the source site set up for evaluation.

Frequently Asked Questions

• Do I need to change anything to update the Scan Engine?
  No. For ENS customers, the Scan Engine update occurs automatically with no option to opt out. No additional action is needed to update the Scan Engine. The instructions provided in this article apply to customers interested to evaluate the Scan Engine before or during the managed throttled update.
   
• What's a managed throttled update?
  A managed throttled update uses randomization to control the number of client nodes that receive an upgraded component, in this case, the 6600 Scan Engine, through content updates. During a throttle period, the number of client nodes that receive the new component version increases daily according to a velocity that we set. After the throttle period, every client node that supports the new component receives the updated version by default during their next update. There's no action needed on the client node that receives the update.
   
• How does the managed throttled update work?
  • During this period, Scan Engine 6600 is gradually released to the endpoints controlled via the throttle value set from the back-end, such as 1%, 2%, 5%, or 10%. Systems are randomly selected for upgrade.
  • After the release in the last week of January 2023, the throttle will be disabled, and all remaining systems will receive the upgrade with the V3 content from January 25, 2023 onward.
  
  NOTE: During the throttle period, if a new system has a fresh product installation, it always takes the new engine version, and never the old one (a fresh product installation is not one from an upgrade).
   
• How do you roll back to a previous Scan Engine?
  The concept of engine updates has changed with AMCore technology; they're no longer separate packages from content. When AMCore content requires an update to any one of its engines that's used during scanning, the engine update is included in the V3 content update releases.
  
  We'll decide to roll back any component included in the V3 content if such a response is needed. The rollback would take effect in a subsequent V3 content release.
   
• Does this release schedule apply to VirusScan Enterprise?
  No. This schedule applies only to ENS endpoints.
   
• Do the ENS 10.x updates include the 6600 Scan Engine update?
  Yes. Customers currently using ENS 10.x who update to the next ENS 10.x version, including all updates, will receive an update to the 6600 Scan Engine. No additional action is needed to update the Scan Engine.

Feedback and Questions
For any feedback or questions about the 6600 Scan Engine, contact Technical Support.

• If you are a registered user, type your User ID and Password, and then click Log In.
• If you are not a registered user, click Register and complete the fields to have your password and instructions emailed to you.