AVERT Dat Release Notification: 4421 Emergency Dat Files Release

Discussion in 'Virus Information' started by David H. Lipman, Jan 20, 2005.

  1. The 4420 DAT files contain a Potentially Unwanted Program (PUP) detection
    for RemAdm-DWRC, Dameware's Mini Remote Control software. Although this
    software package is a legitimate program, it can pose a significant
    security risk when installed illegitimately, without a users consent or
    knowledge. Due to the observed abuse of this application, detection was
    added to the 4420 DAT files. AVERT has since been contacted by customers
    stating they are using this software as an administration tool in their
    environment, and therefore AVERT has decided to remove detection in the
    4421 DAT release, pending further investigation of how widespread the
    abuse of this PUP is.

    The various 4421 dat file packages can be found at

    IS YOUR ENGINE UP-TO-DATE? - Anti-virus is only as good as its last update!

    Current Engine Information by platform:
    - Microsoft: 4400
    - Netware: 4320
    - UNIX: 4400
    - Macintosh OS X: 4240

    Engine Security Tips from AVERT and the McAfee Security Engine Development
    - Updating your DAT regularly files is essential and a MUST!
    - Updating your scan engine is just as important and a MUST
    - An old Engine WON'T catch some of today's threats
    - Sometimes architectural changes to the way DAT files and scan
    - engine work together make it critical for you to update your scan
    - AVERT says it makes sense to have as part of your Security Policy
    - Program an Engine Update process to take advantage of the latest
    technology and stay protected!

    The Problem
    Between 250 and 400 new detections are added to the DATs monthly by AVERT.
    If you're not up-to-date, you are vulnerable to any one of them that gets a
    foothold in the field (a.k.a. 'in the wild'). McAfee AVERT releases
    regular DAT files, ensuring that full protection is added to all McAfee

    The DAT files contain the information required to detect and remove threats
    - what to look for and where to look for it. However, today's threats are
    evolving almost on a daily basis. Software providers continue to have
    operating systems and applications changes that can change the way a
    program acts or works and a virus-scanning program may not understand the

    The Solution
    Taking this into account McAfee Security regularly updates its scan engine
    used by ALL McAfee Security virus detection and removal products. The
    engine understands all the different structures in which a virus could lurk
    - EXE files, MS Office files, Linux files, etc. Occasionally these changes
    require us to make significant architectural changes to the engine as well
    as the DAT files. AVERT strongly recommends users of ALL McAfee Security
    virus scanning products update the scan engines in the products they have
    deployed as part of a sound Security best practices program.

    Here's how to check your engine version. Right-click on the McAfee shield
    in the system tray, select 'About' and look at the 'Scan engine' version
    number. If you need to update, you should update your scan engine

    McAfee Security Engine End-Of-Life (EOL) Program
    Because of the evolving malicious code threat, users should update their
    engines as soon as possible upon the release of McAfee Security's latest
    scanning technology. When a new engine is released the existing engine
    will begin its countdown to its EOL, and will therefore no longer be
    supported by McAfee Security. Information on the McAfee Security Engine
    End of Life policy and a full list of supported scan engines and products
    can be found at:

    Best Regards,

    McAfee AVERT - Anti Virus and Vulnerability Research, Analysis, and
    Solutions visit us at www.avertlabs.com
    David H. Lipman, Jan 20, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.