Introducing VirusScan Enterprise

This section provides an introduction to VirusScan Enterprise by describing what it does, what is new in this release, and its major components.

What it is and does

VirusScan Enterprise offers easily scalable protection, fast performance, and a mobile design to protect your environment from the following:


  • viruses, worms and Trojan horses
  • access point violations and exploited buffer overflows
  • potentially unwanted code and programs

It detects threats and then takes the actions you configured to protect your environment.

This guide describes how to configure and use VirusScan Enterprise.

You can configure VirusScan Enterprise as a standalone product or you can use ePolicy Orchestrator versions 4.0, or later, to centrally manage and enforce VirusScan Enterprise policies, then use queries and dashboards to track activity and detections.

Note: This document addresses using ePolicy Orchestrator 4.5 and 4.6. For information about using other versions of ePolicy Orchestrator, see that verson's product documentation.

What is new

The VirusScan Enterprise 8.8 release has been updated to include the following new features and enchantments:
  • Enhanced performance.
  • Allows ePolicy Orchestrator® software version 4.5 and 4.5 to manage your VirusScan Enterprise systems.
  • A new ScriptScan URL exclusion user interface has been added to allow you to configure these exclusions instead of manually editting ScriptScan settings in the registry.

Major components

As an administrator, and user of VirusScan Enterprise, you should be familiar with its components and connections. The following figure shows these components for a basic environment.

Figure 1. VirusScan Enterprise components
VirusScan components
Note: The dashed lines in the previous figure indicate optional components and connections.
The major components shown in the previous figure include:
  • Client system — This is where VirusScan Enterprise and optional McAfee Agent are installed and configured.
    • DAT files — The detection definition (DAT) files, sometimes called the malware signature files, are used by the scanning engine to identify and take action on threats.
    • Scan engine — Used to scan the files, folders, and disks on the client computer and compare them to the information in the DAT files for known viruses.
      Note: Both the DAT files and scan engine are updated as needed using the Internet connection to McAfee Headquarters, or using the optional connections over the Enterprise Intranet connection to a designated server.
    • Artemis (Heuristic network check for suspicious files) — Looks for suspicious programs and DLLs running on client systems that are protected by VirusScan Enterprise. When the real-time malware defense detects a suspicious program, it sends a DNS request containing a fingerprint of the suspicious file to a central database server hosted by McAfee Labs.
    • McAfee Agent (optional) — Provides secure communication between McAfee managed products and ePolicy Orchestrator running on a server. The agent also provides local services, for example updating, logging, reporting events and properties, task scheduling, communication, and policy storage.
  • McAfee Headquarters — Provides the following VirusScan Enterprise services:
    • DAT updates — Stored on a McAfee central database server, and using AutoUpdate, these DAT update files are copied to the VirusScan Enterprise clients or the optional DAT repositories to provide new lists of known viruses as they are found in real time.
    • Scan engine updates — Stored on a central database server, scan engine updates are downloaded as needed to keep the VirusScan Enterprise scan engine as up to date as possible.
    • McAfee Labs — This threat library has detailed information on virus, Trojan, hoax, and Potentially Unwanted Program (PUP) threats. it also includes where they come from, how they infect your system, and how to mitigate or handle them. The client system Artemis feature sends the fingerprint of the suspicious file to McAfee Labs where they analyze the file and determine what action to take.
  • Server (optional) — Uses the following components to remotely manage and update many client systems:
    • ePolicy Orchestrator (optional) — Used to centrally manage and enforce VirusScan Enterprise policies, then uses queries and dashboards to track activity and detections.
      Note: This document addresses using ePolicy Orchestrator 4.5 and 4.6. For information about using other versions of ePolicy Orchestrator, see that verson's product documentation.
    • DAT repository (optional)— Retrieves the DAT updates from the McAfee download site. From there, the DAT files can be replicated throughout your organization, providing access for all other computers. This minimizes the amount of data transferred across your network by automating the process of copying the updated files to your share sites.