Friday, 4 November 2011

McAfee GetSusp malware submission tool

Introduction
McAfee have a free tool called GetSusp, it is useful for those times when you feel you have a malware (virus, spyware, etc) infection but your anti-virus software hasn't detected anything. GetSusp is not a scanner/cleaner, it only checks for suspicious files and sends them to McAfee's labs for analysis.


Download
Click http://www.mcafee.com/us/downloads/free-tools/getsusp.aspx
Click Download this tool now, it's about 1.4MB in size (as of November 2011)


Preferences
Double click GetSusp.exe
Click Preferences 




Enter your E-mail address - this is for McAfee Labs to contact you with their analysis.

The Save Location is where the output file will be made and also the report file, if you create one. By default the Save Location is where the GetSusp.exe is located.

The Execution Mode should be Online because otherwise it will not use McAfee's online database to check whether files are known malware or not. As this tool is specifically for sending information on suspicious files to McAfee it makes sense to always run it in Online mode.

Click OK when you are finished.


Scan Now
Click Scan Now


It will take a few minutes to run, be patient. When it has finished you'll see something like the following:
GetSusp scan identified (39) Suspicious file(s) and (20) Unknown file(s).

Scan results are saved at C:\Temp\gsusp_110411_103342.zip.
Suspicious samples if any have been successfully delivered to McAfee Labs.


Click File | Save report to file - this makes a file called GetSusp.txt that lists the results. You could use this to help you identify suspect files yourself. Or just wait and McAfee Labs will contact you (as long as you entered your e-mail address as explained above.


Conclusion
I haven't used this tool extensively but already I feel this is a good move by McAfee. Previously you would have to manually decide on which files you thought were suspect, zip them and upload them to McAfee's support centre for analysis. That was ok but of course if you were not sure which files were infected, it might waste some time.

Of course McAfee have had Artemis technology in their products for some time now. Artemis is in their scanners and it checks via the internet for suspect files and can clean files immediately without waiting for full analysis. It's fast and excellent... but it does suffer from false-positives (it makes mistakes) when set to high scan level. Using the GetSusp tool looks like a better alternative if you are worried about a scanner accidentally deleting your files.


Reference
Download GetSusp
McAfee GetSusp FAQ

Post a Comment