3 Replies Latest reply on Nov 24, 2010 2:33 PM by vinoo

    Getsusp backend process update??

    HBullock

      What is the status of the Getsusp backend process for processing data that the tool automatically sends?

       

      Are we in a state where I can more regularly rely on having remote admins use this tools to gather malware instead of manually tracking it down?

       

      What is the turnaround time to provide analysis and extra.dat files?

       

      How do we get our Platinum status stamped on the Getsusp file to insure timely processing and queue placement?

       

       

      Message was edited by: HBullock on 10/27/10 1:00:28 PM CDT
        • 1. Re: Getsusp backend process update??
          vinoo

          Currently we are using GetSusp submissions for tracking prevalence. Only prevalent files get whitelisted or blacklisted.

           

          Excepting rootkits - GetSusp has a high success rate in isolating malicious files. On a corporate network - once we whitelist most of the common files - the reports are fairly easy to spot the odd files out.

           

          For now - please escalate the workitem id via the portal or email for a speedy response and extra.dat. The tool is still in beta - we don't have dedicated personnel looking at every incoming submission.

           

          The backend automation systems auto tag incoming submissions as platinum or gold by looking up the entitlement status of the email domain. All you would had to do is specify your corporate email address in GetSusp preferences.

          • 2. Re: Getsusp backend process update??
            HBullock

            Another month has passed. Is there any update on backend processing?

             

            When will Getsusp not be Beta and start production processing of reported files?

             

            Also if I escalate the Work Item ID number via the portal, I assume I do not need to also submit the archive file. Is that correct?  If I just escalate the Work Item ID number, how will extra.dat files be handled? Normally sample files submited via the portal provide a download link when an extra.dat file is available for the sample.

            • 3. Re: Getsusp backend process update??
              vinoo

              In next month's sprint cycle - the backend automation for GetSusp is being enhanced to respond with exta.dats. Whenever a sample is submitted via GetSusp:

               

              - if its already detected in Daily DATs. an email requesting to update to latest dats is sent.
              - if its already detected in Beta DATs, an extra.dat will be sent.
              - if detection is add by a researcher or automation post submission - the system will automatically respond with an extra.dat.

               

              For now - you would have to manually post the archive or pick only the suspicious files and submit them to the Portal to receive an extra.dat.