8 Replies Latest reply on Oct 25, 2013 2:52 PM by vinoo

    McAfee GetSusp


      We're pleased to announce a newer version of GetSusp. Latest released version is GetSusp (build date 11th, Oct 2013)


      GetSusp download: http://getsusp.mcafee.com
      GetSusp-ePO: KB70405




      1. Fixed a digital signature verification issue on Win 8.

      2. GetSusp is now compiled on Visual Studio 2010. This raises the minimum supported OS to WinXp Sp2 and higher.

      3. Update to the zip compression algorithm.

      4. GetSusp now auto checks if a newer package is available at launch and will alert the user.

      5. Updated scan locations on 64bit systems.
      6. GetSusp ePO package now available via ePO Software Manager. (Thank you Steen!)

        • 1. Re: McAfee GetSusp

          Is there a new flag that I should use to disable the update check that you describe below?  I don’t think we want this happening all the time.  Sometimes the user needs to be unaware that the tool is running.

          • 2. Re: McAfee GetSusp

            Getsusp.exe --ePO


            The ePO switch supresses any warnings.

            • 3. Re: McAfee GetSusp

              I think that is working however; the time for Getsusp seems be getting longer.  Any suggestions on monitoring to make sure it is going fairly fast.  If you want I can get a previous version and test but I am assume that some of the new pathing etc.. is taking more time.

              • 4. Re: McAfee GetSusp

                By how much longer does a scan take now?

                Each GetSusp scan will list how many files it scanned. It's captured as part of the raw getsusp.xml (end of file).  Please compare scan using different versions and let me know the scan times and how many files got scanned.

                • 5. Re: McAfee GetSusp



                  Here are my initial results but I am dubios.  Would it be better to do a reboot between scans?  Is something getting cached that I may need to remove to get a better test.


                  VersionIdentified FilesStart TimeEnd TimeDelta
                  • 6. Re: McAfee GetSusp

                    The Artemis DNS lookups are cached

                    Ipconfig /flushdns will clear the cache and the next scan will lookup every file again.

                    • 7. Re: McAfee GetSusp

                      Never mind.  It was probably just my perception anyway.


                      I do notice that if a company is using some software from Oracle a new driver is inserted into domain controllers in particular to obtain a users clear text password for use later.


                      Have you seen any malware using this feature to grap credentails?  I would be unusal if found though as I would consider this difficult to pull off and there are probably easier ways.

                      • 8. Re: McAfee GetSusp

                        Sorry, haven't heard of such malware. Have been retired from the research scene for a while.