McAfee GetSusp: sniff out undetected malware
McAfee GetSusp is a free program for Microsoft Windows devices designed to sniff out malware that resident security solutions did not detect.
The program is not new, it was last updated in 2013, but uses McAfee's Global Threat Intelligence (GTI) File Reputation database, to determine whether a file is suspicious.
Word of warning: the program will submit files to McAfee by default for analysis according to the terms of service that you need to accept not only before download but also before you run the program.
While that may not be a problem for most home users, as the program concentrates on executable files, it will likely be one for privacy conscious users and businesses.
The main issue with the approach is that you don't get a say during the scanning. It would be user friendly if the program would display prompts for any file that it plans to transfer to the service for further analysis. That's however not the case.
The application itself is portable, and one of those click a button and wait until the scan completes type of programs that gives you little options or control over the process.
You may disable the submission of results to McAfee and the reporting of all scanned files, but that is about it.
Simply click on the preferences icon in the program interface to make those changes.
McAfee GetSusp found quite a few suspicious files on the test computer system; a total of 41 to be precise. The list included several Google Chrome dll and executable files, Veeam EndPoint files, the main Private Internet Access application, and several downloaded programs such as AutoHotKey.
The program leaves you alone after listing what it considers suspicious files, and it is up to you to make sure the files are clean.
This cannot be done from within the program unfortunately which means that you will have to go through the listing one by one, and either scan each file with third-party security software, or an online service like Virustotal.
Obviously, you may be able to refute certain claims right away.
So how useful is McAfee GetSusp. I'd say it is not overly useful. You may get much better results by downloading and running second opinion scanners like Malwarebytes Anti-Malware, Bitdefender QuickScan, Dr.Web CureIt, or any of the other programs designed specifically for that purpose.
The results are likely better, and you get options to do something about them right away as well.
Also, some second opinion scanners don't require an Internet connection at all to scan the system which will please anyone who does not want data to be transferred to remote Internet servers without having a say in the matter.
GetSusp, all in all, is a rather weak program, and that is probably one reason why it was not updated by Intel Security in well over three years.Advertisement