Sometimes you just want a second opinion on the health of a windows machine, particularly after McAfee detects malware on a machine and claims to have "handled" it or, even worse when it admits it didn't handle it and you attempt a modicum of manual remediation. Too often, a malware infection can occur that [insert AV program name] can't detect for various reasons, or is a multi-tentacled threat of which VSE only detects some of the tentacles. This isn't a dig on VSE specifically because all AV products suffer this same inherent issue of "you can't detect everything." As such, there are these times when a machine you're investigating could really use a second opinion and a clean VSE scan isn't enough to convince you of its health.
Q: what's a good (preferably free) command-line or low installation overhead second-opinion malware scanner for spot technician use?
Ideally, I'd like to avoid installing anything additional on every workstation we deal with, but rather often, there are situations where I'm worried about a box, and know enough about the limitations of antivirus technology to yearn for another scan engine/defs (i.e. something other than Mcafee VSE) to be run over the machine.
Surely I can't be the only person who's had this thought... so I'm curious what else is out there for such a task? Is there a command line scanner offered by a competitor that's licenseable in this way for one off command line technician use?
What I've looked into without great success yet--opinions welcome:
Thanks for any shared experience on this front!
Message was edited by: Regis to modify first paragraph to explain the use case a little more fully. on 10/7/10 7:46:05 AM CDTMessage was edited by: Regis typo on 10/13/10 7:42:53 AM CDT
I'm not aware on that issue since i;m not using IE heavily previously...
Currenly I;m using both Virusscan 8.7 patch 3 & MSE..no issue with my IE.
MSE did good job on covering new malware which is not yet updated by virusscan..
Thanks for the responses. I'm familiar with MSE insofar as I use it on my personal box and know it has a better than expected reputation for being pretty good... what I'm not sure though is -- can it be installed without real-time detection enabled and then be used just as an on-demand scanner? If so, it would be a nice fit.
Ah darnit. Unfortunately, Microsoft Security Essentials would not be permitted for use in a Corporate environment as it's not included in the license terms.
Use. You may install and use any number of copies of the software on your devices in your household for use by people who reside there or for use in your home-based small business.
Free av normally for personal/home user/education purpose not for enterprise..
good to check av comparative http://www.av-comparatives.org/
From what i've seen enterprise go for mcAfee Virusscan because of manageable.. -> ePO..
I wanted to give this a bump as I'm having a hard time believing everyone just takes McAfee VSE's word for these edge cases. 🙂
Appreciate any further thoughts!
Have you considered one of the online scanners from other trusted AV companies
Kaspersky (currently unavailable, but due back online in the near future).
This of course requires that you are happy with their websites downloading Active-X/Java down to your machine and running it to do a scan.
Another possibility is one of the Rescue CD's available:
AFAIK there are no licensing issues with any of the above (for corporate users), but of course you need to check things out yourself.
Mal09, thanks for the reply. Those are excellent from the licensing/cost perspective. Unfortunately the interactive nature that I believe those scans have would require either kicking the user off their machine or doing an obtrusive remote take over, unless I'm mistaken. The more I think about this, the more I want to do a dedicated machine running alternate av and just drive mapping c$ of the suspect box to it and scan over the wire.
I guess I'm surprised this isn't a more heavily travelled area of procedure.