Product guide

ManualsBrandsMcAfee ManualsOtherVIRUSSCAN ENTERPRISE

Requirements for an efficient update strategy

An efficient updating strategy generally requires at least one client or server in your organization

to retrieve updates from the McAfee download site. From there, the files can be replicated

throughout your organization, providing access for all other computers. Ideally, you should

minimize the amount of data transferred across your network by automating the process of

copying the updated files to your share sites.

The main factors to consider for efficient updating are the number of clients and the number

of sites. You might also consider the number of systems at each remote site and how remote

sites access the Internet. The basic concepts of using a central repository to retrieve updates

and scheduling update tasks to keep your environment up-to-date apply to any size organization.

For deploying software and update information, see the appropriate ePolicy Orchestrator product

guide.

Update tasks and how they work

Use the update task to get the most current DAT files, scanning engine, and service packs and

patches.

VirusScan Enterprise includes a default update task which runs every day at 5:00 p.m. with

one-hour randomization. You can create additional update tasks as needed.

Update task activities

These activities occur when you run an update task:

• A connection is made to the first

enabled

repository (update site) in the repository list. If

this repository is not available, the next site is contacted, and so on until a connection is

made, or until the end of the list is reached.

• An encrypted CATALOG.Z file downloads from the repository. The file contains the

fundamental data required to update. This data is used to determine which files and updates

are available.

• The software versions in the file are checked against the versions on the computer. If new

software updates are available, they are downloaded.

Update task interruption

If the update task is interrupted for any reason during the update:

• A task updating from an HTTP, UNC, or local site resumes where it left off the next time the

update task starts.

• A task updating from an FTP site does not resume if interrupted during a single file download.

However, if the task is downloading several files and is interrupted, the task resumes before

the file that was being downloaded at the time of the interruption.

Update using EXTRA.DAT

An EXTRA.DAT file can be used as a temporary measure in an emergency. The EXTRA.DAT is

downloaded from the repository on each update. This ensures that if you modify and re-check

in the EXTRA.DAT in as a package, all VirusScan Enterprise clients download and use the same

updated EXTRA.DAT package. For example, you may use the EXTRA.DAT as an improved

detector for the same potentially unwanted program or additional detection for other new

potentially unwanted programs. VirusScan Enterprise supports using only one EXTRA.DAT file.

TIP: When you have finished using the EXTRA.DAT file, you should remove it from the master

repository and run a replication task to ensure it is removed from all distributed repository sites.

This stops VirusScan Enterprise clients from attempting to download the EXTRA.DAT file during

Part I - Prevention: Avoiding Threats

Updating detection definitions

McAfee VirusScan Enterprise 8.8 Product Guide44