×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mahdi667
Contributor
Message 1 of 9

impersonate Mcaffee server

Jump to solution

Is anti virus definition and engine updater vulnerable to MiMA attack

1 Solution

Accepted Solutions
vinoo
Former Member
Message 7 of 9

Re: impersonate Mcaffee server

Jump to solution

from: McAfee Corporate KB - FAQs for V2 DAT files KB55986

What integrity and validity checks are performed on the DAT files to ensure they are not tampered with?

The DAT files are encrypted and then compressed and signed when they are compiled. The Antivirus Engine performs a signature verification on the DATs as an integrity check during initialization and will not load them if they have been modified. The products that utilize the Engine in turn verify the integrity of the Engine by checking whether the digital certificate used to sign the Engine is valid.

View solution in original post

8 Replies
exbrit
MVP
MVP
Message 2 of 9

Re: impersonate Mcaffee server

Jump to solution

I doubt it.  The software only contacts secure servers and the software itself has a self-protection module which is switched on by default.  (Called Access Protection).

This question however is best answered by an expert.   I'll ask my contacts as to who to alert to your question.

catdaddy
MVP
MVP
Message 3 of 9

Re: impersonate Mcaffee server

Jump to solution

Moved from Consumer to General Discussion >Discussions

Cliff
McAfee Volunteer
exbrit
MVP
MVP
Message 4 of 9

Re: impersonate Mcaffee server

Jump to solution

​  can you address this question regarding the vulnerability of McAfee's Update Servers to MItMA's ?

exbrit
MVP
MVP
Message 5 of 9

Re: impersonate Mcaffee server

Jump to solution

BTW it may be some time for someone to chip in here due to the holidays.

catdaddy
MVP
MVP
Message 6 of 9

Re: impersonate Mcaffee server

Jump to solution

​  Could you kindly add to the discussion?

Cliff
McAfee Volunteer
vinoo
Former Member
Message 7 of 9

Re: impersonate Mcaffee server

Jump to solution

from: McAfee Corporate KB - FAQs for V2 DAT files KB55986

What integrity and validity checks are performed on the DAT files to ensure they are not tampered with?

The DAT files are encrypted and then compressed and signed when they are compiled. The Antivirus Engine performs a signature verification on the DATs as an integrity check during initialization and will not load them if they have been modified. The products that utilize the Engine in turn verify the integrity of the Engine by checking whether the digital certificate used to sign the Engine is valid.

catdaddy
MVP
MVP
Message 8 of 9

Re: impersonate Mcaffee server

Jump to solution

Thank you Vinoo

We can (always) count on you.

All the Best,

Cliff/CD

Cliff
McAfee Volunteer
dmeier
McAfee Employee
McAfee Employee
Message 9 of 9

Re: impersonate Mcaffee server

Jump to solution

Thanks Vinoo!

- David

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community