3 Replies Latest reply on Dec 6, 2014 5:54 PM by exbrit

    Does GetSusp Use An Old Protocol To Access The WWW ?

    exbrit

      Apolgies that a Moderator should have to ask questions but it has been a while since I used this MGS.

       

      Questions at the end. As a routine I just ran GetSusp and it found the usual suspects, all OK and well known (except to the labs obviously - BOINC Grid Computing & ASUS & Alienware software I use regularly) but the problem was it couldn't submit logs or samples "no internet connection" and I'm using a wired LAN - the only connection in Network Center.


      Is it by any chance using that old protocol the retail VirusScan used to use in the GUI for submission that most ISP's have now blocked?  Sorry can't remember the technical name given to the protocol.

       

      Also are discovered files removed or simply flagged?   I don't see any problem with the software it marked in red as "Suspect".

       

      Note to other Mods, this is a technical question that only Vinoo can answer.


        • 1. Re: Does GetSusp Use An Old Protocol To Access The WWW ?
          exbrit

          Postscript:  A 2nd run successfully submitted them so not sure why the first had trouble,

          See attached.  Questions still stand, however.

          • 2. Re: Does GetSusp Use An Old Protocol To Access The WWW ?
            exbrit

            Email from the labs:

             

            Synopsis:

             

            Upon analysis we found that the submitted ZIP file contained only the logs generated during the GetSusp scan. The data in the logs will be used for prevalence purposes.

             

            Filename                                              Failure Reason                                                                 Machine Name

            ========                                              ==============                                                                 ========

            gsusp_CBFDD124104B_120614_110549.zip                  The submitted zip file has no viable samples for analysis                      R2D2

             

            Which is correct as I selected logs only for submission.  I'm reluctant to allow the files to be submitted as I don't want to end up with at least two pieces of software malfunctioning, assuming the software puts the files into quarantine.

            • 3. Re: Does GetSusp Use An Old Protocol To Access The WWW ?
              exbrit

              OK I've answered my own question with the help of a colleague catdaddy

              GetSusp doesn't quarantine files, it merely forwards samples for analysis, which it succeeded in doing at the second attempt.

              The labs very quickly analyzed my latest scan and provided an extra.dat which unfortunately can't be used in Consumer products but they also stated that the software would be cleared in the next update.

              WorkItemID: 1522577

               

              Note the attachments in response #1 don't apply as that was my first attempt.  I re-ran the software, this time submitting the files rather than logs only, and once finished the submission occurred at the second try,