kcm.trellix.com Open in urlscan Pro
161.69.38.126  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Loading...
My Account
Log In
Why Trellix?

Products

Threats

Resources

Support

Partners

About Us

--------------------------------------------------------------------------------

Why Trellix? Leadership Careers Contact Us
Competition

--------------------------------------------------------------------------------

vs Crowdstrike vs SentinelOne
Products

--------------------------------------------------------------------------------

Trellix XDR Endpoint Security SecOps and Analytics Data Protection Network
Security Email Security Cloud Security
Gartner MQ (Endpoint)

Download the Magic Quadrant report, which evaluates the 19 vendors based on
ability to execute and completeness of vision.

Gartner® Report: Market Guide for XDR

As per Gartner, "XDR is an emerging technology that can offer improved threat
prevention, detection and response."

Threat Research

--------------------------------------------------------------------------------

Threat Center Threat Reports Advanced Threat Research
Trellix Threat Labs Research Report: April 2022

Our report on the rise of cyberattacks in the fourth quarter and Ukraine in the
start of the new year.

Cyberattacks Targeting Ukraine and HermeticWiper Protections

Analysis from the Trellix Advanced Threat Research (ATR) team of wipers deployed
in Ukraine leading to likely connection between Whispergate, and HermeticWiper.

Resources

--------------------------------------------------------------------------------

Training and Education Consulting Services Webinars Events
Newsroom

--------------------------------------------------------------------------------

News Stories
Security Awareness

--------------------------------------------------------------------------------

What is XDR? What is Endpoint Security? What is EDR? What is MITRE? What is
Ransomware?
Product Help

--------------------------------------------------------------------------------

Product Support Product Documentation
Trellix Skyhigh Security

--------------------------------------------------------------------------------

Support Portal Customer Success Plans

FireEye

--------------------------------------------------------------------------------

Support Portal
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always
learning.

Partners

--------------------------------------------------------------------------------

Security Innovation Alliance OEM & Embedded Alliances
McAfee Enterprise

--------------------------------------------------------------------------------

Partner Portal

FireEye

--------------------------------------------------------------------------------

Partner Portal Partner Information
Urgent Announcement
URL to access Cloud Services will change on December 12th at 9:30AM UTC

ServicePortal



URL to access Cloud Services will change on December 12th at 9:30AM UTC



Platinum ServicePortal



URL to access Cloud Services will change on December 12th at 9:30AM UTC


OpenClose
OK
Open Close

On December 12th, 2022 at 9:30 AM UTC the URL used to access cloud services,
such as ePO-SaaS, EDR, and Skyhigh branded products, will change to
https://auth.ui.trellix.com.

 * Before December 12, 2022, make sure that you have at least one administrator
   account exempt from IDP so you can continue to have access to the console
   until you can update your IDP configuration.
 * After 9:30 AM UTC on December 12, 2022, SAML or SSO users will need to update
   their IDP configuration to restore access.

See KB96089 for details and to determine if additional changes are needed.







Support Home


KNOWLEDGE CENTER

Get support for FireEye products
 * Home
 * Knowledge Center
 * Downloads
 * Service Requests
 * Tools
 * Programs and Policies

--------------------------------------------------------------------------------


ABOUT THE 6600 ANTI-MALWARE SCAN ENGINE UPDATE FOR ENDPOINT SECURITY

Technical Articles ID:   KB92669
Last Modified:  11/24/2022


--------------------------------------------------------------------------------


ENVIRONMENT

Endpoint Security (ENS) Threat Prevention 10.x
Anti-Malware Scan Engine (Scan Engine) 6600 update for ENS 10.x


SUMMARY

This article contains information about the 6600 Scan Engine release schedule
for ENS 10.x endpoints. It includes instructions about how to evaluate V3 DAT
packages that contain this engine during the Beta and Elective Update periods.

6600 Scan Engine Improvements
The 6600 Scan Engine includes the following improvements:
 * The new Musarubra platform certificates
 * Scanning capability for the DEX file-type
 * New PDF 256-bit AES and RC4 40-bit Encryption support
 * Enhancements on the supported APK extensions file
 * Extended AutoIT 2.x support
 * Handling of manipulated MIME headers
 * Multiple bug fixes and minor feature enhancements


Release Schedule

Phase Start Date End Date Update Site 6600 Scan Engine Beta for Endpoint
Security November 24, 2022 December 12, 2022 Beta Programs 6600 Scan Engine
Elective Update for Endpoint Security December 13, 2022 No end date HTTPS
CommonUpdater3 / HTTP CommonUpdater3 6600 Scan Engine Managed Throttled Update
for Endpoint Security 2nd week of January 2023 End of January, 2023 HTTPS Common
Updater / HTTP CommonUpdater
Or
HTTPS CommonUpdater2 / HTTP CommonUpdater2 6600 Scan Engine General Availability
(GA) for Endpoint Security 1st week of February, 2023 No end date HTTPS
CommonUpdater / HTTP CommonUpdater
Or
HTTPS CommonUpdater2 / HTTP CommonUpdater2


IMPORTANT: These timelines are estimates and are subject to change.

NOTE: This Scan Engine update is mandatory and is contained within the V3 DAT
package. ENS endpoints that currently run the 6500 Scan Engine, and that aren't
updated during the managed throttled update, will complete updating to the 6600
Scan Engine using the V3 DAT that will be released at the end of January 2023.
The GA date will be the end of January, 2023, so the 6500 Scan Engine will no
longer be present in the V3 DAT released on that day.

How to Evaluate the 6600 Scan Engine
During the Beta and Elective Update periods, V3 DATs that contain only the 6600
Scan Engine are made available from the above Beta and CommonUpdater3 sites
referenced for these phases. They also persist in these locations until a
subsequent engine release cycle replaces them. Keep any test nodes intended to
evaluate the 6600 Scan Engine pointed at one of these repositories until the GA
date. This approach avoids rolling back to the 6500 Scan Engine during the
managed throttled update period. For more information about how content
throttling works, see the "Frequently Asked Questions" section below.

Follow the instructions below to configure ePolicy Orchestrator (ePO) to
download and test V3 DATs that contain the 6600 Scan Engine. Instructions are
also provided to revert clients to update with the standard V3 DAT where the
release is managed.

To set up a Repository Pull task to pull the V3 DAT evaluation package into the
Evaluation Branch, follow the steps below:
 1.  In ePO, select Menu, Configuration, Server Settings.
 2.  Select Source Sites, and then click Edit, Add Source Site.
 3.  Type a source site name, select HTTP, and click Next.
 4.  In the URL field, make sure that DNS Name is selected as the default, and
     type one of the following repositories:
     * betaupdate.mcafee.com
     * update.nai.com/products/commonupdater3
        
 5.  Type 80 for the Port and click Next.
 6.  Continue to click Next until the last screen, and then click Save.
 7.  Click Enable Fallback, and then click Save.
 8.  Select Menu, Automation, Server Tasks.
 9.  Select the Update Master Repository task and click Edit.
 10. Click Next to navigate to the Actions tab, and then click +.
 11. In the new Actions section, select Repository Pull.
 12. Select the source site created in step 3 as the Source site, select
     Evaluation for Branch, and click Save.
 13. Select the Update Master Repository task and click Run.

To change the Trellix Agent (TA) policy to pull client updates from the
Evaluation Branch, follow the steps below:
 1. In ePO, edit the Trellix Agent General policy assigned to the endpoints that
    you use for evaluation.
 2. Click the Updates tab.
 3. Select Evaluation from the AMCore Content Package drop-down list, and then
    click Save.

To revert the TA policy on completion of the evaluation:
 1. In ePO, edit the Trellix Agent General policy assigned to the endpoints that
    you use for evaluation.
 2. Click the Updates tab.
 3. Select Current from the AMCore Content Package drop-down list, and then
    click Save.
 4. If no longer needed, you can delete the source site set up for evaluation.

Frequently Asked Questions
 * Do I need to change anything to update the Scan Engine?
   No. For ENS customers, the Scan Engine update occurs automatically with no
   option to opt out. No additional action is needed to update the Scan Engine.
   The instructions provided in this article apply to customers interested to
   evaluate the Scan Engine before or during the managed throttled update.
    
 * What's a managed throttled update?
   A managed throttled update uses randomization to control the number of client
   nodes that receive an upgraded component, in this case, the 6600 Scan Engine,
   through content updates. During a throttle period, the number of client nodes
   that receive the new component version increases daily according to a
   velocity that we set. After the throttle period, every client node that
   supports the new component receives the updated version by default during
   their next update. There's no action needed on the client node that receives
   the update.
    
 * How does the managed throttled update work?
   * During this period, Scan Engine 6600 is gradually released to the endpoints
     controlled via the throttle value set from the back-end, such as 1%, 2%,
     5%, or 10%. Systems are randomly selected for upgrade.
   * After the release in the 1st week of February 2023, the throttle will be
     disabled, and all remaining systems will receive the upgrade with the V3
     content from 1st week of February, 2023 onward.
   
   NOTE: During the throttle period, if a new system has a fresh product
   installation, it always takes the new engine version, and never the old
   one (a fresh product installation is not one from an upgrade).
    
 * How do you roll back to a previous Scan Engine?
   The concept of engine updates has changed with AMCore technology; they're no
   longer separate packages from content. When AMCore content requires an update
   to any one of its engines that's used during scanning, the engine update is
   included in the V3 content update releases.
   
   We'll decide to roll back any component included in the V3 content if such a
   response is needed. The rollback would take effect in a subsequent V3 content
   release.
    
 * Does this release schedule apply to VirusScan Enterprise?
   No. This schedule applies only to ENS endpoints.
    
 * Do the ENS 10.x updates include the 6600 Scan Engine update?
   Yes. Customers currently using ENS 10.x who update to the next ENS 10.x
   version, including all updates, will receive an update to the 6600 Scan
   Engine. No additional action is needed to update the Scan Engine.


Feedback and Questions
For any feedback or questions about the 6600 Scan Engine, contact Technical
Support.


To contact Technical Support, go to the Create a Service Request page and log on
to the ServicePortal.
 * If you are a registered user, type your User ID and Password, and then click
   Log In.
 * If you are not a registered user, click Register and complete the fields to
   have your password and instructions emailed to you.






RELATED INFORMATION

See also the related articles below:
 * KB66741 - About the 6.x.xx Anti-Malware Scan Engine
 * KB82396 - FAQs for V3 DAT files
 * KB76558 - CommonUpdater download sites
 * KB89778 - Comparison of the V3 DAT packages (Production, Pre-production,
   Beta)






AFFECTED PRODUCTS

 * Endpoint Security Threat Prevention 10.7.x
 * Endpoint Security Threat Prevention 10.6.x
 * Scan Engine
 * Upgrade/Migrate


LANGUAGES:

This article is available in the following languages:

 * English United States
 * Spanish Spain
 * French
 * Italian
 * Japanese
 * Portuguese Brasileiro
 * Chinese Simplified






--------------------------------------------------------------------------------

About Why Trellix? About Us Explore Products Leadership Careers
News and Events Newsroom Press Releases Blogs Webinars Events
Resources Security Awareness Training and Education Communication Preferences
Trellix Store
Support Contact Customer Service Customer Success Plans Product Downloads
Product Documentation Welcome to the ServicePortal
Contact Us Trellix Skyhigh Security

United States / English
Copyright © 2022 Musarubra US LLC | Privacy | Legal | Terms of Service



CHOOSE YOUR REGION

North America
 * 
 * Canada - English
 * Canada - French
 * United States / English

Latin America
 * América Latina / Spanish
 * Brasil / Portuguese
 * México / Spanish

Asia Pacific
 * Australia / English
 * 中国 / Chinese
 * Hong Kong / English
 * India / English
 * 日本 / Japanese
 * 한국 / Korean
 * Singapore / English
 * 台灣 / Chinese

Europe, Middle East, Africa
 * Česká Republika / Czech
 * Danmark / Danish
 * Suomi / Finnish
 * France / French
 * Deutschland / German
 * Italia / Italian
 * Қазақстан / Russian
 * الشرق الأوسط / Arabic
 * Nederland / Dutch
 * Norge / Norwegian

 * Polska / Polish
 * Portugal / Portuguese
 * Россия / Russian
 * España / Spanish
 * Sverige / Swedish
 * Türkiye / Turkish
 * Україна / Russian
 * South Africa / English
 * United Kingdom / English





América Latina - Español



Australia - English



Brasil - Português



Canada - English



Canada - Français



China - 中国 (Simplified Chinese)



Deutschland - Deutsch



España - Español



France - Français



Hong Kong - English



India - English



Italia - Italiano



Japan - 日本 (Japanese)



Korea - 한국 (Korean)



México - Español



Nederland - Nederlands



Singapore - English



Taiwan - 台灣 (Traditional Chinese)



United Kingdom - English



United States - English






 
 
 



TITLE

--------------------------------------------------------------------------------

Question?

  No



--------------------------------------------------------------------------------


 
 
 

 
 
 



TITLE

--------------------------------------------------------------------------------

Question?

 


--------------------------------------------------------------------------------


 
 
 

Building Preview ...
Building Preview ...