ENSM Threat Prevention 10.7.x and later use Medium DAT (MEDDAT) files for scans, and no longer use the V2 DATs.

In some circumstances, you might need to manually update the ENSM Threat Prevention MEDDAT files, for example, to respond quickly to an outbreak situation. A manual update might also be needed in scenarios where the product can't perform automatic updates. Follow these steps to manually update the MEDDAT files. You must perform the steps with the user logged on as root or issue commands using sudo.

NOTES: 

• Because macOS is UNIX-based, commands in the Terminal are case-sensitive. Make sure that you type the paths and file names in the correct case. Otherwise, you might experience errors indicating that the file doesn't exist.  
• Depending on your permissions, you might need to log on as, or switch to the root user, to complete these steps.

To manually update the MEDDAT files:

1. Start your web browser and go to one of the following locations:
   
   HTTPS Common Updater
   HTTP Common Updater
    
2. Download mediumdat-xxxx.zip, where xxxx is the MEDDAT version, for example 4286.
3. Unzip mediumdat-xxxx.zip and store the files in a temporary location, for example, in a folder on your Desktop named Temp.
4. In the Finder, click Applications, Utilities, Terminal to open a Terminal session.
5. Change to the folder /usr/local/McAfee/AntiMalware/dats with the following command:
   
   cd /usr/local/McAfee/AntiMalware/dats/
    
6. Stop the Functional Module Platform (FMP) with the following command:
   
   /usr/local/McAfee/fmp/bin/fmp stop
    
7. Create a directory with the following command:
   
   mkdir xxxx
   
   Here, xxxx is the MEDDAT version being applied.
    
8. Use the cp command to copy the medclean.dat, mednames.dat, and medscan.dat files from the temporary folder to the xxxx folder. For example, if these files are in a folder named Temp on your Desktop, use the following command:
   
   cp /users/<username>/Desktop/Temp/*.dat  /usr/local/McAfee/AntiMalware/dats/xxxx  
   
   NOTE: If logged on as root, you can use the following command:
   
   cp /private/var/root/Desktop/Temp/*.dat  /usr/local/McAfee/AntiMalware/dats/xxxx
    
9. Change the file and folder permissions with the following commands. Press Enter after each command.
   
   cd xxxx
   chmod 644 *.dat
   cd..
   chmod 755 xxxx
   chown root:Virex /usr/local/McAfee/AntiMalware/dats/xxxx/med*
   
   Here, xxxx is the MEDDAT version being applied.
    
10. Add the MEDDAT version into the plist with the following command:
    
    sudo /usr/libexec/PlistBuddy -c "Set :Update_DATVersion xxxx.0000" /Library/Preferences/com.mcafee.ssm.antimalware.plist
    
    Here, xxxx is the MEDDAT version being applied.
     
11. Start the FMP with the following command:
    
    /usr/local/McAfee/fmp/bin/fmp start
     
12. Close the product if it's running.
13. Run the following commands to reload the product. Press Enter after each command.
    
    sudo launchctl unload /Library/LaunchDaemons/com.mcafee.ssm.ScanManager.plist
    sudo launchctl unload /Library/LaunchDaemons/com.mcafee.ssm.ScanFactory.plist
    sudo launchctl load /Library/LaunchDaemons/com.mcafee.ssm.ScanManager.plist
    sudo launchctl load /Library/LaunchDaemons/com.mcafee.ssm.ScanFactory.plist