4 Replies Latest reply on Feb 6, 2015 12:19 AM by pavol_hevier

    GetSusp detection location

    pavol_hevier

      Hello all. I just identified malware in our environment and started GetSusp (via EPO)  to gather the suspicious files. I was surprised GetSusp didn't found anything even manual search was very simple. The malware file was an EXE with system and hidden attribute stored directly in folder C:\Users\name (not any subfolder). From my experience this location mostly do not contain any exe files and should be considered highly suspicious. Could the developers consider GetSusp to be miodified so it is checking this location?