DAT update requests to CommonUpdater2 result in a full DAT download instead of an incremental update
Technical Articles ID: KB87983
Last Modified: 10/27/2016
Environment
McAfee DAT Files
Summary
When attempts are made to update the DATs for your McAfee security products through CommonUpdater2, a full DAT update is downloaded instead of an incremental (smaller) DAT update. This can have a negative impact on your network infrastructure due to the increased bandwidth requirement of updating multiple clients with the full DAT set.
NOTE: This issue affects only those customers updating from CommonUpdater2. Other CommonUpdater locations such as CommonUpdater and CommonUpdater3 are unaffected.
Why does this happen?
Typically clients pull incremental updates when updating DATs. These incremental updates will update the client from their current DAT revision to the latest. In order to achieve this, a delta is constructed from the previous day's content to the current day's content. This delta forms the incremental DAT, which is posted on CommonUpdater2 for download.
On Tuesday, October 25th, an update was posted to CommonUpdater2 that resulted in an invalid incremental. When the McAfee point-products attempt to apply this update, they detect this invalid incremental and initiate a full DAT download instead to ensure that valid protection is maintained.
NOTE: Only products using V2 DATs are affected by this issue. ENS DATs (V3 DATs) are not affected.
Should I change to a different CommonUpdater location?
No. Even though the other CommonUpdater locations are not affected, switching CommonUpdater locations will trigger another full update by default to ensure full DAT coverage.
What can I do about this issue?
To mitigate against this issue, you should configure your ePolicy Orchestrator (ePO) to spread the update load over a longer timeframe. For details on how to configure ePO to do this, refer to the Configuring product updates section of the ePO 5.3 Best Practices Guide: PD26432. Specifically, you should aim to reduce the impact on your network by doing the following:
Configuring the client tasks to perform updates at an off-peak time
Setting the repeat interval and randomization appropriately for the size of your estate and available bandwidth
NOTE: If you have Global Updates enabled and have not run a repository 'pull' since Monday 24th, deselect DAT under Server Settings, Global Updates on your ePO servers, and then schedule your updates as described above.
What is Intel Security doing about it?
Because any changes would result in more customers needing to download a full update, we are taking no additional action at this time. However, Intel Security will be implementing additional tests and checks to prevent incidents of this type in the future.
Related Information
For more details on the changes to McAfee DAT files in Q4 2016 see: KB87709.
- wong chee tat :)
No comments:
Post a Comment