2 Replies Latest reply on Jun 24, 2010 8:25 AM by vinoo

    Checking the results

      Hey, I am new here. Just tried to post a blog. It probably did not work. I'll try here in stead.

       

      I tried to run getsusp twice on my own PC

      It seems to work ok and to my surprise it seemed to actually upload the results. But what do I do from here; Can I get some kind of feed-back on the upload?

      I know that this is not a real case but just to get an idea of how the whole scenario works in real life.

       


      Cheers,
      Kim Pedersen
      Danisco

        • 1. Re: Checking the results
          vinoo

          Hi Kim,

           

          Once GetSusp runs successfully and uploads suspect file information to McAfee Labs. it will create a zip file in the same directory from where you ran GetSusp.exe. The password for the zip file is "infected". Once you extract the contents, open "GetSusp.xml" - the report which displays files flagged as suspicious on the machine it was run. The report is detailed and allows a trained eye to easily spot the odd file out for further investigation.

           

          The backend is not in place for the GetSusp beta. Once the backend is functional you should receive a SAC ID for the zip file that was uploaded - similar to what you would get if a sample was submitted by email.

           

          Regards,
          Vinoo

          • 2. Re: Checking the results
            vinoo

            Hi Kim,

             

            GetSusp backend integration with McAfee automation systems is complete. If one were to specify their email address in the GetSusp preferences, an acknowledgement email is sent for every sample submission. This email will contain a listing of the files submitted and a WorkItemID / tracking number that can used to follow up with support. Give it a try and let me know what you think.

             

            Regards,
            Vinoo Thomas
            Technical Product Manager, McAfee Labs

             

             

            Message was edited by: Vinoo Thomas on 6/24/10 8:25:38 AM CDT