Skip navigation
McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
10229 Views 17 Replies Latest reply: Jul 15, 2011 9:32 AM by sgrimmel RSS 1 2 Previous Next
vinoo McAfee Employee 513 posts since
Apr 9, 2010
Currently Being Moderated

Jul 18, 2011 6:24 AM

McAfee GetSusp 3.0.0.126

A placeholder for hosting the latest version of GetSusp. Current version is GetSusp 3.0.0.126 (build date 21st Jan 2011)

 

GetSusp Product Guide: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22668/en_US/GetSusp.pdf
GetSusp FAQ: https://kc.mcafee.com/corporate/index?page=content&id=KB69385

 

GetSusp 3.0.0.126 – Change Log:

 

+ GetSusp will always run with highest available user rights on windows Vista and Windows 7 (no explicit need to right click and choose to run program as administrator). A side effect of this change is Windows User Account Control will prompt to run this program for any user with administrator rights. - Requested by Sutherland.

 

+ Hyperlink for folder path in files.xml. To allow for a user to click the path to a file link to launch explorer and easily get to the location of a suspicious sample - Requested by Sutherland.

 

+ Parsing of autorun.inf file to scan the referenced executable. - Requested by Department of Transport and Main Roads.

 

+ Miss on an Autorun backdoor using .SOS file extension: Md5: C4C6788529CB99263B4697FFAF92E5A4 - Reported by Department of Transport and Main Roads.

 

+ GetSusp to zip only unique copies of files irrespective if they have different file names or file paths.  Requested by Department of Transport and Main Roads.

 

+ Only create GetSusp.xml once GetSusp finishes - until the duration of the scan it will be named GetSusp.tmp. This allows a user running GetSusp remotely to know when a scan completes - Requested by Department of Transport and Main Roads.

 

+ Command line parameters should override getsusp.opt option file - Requested by Tyco Electronics & McAfee QA.

 

+ If specified proxy settings fails, GetSusp will attempt a direct internet connection to post logs to McAfee.- Requested by Tyco Electronics.

 

+ Service Request number fix. - Reported by Tyco Electronics & Martin Tripp.

 

+ Command line switch to perform custom scan of a drive or folder. This switch is undocumented in the help menu currently. -  Requested by McAfee Support.

 

getsusp.exe --scanpath=c:\                   (scans all files in c:\ which has been modified in last 10 days by default)
getsusp.exe --scanpath=c:\ --date=15    (scans all files in c:\ and also allows for specifying custom date range)

 

The latest version of GetSusp is hosted at: http://downloadcenter.mcafee.com/products/mcafee-avert/GetSusp/GetSusp.exe

 

Note: We will not be posting GetSusp-ePO builds publically henceforth. It will be provided on request.

 

Message was edited by: vinoo on 18/7/11 4:54:15 PM IST
  • cdobol Apprentice 159 posts since
    Feb 23, 2009
    Currently Being Moderated
    1. Mar 17, 2011 8:52 AM (in response to vinoo)
    Re: McAfee GetSusp 3.0.0.126

    Vinoo,

     

    I appreciate your efforts with the EPO integration.  What is the proper way to request the EPO 3.0.0.126 package for EPO 4.5.

     

    Chris

  • angelikah Newcomer 3 posts since
    Apr 3, 2011
    Currently Being Moderated
    3. Apr 3, 2011 11:44 AM (in response to vinoo)
    Re: McAfee GetSusp 3.0.0.126

    Hello,

     

    I downloaded the GetSusp 3.0.0.126.exe and ran it on a friend's computer which is really messed up with multiple viruses, I deleted the appropriate files, and ran another program which says there are more virused files, so I ran it again on 4/2 and received a message from the scan program saying "This Product is outdated."

     

    Can you send me a link to the latest update so I can finish fixing this computer?

     

    I appreciate you assistance.

     

    Angelika

  • vinod_r2 McAfee Mentor 3,126 posts since
    Feb 15, 2008
    Currently Being Moderated
    4. Apr 3, 2011 12:02 PM (in response to angelikah)
    Re: McAfee GetSusp 3.0.0.126

    You may diregard the out dated message. The tool will scan and parse the updated file databases anyway. As soon as a new build finishes a battery of tests it will be released.


    Regards
    VR
  • angelikah Newcomer 3 posts since
    Apr 3, 2011
    Currently Being Moderated
    5. Apr 3, 2011 12:28 PM (in response to vinod_r2)
    Re: McAfee GetSusp 3.0.0.126

    Thank you.  I reran it to see what I missed the first time, and the only suspicious file it found was itself. LOL

     

    I ran a SystemAnalyzer tool which tells me if there are viruses, etc, and what types they are, but with all of the virus specific patches (which come up empty), GetSusp, Stinger, and antivirus I have run on that computer, I still come up with 1 virus and 2 Trojan entries, but if GetSusp considers itself a virus then that explains one entry.

     

    Angelika

  • vinod_r2 McAfee Mentor 3,126 posts since
    Feb 15, 2008
    Currently Being Moderated
    6. Apr 3, 2011 12:55 PM (in response to angelikah)
    Re: McAfee GetSusp 3.0.0.126

    ok.. when Getsusp is running it will be locked and in secure mode hence will be reported by the tool itself if happened to be in scan locations--its as expected.

     

    Why don;t you attach the Getsusp logs file ( it would be zipped format with name getsupsNUMBERS.zip).. and one of us could check and see what was reported as suspicious?


    Regards
    VR
  • angelikah Newcomer 3 posts since
    Apr 3, 2011
    Currently Being Moderated
    7. Apr 3, 2011 7:31 PM (in response to vinod_r2)
    Re: McAfee GetSusp 3.0.0.126

    I would but there is nothing to send....it found nothing suspicious this last time. 

     

    I dl'd spybot s&d and malware bytes as well, and they cleaned up several viruses and other garbage which the patches and antivirus missed, then everything came up clean after running them the second time.  All 3 came back clean, so I am rerunning the system analysis tool to see if it reports anything missed.....but so far so good, considering how many virus and other garbage were on this computer before I started cleaning it. (The antivirus I installed found over 1400 files which were virused, spyware, or malware, etc, in one form or another on the first sweep.)  Strangely enough Spybot S&D did a better job or cleaning up the Koob Worm than the Koob patch, which did not find the files.  Is there a McAfee program which will do the same thing, more efficiently?

  • redbeardrc Newcomer 41 posts since
    Feb 24, 2009
    Currently Being Moderated
    8. Jun 9, 2011 2:00 PM (in response to vinoo)
    Re: McAfee GetSusp 3.0.0.126

    Vinoo,

     

    I would also love to have the link which always hosts the latest GetSusp-ePO package if possible.

     

    -Dave

1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (1)