2 Replies Latest reply on Apr 16, 2012 5:33 AM by spederse

    McAfee GetSusp


      This post is a placeholder for announcing a newer version of GetSusp. Latest released version is GetSusp (build date 1st, April 2012)


      GetSusp download: http://getsusp.mcafee.com




      1. Enhanced rogue digital signature detection for digitally signed malware.


      2. Scanning of hot locations

      GetSusp to scan a built-in list of hot location directories. For locations pointing to user directories - GetSusp will enumerate and scan into all user profile directories on that machine.


      3. Smart scanning of Autorun.inf files

      If the executable referred by an autorun.inf is found to be clean (digitally signed or GTI whitelist) but the autorun.inf is unknown, then GetSusp should ignore the autorun.inf and not report or zip it.


      4. Packed files suspicious criteria

      If an executable file is packed or encrypted and not digitally signed, unknown to GTI - it must be reported in the Suspicious section of files.xml.


      5. Add partial GUID of machine to GetSusp zip filename.

      To avoid collisions - calculate GUID of machine and include in GetSusp zip filename.


      6. Proxy detection from a PAC file.

      GetSusp UI has been modified as well.


      7. Fetch a particular file from a remote machine. (to be specified in ePO)

      getsusp.exe --scanpath=”full path to file on remote machine” --zippath=”where to copy file locally”


      8. Run GetSusp ePO task as domain or local admin instead of SYSTEM which is the default. (to be specified in ePO)

      getsusp.exe --username=DOMAINNAME\USERNAME --password=PASSWORD