Proactive scanning of suspicious systems using command line scanner

Version 1

    We at McAfee Labs continue to write a huge number of very capable generic detections for different variants of malwares each day. By generics I mean, signatures which are based on known malware samples but designed to detected ones we have never seen yet. These signatures need to be tested on the field before they are put into production. To achieve this we run these signatures through the complete set of our in house QA process and after that it is put into the production dats. However these remain open for only command line scanner and stingers till we complete another internal assessment process of analyzing the data for that signature collected from field. Stingers for any such signature is provided on demand when deemed necessary but the command line option is always open. After the entire process is complete (which can take from a few days to few weeks depending on how the signature performs on field) the detection is opened for all the AV products.

    So if someone suspects an infection but the AV product installed on the system is not detecting any then it would be a good practice to perform a command line scan on that system. The following knowledge article describes how to perform a command line scan. For a more aggressive detection one can choose to use the beta dats while using the command line scanner. Those steps are also mentioned on this KB article.



    I understand that some people would be hesitant to run a signature on which we ourselves have not yet put complete confidence to release into production. So for them I would recommend omitting the "/clean" switch when running the command line scanner, so the associated cleaning code of the signature would not trigger. The cleaning code is responsible for all sort of actions after the detection including file deletion, file repair and other system repairs.