cancel
Showing results for 
Search instead for 
Did you mean: 
Regis
Level 12
Report Inappropriate Content
Message 1 of 18

recommend a good, preferably free "second opinion" scanner?

Sometimes you just want a second opinion on the health of a windows machine, particularly after McAfee detects malware on a machine and claims to have "handled" it or, even worse when it admits it didn't handle it and you attempt a modicum of manual remediation.   Too often, a malware infection can occur that [insert AV program name] can't detect for various reasons, or is a multi-tentacled threat of which VSE only detects some of the tentacles.   This isn't a dig on VSE specifically because all AV products suffer this same inherent issue of "you can't detect everything."  As such, there are these times when a machine you're investigating could really use a second opinion and a clean VSE scan isn't enough to convince you of its health.

Q:  what's a good (preferably free) command-line or low installation overhead second-opinion malware scanner for spot technician use?

Ideally, I'd like to avoid installing anything additional on every workstation we deal with, but rather often, there are situations where I'm worried about a box, and know enough about the limitations of antivirus technology to yearn for another scan engine/defs (i.e. something other than Mcafee VSE) to be run over the machine.

Surely I can't be the only person who's had this thought...   so I'm curious what else is out there for such a task? Is there a command line scanner offered by a competitor that's licenseable in this way for one off command line technician use?

What I've looked into without great success yet--opinions welcome:

  • Malwarebytes has always been nice to use in a personal use environment... but I'll be darned if I have succeeded in getting a quote from them for a handful of technician licenses for such a duty.
  • There's also something out there named multi_av.exe  which used to be a KIX batch bundling of 4 vendors' command line scanners.  I don't know if it still exists, and I'm not sure I ever really trusted it, and I'm not sure whether the licenses for the individual components were ever kosher with respect to corporate use. 
  • Buy a handful of licenses of a competitor's corporate product, put them on a dedicated diagnosis machine, and mount administrative shares to the target pc and scan from there? 
  • ClamAV on a Linux box, and perhaps moutn an  administrative share on the target box  and scan?

Thanks for any shared experience on this front!

Message was edited by: Regis  to modify first paragraph to explain the use case a little more fully.  on 10/7/10 7:46:05 AM CDT

Message was edited by: Regis  typo on 10/13/10 7:42:53 AM CDT
17 Replies

Re: recommend a good, preferably free "second opinion" scanner?

Microsoft Security Essentials http://www.microsoft.com/security_essentials/

U4iA
Level 7
Report Inappropriate Content
Message 3 of 18

Re: recommend a good, preferably free "second opinion" scanner?

MSE caused some problems with IE in the past when both scanning realtime. Is this resolved after Patch 2?

Re: recommend a good, preferably free "second opinion" scanner?

I'm not aware on that issue since i;m not using IE heavily previously...

Currenly I;m using both Virusscan 8.7 patch 3 & MSE..no issue with my IE.

MSE did good job on covering new malware which is not yet updated by virusscan..

Regis
Level 12
Report Inappropriate Content
Message 5 of 18

Re: recommend a good, preferably free "second opinion" scanner?

Thanks for the responses.  I'm familiar with MSE insofar as I use it on my personal box and know it has a better than expected reputation for being pretty good... what I'm not sure though is -- can it be installed without real-time detection enabled and then be used just as an on-demand scanner?    If so, it would be a nice fit.

Regis
Level 12
Report Inappropriate Content
Message 6 of 18

Re: recommend a good, preferably free "second opinion" scanner?

Ah darnit.  Unfortunately, Microsoft Security Essentials would not be permitted  for use in a Corporate environment as it's not included in the license  terms.

http://www.microsoft.com/security_essentials/eula.aspx#mainNav

Use. You may  install and use any number of copies of the software on your devices in  your household for use by people who reside there or for use in your  home-based small business.

Re: recommend a good, preferably free "second opinion" scanner?

Free av normally for personal/home user/education purpose not for enterprise..

good to check av comparative http://www.av-comparatives.org/

From what i've seen enterprise go for mcAfee Virusscan because of manageable.. -> ePO..

Regis
Level 12
Report Inappropriate Content
Message 8 of 18

Re: recommend a good, preferably free "second opinion" scanner?

I wanted to give this a bump as I'm having a hard time believing everyone just takes McAfee VSE's word for these edge cases.  🙂

Appreciate any further thoughts!

Mal09
Level 12
Report Inappropriate Content
Message 9 of 18

Re: recommend a good, preferably free "second opinion" scanner?

Have you considered one of the online scanners from other trusted AV companies

F-Secure http://www.f-secure.com/en_EMEA/security/tools/online-scanner/

Kaspersky (currently unavailable, but due back online in the near future).

This of course requires that you are happy with their websites downloading Active-X/Java down to your machine and running it to do a scan.

Another possibility is one of the Rescue CD's available:

F-Secure http://www.f-secure.com/en_EMEA/security/tools/rescue-cd/

Kaspersky http://support.kaspersky.com/faq/?qid=208282173

AFAIK there are no licensing issues with any of the above (for corporate users), but of course you need to check things out yourself.

Regis
Level 12
Report Inappropriate Content
Message 10 of 18

Re: recommend a good, preferably free "second opinion" scanner?

Mal09, thanks for the reply.   Those are excellent from the licensing/cost perspective.  Unfortunately the interactive nature that I believe those scans have would require either kicking the user off their machine or doing an obtrusive remote take over, unless I'm mistaken.     The more I think about this, the more I want to do a dedicated machine running alternate av and just drive mapping c$ of the suspect box to it and scan over the wire.

I guess I'm surprised this isn't a more heavily travelled area of procedure.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community