Components and how they interact

As an administrator and user of VirusScan Enterprise, you should be familiar with its components and connections. The following figure shows these components for a basic environment.

Figure 1. VirusScan Enterprise components

Client system

This is where VirusScan Enterprise and optional McAfee Agent are installed and configured.
  • DAT files — Detection definition files, also called malware signatures, work with the scanning engine to identify and take action on threats.
  • Scan engine — Used to scan the files, folders, and disks on the client computer and compares them to the information in the DAT files for known viruses.
    Note: DAT files and scan engine are updated as needed using the Internet connection to McAfee Headquarters, or using the optional connections over the Enterprise Intranet to a designated server.
  • Artemis (Heuristic network check for suspicious files) — Looks for suspicious programs and DLLs running on client systems that are protected by VirusScan Enterprise. When the real-time malware defense detects a suspicious program, it sends a DNS request containing a fingerprint of the suspicious file to a central database server hosted by McAfee Labs.
  • McAfee Agent (optional) — Provides secure communication between McAfee managed products and McAfee ePolicy Orchestrator server. The agent also provides local services like updating, logging, reporting events and properties, task scheduling, communication, and policy storage.

McAfee Headquarters

McAfee Headquarters, home to McAfee Labs and McAfee Technical Support, provides the following VirusScan Enterprise services:

Server

The optional server uses the following components to manage and update many client systems remotely:
  • ePolicy Orchestrator — Centrally manages and enforces VirusScan Enterprise policies, then uses queries and dashboards to track activity and detections.
    Note: This document addresses using ePolicy Orchestrator 4.5 and 4.6. For information about ePolicy Orchestrator, see the product documentation for your version.
  • DAT repository — Retrieves the DAT updates from the McAfee download site. From there, DAT files can be replicated throughout your organization, providing access for all other computers. This minimizes the amount of data transferred across your network by automating the process of copying updated files to your share sites.