McAfee DAT Reputation technology can prevent endpoints from updating to a DAT that has been seen to cause unpredicted results in the field. While these types of events are very rare, they can occasionally cause significant impact to our customers. McAfee takes content quality and safety very seriously, and performs stringent quality assurance tests before every content release. This technology is an extra safety mechanism that identifies and contains an issue if one occurs after the content has been released.
McAfee DAT Reputation includes two components:
- DAT Reputation — Before updating, DAT Reputation performs a McAfee Global Threat Intelligence (McAfee GTI) lookup to request the reputation of the DAT file. If the DAT is classified as “block,” the endpoint does not complete the update.
- Endpoint Safety Pulse — Endpoint Safety Pulse runs a series of health checks to alert McAfee to potentially significant field issues caused by a content update. Prompt identification of such issues is critical to providing timely containment and remediation.
Endpoint Safety Pulse collects the following types of data: operating system version and locale; McAfee product version; DAT and engine version; and McAfee and Microsoft running process information. McAfee uses this data to look for potential content-related issues after DATs have been released. The health check results are encrypted and sent to McAfee using SSL. The data is then aggregated and analyzed by McAfee to check for anomalies. McAfee incident response processes are invoked if a significant issue is discovered.
Customers with endpoints that do not have Internet access can disable McAfee DAT Reputation using McAfee ePolicy Orchestrator (McAfee ePO). They can also download the standalone configuration file for use on unmanaged systems.
The data collected by McAfee DAT Reputation is used only to look for content-related issues across our entire global customer base. No personally identifiable information is collected or transmitted. For more information about McAfee DAT Reputation, please review our frequently asked questions.
Installing & managing McAfee DAT Reputation
Install McAfee ePO Management Extension
Before you begin, you must have administrator rights to install McAfee DAT Reputation Extension.
- Log on to the McAfee ePO server as an administrator.
- Click Menu | Software | Extensions, click Install Extension.
- On Install Extension dialog, click Choose File, browse for the path where McAfee DAT Reputation extension is downloaded from Software Manager, click Open.
- Click OK in the Install Extension dialog.
- Extensions page displays the McAfee DAT Reputation extension details. Click OK.
- Extension gets installed and McAfee DAT Reputation is listed in the installed extensions list.
Enforce policies on client systems
You can manage McAfee DAT Reputation on multiple client systems using the McAfee DAT Reputation policies.
- Click Menu | Systems | System Tree, then select a group in the System Tree. All systems within this group (but not its subgroups) appear in the details pane.
- Select the required systems, then click Actions | Agent | Set Policy & Inheritance.
- Select McAfee DAT Reputation as the Product, General as the Category, then select the required policy. See the ePolicy Orchestrator product documentation for more information about creating and editing policies.
- Select Reset inheritance or Break inheritance, then click Save.
Modify McAfee DAT Reputation policies
- Click Menu | Policy | Policy Catalog.
- Select McAfee DAT Reputation as the Product, General as the Category, then click the required policy.
- Select/de-select the policy options as required and click Save.
Run DAT Reputation Reports
- Click Menu | Reporting |Queries & Reports.
- Click New.
- Select Managed Systems and click Next.
- Select the required chart type from Display Result As list on left side.
- From Labels dropdown, select required option under McAfee DAT Reputation Service.
- Click Next.
- Select required columns and click Next.
- Select required criteria and click Save.
- Give an appropriate query name, description, and query group and click Save.
- Click the group created on the Queries and reports page and select Run on the created query to display the result of the query.
- From now on, the same query can be run to view the data.