GETSAMPLE is an app that allows the collection of suspicious file(s) from 1 or more managed systems using the Mcafee Agent. The app creates a password protected .zip file of the targeted file(s)(password is “infected”). The .zip file is placed in the c:\quarantine directory and is copied to a network share if specified.
1. Check the package into your Master Repository and replicate as required:
2. Create a McAfee Agent product deployment task using the GETSAMPLE package and specify the arguments that will be passed to script.
Get Sample uses 3 parameters
1 – Name of the output .zip file.
2 – Full path to file(s) use 8.3notation
3 – Network share where .zip is tobe copied. (optional)
These parameters are placed in the command line options of the deployment task.
Parameter1 Parameter 2 Parameter 3
%computername%_SR12345678.zip C:\Docum~1\imabaduser2\Local~1\temp\*.exe \\33-epo-45\sample$
This zips up all .exe files from the imabaduser’s temp directory and copies the output .zip file to the defined share.
If using a share it must be a null share since the user account accessing the share is local system account.
Setting up null share on windows2003: http://support.bigfix.com/bes/misc/null_session_share.html