We’re dedicated to providing the most effective and up-to-date detection and protection against new and existing threats. Over the past several years, there has been dramatic advancement beyond "traditional" signature-based detection. Now, there are more agile and comprehensive cloud-based mechanisms for detection of both "zero-day" and existing threats. Examples of these cloud-connected technologies are Global Threat Intelligence (GTI) and our machine learning capabilities that Real Protect (RP) provides in Endpoint Security Adaptive Threat Protection (ENS ATP).
These capabilities can reduce, or even eliminate, the time and manual effort needed to obtain and deploy
Extra.DATs. As such, starting on April 1, 2021, we began making adjustments to reduce the number of
Extra.DATs provided where cloud coverage is already in place.
We also no longer provide redundant Extra.DAT coverage in response to inquiries regarding Coverage and Information Requests for Hash or Indicators of Compromise (IOC), where cloud-based coverage is available.
We acknowledge that there might be legitimate scenarios or environmental factors where an
Extra.DAT might be needed. These situations will be considered and an
Extra.DAT will continue to be provided, where appropriate.
If you see IOCs in public threat advisories and blogs published by threat research groups and other security vendors, you don’t need to create a Service Request for those IOCs. Our Advanced Threat Research Center constantly monitors new threat advisories and blogs. They proactively analyze available files to verify coverage for emerging IOCs. They make coverage updates to the cloud in real time, and to the daily DATs in cases where cloud coverage might not be applicable.
For additional information regarding current Threat Intelligence, see
Trellix Insights and make sure to keep up to date with our
Trellix Stories site.
Additional Information and Resources
To make sure that your environment has the best protection available, we highly recommend that you deploy all available technologies and use them to their fullest potential. To help with this configuration, we’ve created some resources. They can help you make sure that these cloud services are accessible and working as intended.
FAQs
Why is this change happening?
With the rapid changes in the active threat landscape, speed is more important than ever. As threats become more complex, it’s necessary to take advantage of real-time cloud technologies and proactive measures to stay ahead of the curve. These capabilities can reduce, or even eliminate, the time and manual effort needed to produce, obtain, and deploy
Extra.DATs. Making sure that environments are protected by the most up-to-date protection and detection technologies reduces risk. Elimination of redundant efforts allows for that time to be spent elsewhere.
Can I obtain an Extra.DAT if I have a list of hashes I want information about?
If there’s no business impact, an
Extra.DAT is usually not provided if cloud coverage already exists. Cloud coverage negates the need for an
Extra.DAT.
When will an Extra.DAT be provided for hash list coverage/Information Requests?
Extra.DATs might still be provided in these scenarios, on a situational basis, where applicable. GTI or RP cloud detections are an example of where it wouldn’t be needed to provide an
Extra.DAT. The reason is that these detections aren’t content-based and can be updated in real time in the cloud.
What if my environment doesn’t allow Real Protect/GTI or I have systems with no internet connectivity?
Extra.DATs would still be provided in these scenarios, where applicable.
Will Extra.DATs still be provided for false positives and detection failures?
Extra.DATs would still be provided in these scenarios, where applicable. GTI or RP cloud detections are an example of where it wouldn’t be needed to provide an
Extra.DAT. The reason is that these detections aren’t content-based and can be updated in real time in the cloud.
What if my business is impacted?
If there’s a business impact, we’ll provide an
Extra.DAT on a case by case basis, where deemed appropriate. For example, when a threat is introduced into an environment and cleaning is needed.
How can I get more information about ATP and its components?
You can find more information in the "Additional Information and Resources"
section above.