McAfee GetSusp

Discussion in 'Security software releases' started by Petrovic, Sep 3, 2016.

  1. Petrovic

    Petrovic Forum Addict Silver Member

    [​IMG]

    McAfee GetSusp is a free program for Microsoft Windows devices designed to sniff out malware that resident security solutions did not detect.

    The program is not new, it was last updated in 2013, but uses McAfee's Global Threat Intelligence (GTI) File Reputation database, to determine whether a file is suspicious.

    Word of warning: the program will submit files to McAfee by default for analysis according to the terms of service that you need to accept not only before download but also before you run the program.

    While that may not be a problem for most home users, as the program concentrates on executable files, it will likely be one for privacy conscious users and businesses.

    The main issue with the approach is that you don't get a say during the scanning. It would be user friendly if the program would display prompts for any file that it plans to transfer to the service for further analysis. That's however not the case.
    Full Article

    Download: http://www.mcafee.com/us/downloads/free-tools/getsusp.aspx
     
    wwd, RGiskardR, silversurfer and 2 others like this.
  2. Google Adsense

  3. revC0de

    revC0de MTAC Moderator Staff Member

    Its power is based on a combination of heuristic analysis and the indications of the McAfee Global Threat Intelligence(GTI) technology, for this reason when we start the scan, we need to be connected to the Internet in order to allow for these consultations.
    According to it, my system is clean. :cool:

    Cattura1.PNG

    Network activity
    Cattura.PNG
     
  4. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    EIS HIPS & Firewall seems to not trust this soft, which is good, as it accesses critical parts of the system (like real malware would do), and let's the user decide on what to do. However, the cloud confirms the software is safe.

    My system is safe as well, the detection is a false positive (HaoZip might be called PUP/PUA as it tries to install some other stuff, however, the one I installed is a localized version).
    It seems as if you can deactivate auto-submission of both logs and samples to McAfee in Preferences?

    @revC0de what do you think about employing this tool in MTAC?

    behaviour.JPG firewall.JPG scan.JPG haozip.JPG preferences.JPG

    EDIT: My main machine (non-malware-testing purposes, do-it-all, including online banking) is safe as well, same results like in the screenshots above.
     
    wwd, Trim, revC0de and 3 others like this.
  5. revC0de

    revC0de MTAC Moderator Staff Member

    Of course, we can also use it as final second opinion scanner! :)
     
    wwd, RGiskardR, Trim and 2 others like this.
  6. Trim

    Trim MTAC Moderator Staff Member

    Yes I knew this software by McAfee, it is light, and it seems to be efficient.
    Great share @Petrovic
     
    Petrovic, revC0de, RGiskardR and 2 others like this.
  7. Petrovic

    Petrovic Forum Addict Silver Member

Share This Page