A placeholder for hosting the latest version of GetSusp. Current version is GetSusp 184.108.40.206 (build date 21st Jan 2011)
GetSusp Product Guide: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22668/en_US/GetSusp.pdf
GetSusp FAQ: https://kc.mcafee.com/corporate/index?page=content&id=KB69385
GetSusp 220.127.116.11 – Change Log:
+ GetSusp will always run with highest available user rights on windows Vista and Windows 7 (no explicit need to right click and choose to run program as administrator). A side effect of this change is Windows User Account Control will prompt to run this program for any user with administrator rights. - Requested by Sutherland.
+ Hyperlink for folder path in files.xml. To allow for a user to click the path to a file link to launch explorer and easily get to the location of a suspicious sample - Requested by Sutherland.
+ Parsing of autorun.inf file to scan the referenced executable. - Requested by Department of Transport and Main Roads.
+ Miss on an Autorun backdoor using .SOS file extension: Md5: C4C6788529CB99263B4697FFAF92E5A4 - Reported by Department of Transport and Main Roads.
+ GetSusp to zip only unique copies of files irrespective if they have different file names or file paths. Requested by Department of Transport and Main Roads.
+ Only create GetSusp.xml once GetSusp finishes - until the duration of the scan it will be named GetSusp.tmp. This allows a user running GetSusp remotely to know when a scan completes - Requested by Department of Transport and Main Roads.
+ Command line parameters should override getsusp.opt option file - Requested by Tyco Electronics & McAfee QA.
+ If specified proxy settings fails, GetSusp will attempt a direct internet connection to post logs to McAfee.- Requested by Tyco Electronics.
+ Service Request number fix. - Reported by Tyco Electronics & Martin Tripp.
+ Command line switch to perform custom scan of a drive or folder. This switch is undocumented in the help menu currently. - Requested by McAfee Support.
getsusp.exe --scanpath=c:\ (scans all files in c:\ which has been modified in last 10 days by default)
getsusp.exe --scanpath=c:\ --date=15 (scans all files in c:\ and also allows for specifying custom date range)
The latest version of GetSusp is hosted at: http://downloadcenter.mcafee.com/products/mcafee-avert/GetSusp/GetSusp.exe
Note: We will not be posting GetSusp-ePO builds publically henceforth. It will be provided on request.
Message was edited by: vinoo on 18/7/11 4:54:15 PM IST