2 Replies Latest reply on Oct 10, 2014 9:15 AM by rebel2

    GetSusp Feature Requests

      Hi Guys, the new getsusp tool is looking good, it would be potentially very useful for us, however would it be possible to add a couple of features please?

       

      Proxy -

      - Proxy awareness is not very good, I had to manually go into the settings and add my proxy details - (Our Corp Standard is Windows 7 64bit, Internet Explorer 8)

           Within our company anyone can submit a virus sample, they won't necissarily be very technical, and highly unlikely to know our proxy ip and port numbers they run on.

           We aren't doing anythnig weird with our IE proxy settings, so no reason why this shouldnt work.

      - Proxy Authentication -most large corporates have proxy authentication in order to ensure authorised staff only are connecting to the proxy - there is no facility with the current tool enter AD credentials, so at this present time we cannot use your tool as it will not submit to McAfee.

       

      We also dont allow sending of samples via email.

       

      UI Configuration

      - Is it possible to tweak the UI to automate this more? within our company it would be good if we can script it to hide options we dont want the submitter to use, and embed the correct email address automaticlly etc so that we know when samples have been submitted. Where possible, if we can script it so that the end user just has to click one button, not have to fiddle with preferences, then we can embed all the other information.

       

      Ability to easily add other files to the package to be sent to McAfee

      - most of the reason our guys will be submitting something is if they see a new suspect file/files appear on our systems, if getsusp doesnt tag it as suspicious we want it to be easy for the submitter to add additional files before its bundled up and sent.

        • 1. GetSusp Feature Requests
          vinoo

          Thank you for the feedback and apologies for the delayed response.

           

          Proxy:
          Auto-detecting proxy settings from the browser is on the to-do list for GetSusp and will be addressed in the next release. GetSusp already supports AD authentication and will prompt for proxy credentials.

           

          UI Configuration:
          One can use the command line options to remotely deploy GetSusp via ePO or PSEXEC with user specified options. An alternate method is to provide GetSusp.exe along with all the settings you want saved in the accompanying GetSusp.opt file. The end user will only have to click scan and it will read pre-configured settings from the GetSusp.opt file.

           

          Ability to easily add other files to the package to be sent to McAfee
          If there are executable files that GetSusp missed - please escalate on the forum so that the team can investigate. We don't want to make GetSusp into a custom McAfee sample submission tool and would instead prefer GetSusp to submit files based on its own selection criteria.

           

          There is an undocumented command line switch to perform custom scan of a file or folder and submit sample if it meets the suspicious criteria for GetSusp.

          getsusp.exe --scanpath=c:\                   (scans all files in c:\ which has been modified in last 10 days by default)
          getsusp.exe --scanpath=c:\ --date=15    (scans all files in c:\ and also allows for specifying custom date range)

           

          Let us know if you have more questions and we'll be glad to oblige.

          • 2. Re: GetSusp Feature Requests
            rebel2

            Vinoo,

             

            Is there any documentation around how to run McAfee getsusp via psexec on a remote host? What commands do you need to invoke to make this happen?

             

            I appreciate any feedback.

             

            Thanks,

             

            Rebel2