1 2 Previous Next 17 Replies Latest reply on Jul 15, 2011 9:32 AM by sgrimmel

    McAfee GetSusp


      A placeholder for hosting the latest version of GetSusp. Current version is GetSusp (build date 21st Jan 2011)


      GetSusp Product Guide: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22668/en_US/GetSusp.pdf
      GetSusp FAQ: https://kc.mcafee.com/corporate/index?page=content&id=KB69385


      GetSusp – Change Log:


      + GetSusp will always run with highest available user rights on windows Vista and Windows 7 (no explicit need to right click and choose to run program as administrator). A side effect of this change is Windows User Account Control will prompt to run this program for any user with administrator rights. - Requested by Sutherland.


      + Hyperlink for folder path in files.xml. To allow for a user to click the path to a file link to launch explorer and easily get to the location of a suspicious sample - Requested by Sutherland.


      + Parsing of autorun.inf file to scan the referenced executable. - Requested by Department of Transport and Main Roads.


      + Miss on an Autorun backdoor using .SOS file extension: Md5: C4C6788529CB99263B4697FFAF92E5A4 - Reported by Department of Transport and Main Roads.


      + GetSusp to zip only unique copies of files irrespective if they have different file names or file paths.  Requested by Department of Transport and Main Roads.


      + Only create GetSusp.xml once GetSusp finishes - until the duration of the scan it will be named GetSusp.tmp. This allows a user running GetSusp remotely to know when a scan completes - Requested by Department of Transport and Main Roads.


      + Command line parameters should override getsusp.opt option file - Requested by Tyco Electronics & McAfee QA.


      + If specified proxy settings fails, GetSusp will attempt a direct internet connection to post logs to McAfee.- Requested by Tyco Electronics.


      + Service Request number fix. - Reported by Tyco Electronics & Martin Tripp.


      + Command line switch to perform custom scan of a drive or folder. This switch is undocumented in the help menu currently. -  Requested by McAfee Support.


      getsusp.exe --scanpath=c:\                   (scans all files in c:\ which has been modified in last 10 days by default)
      getsusp.exe --scanpath=c:\ --date=15    (scans all files in c:\ and also allows for specifying custom date range)


      The latest version of GetSusp is hosted at: http://downloadcenter.mcafee.com/products/mcafee-avert/GetSusp/GetSusp.exe


      Note: We will not be posting GetSusp-ePO builds publically henceforth. It will be provided on request.


      Message was edited by: vinoo on 18/7/11 4:54:15 PM IST
        • 1. Re: McAfee GetSusp



          I appreciate your efforts with the EPO integration.  What is the proper way to request the EPO package for EPO 4.5.



          • 2. Re: McAfee GetSusp

            Hi Chris - just mailed you the link which always hosts the latest GetSusp-ePO package.

            • 3. Re: McAfee GetSusp



              I downloaded the GetSusp and ran it on a friend's computer which is really messed up with multiple viruses, I deleted the appropriate files, and ran another program which says there are more virused files, so I ran it again on 4/2 and received a message from the scan program saying "This Product is outdated."


              Can you send me a link to the latest update so I can finish fixing this computer?


              I appreciate you assistance.



              • 4. Re: McAfee GetSusp
                Vinod R

                You may diregard the out dated message. The tool will scan and parse the updated file databases anyway. As soon as a new build finishes a battery of tests it will be released.

                • 5. Re: McAfee GetSusp

                  Thank you.  I reran it to see what I missed the first time, and the only suspicious file it found was itself. LOL


                  I ran a SystemAnalyzer tool which tells me if there are viruses, etc, and what types they are, but with all of the virus specific patches (which come up empty), GetSusp, Stinger, and antivirus I have run on that computer, I still come up with 1 virus and 2 Trojan entries, but if GetSusp considers itself a virus then that explains one entry.



                  • 6. Re: McAfee GetSusp
                    Vinod R

                    ok.. when Getsusp is running it will be locked and in secure mode hence will be reported by the tool itself if happened to be in scan locations--its as expected.


                    Why don;t you attach the Getsusp logs file ( it would be zipped format with name getsupsNUMBERS.zip).. and one of us could check and see what was reported as suspicious?

                    • 7. Re: McAfee GetSusp

                      I would but there is nothing to send....it found nothing suspicious this last time. 


                      I dl'd spybot s&d and malware bytes as well, and they cleaned up several viruses and other garbage which the patches and antivirus missed, then everything came up clean after running them the second time.  All 3 came back clean, so I am rerunning the system analysis tool to see if it reports anything missed.....but so far so good, considering how many virus and other garbage were on this computer before I started cleaning it. (The antivirus I installed found over 1400 files which were virused, spyware, or malware, etc, in one form or another on the first sweep.)  Strangely enough Spybot S&D did a better job or cleaning up the Koob Worm than the Koob patch, which did not find the files.  Is there a McAfee program which will do the same thing, more efficiently?

                      • 8. Re: McAfee GetSusp



                        I would also love to have the link which always hosts the latest GetSusp-ePO package if possible.



                        • 9. Re: McAfee GetSusp

                          Sent offlist

                          1 2 Previous Next