Thank you for the feedback and apologies for the delayed response.
Auto-detecting proxy settings from the browser is on the to-do list for GetSusp and will be addressed in the next release. GetSusp already supports AD authentication and will prompt for proxy credentials.
One can use the command line options to remotely deploy GetSusp via ePO or PSEXEC with user specified options. An alternate method is to provide GetSusp.exe along with all the settings you want saved in the accompanying GetSusp.opt file. The end user will only have to click scan and it will read pre-configured settings from the GetSusp.opt file.
Ability to easily add other files to the package to be sent to McAfee
If there are executable files that GetSusp missed - please escalate on the forum so that the team can investigate. We don't want to make GetSusp into a custom McAfee sample submission tool and would instead prefer GetSusp to submit files based on its own selection criteria.
There is an undocumented command line switch to perform custom scan of a file or folder and submit sample if it meets the suspicious criteria for GetSusp.
getsusp.exe --scanpath=c:\ (scans all files in c:\ which has been modified in last 10 days by default)
getsusp.exe --scanpath=c:\ --date=15 (scans all files in c:\ and also allows for specifying custom date range)
Let us know if you have more questions and we'll be glad to oblige.
Is there any documentation around how to run McAfee getsusp via psexec on a remote host? What commands do you need to invoke to make this happen?
I appreciate any feedback.