McAfee GetSusp: sniff out undetected malware
McAfee GetSusp is a free program for Microsoft Windows devices designed to sniff out malware that resident security solutions did not detect.
The program is not new, it was last updated in 2013, but uses McAfee's Global Threat Intelligence (GTI) File Reputation database, to determine whether a file is suspicious.
Word of warning: the program will submit files to McAfee by default for analysis according to the terms of service that you need to accept not only before download but also before you run the program.
While that may not be a problem for most home users, as the program concentrates on executable files, it will likely be one for privacy conscious users and businesses.
The main issue with the approach is that you don't get a say during the scanning. It would be user friendly if the program would display prompts for any file that it plans to transfer to the service for further analysis. That's however not the case.
The application itself is portable, and one of those click a button and wait until the scan completes type of programs that gives you little options or control over the process.
You may disable the submission of results to McAfee and the reporting of all scanned files, but that is about it.
Simply click on the preferences icon in the program interface to make those changes.
McAfee GetSusp found quite a few suspicious files on the test computer system; a total of 41 to be precise. The list included several Google Chrome dll and executable files, Veeam EndPoint files, the main Private Internet Access application, and several downloaded programs such as AutoHotKey.
The program leaves you alone after listing what it considers suspicious files, and it is up to you to make sure the files are clean.
This cannot be done from within the program unfortunately which means that you will have to go through the listing one by one, and either scan each file with third-party security software, or an online service like Virustotal.
Obviously, you may be able to refute certain claims right away.
So how useful is McAfee GetSusp. I'd say it is not overly useful. You may get much better results by downloading and running second opinion scanners like Malwarebytes Anti-Malware, Bitdefender QuickScan, Dr.Web CureIt, or any of the other programs designed specifically for that purpose.
The results are likely better, and you get options to do something about them right away as well.
Also, some second opinion scanners don't require an Internet connection at all to scan the system which will please anyone who does not want data to be transferred to remote Internet servers without having a say in the matter.
GetSusp, all in all, is a rather weak program, and that is probably one reason why it was not updated by Intel Security in well over three years.
McAfee testing results from AV-Compartives have been mediocre recently, so this stand-alone scanner would likely show similar – even inferior – results. Excellent review. You would think that Intel, which now owns McAfee would want to make their products world-class! They have a long way to go…
I lost my previous great interest in AV, detection rates and so on… But:
are still lying in some USB.
Also, ClamAV is free.
It seems Getsusp was abandoned in favor of Raptor as they state on the dormant Getsusp community forum.
A tool a lot more capable in terms of classifying and with real time and removing capabilities is Crystal Security.
Yes, Crystal Security is shaping up to be a very good anti-malware tool. Amazing that it can run in ‘portable’ mode and still offer real time protection.
McAfee. No thanks.
Now Part of INTEL(C) ;]
I’m using Windows Defender, and I think he’s doing a good job. I don’t need another.
I think the Closing Words section should have been at the top of this article so not so much time is wasted reading the whole thing.
Martin – you’re not understanding the point of Getsusp – it’s not designed to find malware, it’s designed to identify executable files not specifically black/whitelisted.
Getsusp is a helpdesk tool designed to collect information from systems and report either hashes or full samples – it’s designed for corporate users who are often the targets of zero day malware, and who often have their own custom “goodware” which may be incorrectly identified as suspicious.
If you want to scan for malware, There’s another free tool – Stinger – http://www.mcafee.com/us/downloads/free-tools/stinger.aspx
Thank you for explaining the true purpose of Getsusp. Not sure what the merit is of reviewing a product that’s not been updated for 3 years!
I’ve looked at Stinger before and found it to be a useful second-opinion scanner. The new ‘Real Protect” feature looks to be an interesting development, I will definitely check it out.
If GetSusp is run on itself, will it show a positive?
I’ve disliked McAfee AV (due to its deservedly bad reputation) for years and am surprised that Intel hasn’t flushed that trademark yet. John McAfee’s lawsuit to regain the use of his own name may accelerate that :-).
Intel has bought and trashed many products over the years. Hopefully this line will die a similar death.
You’re so kind Mike – I, and my 7000+ fellow “McAfee” colleagues appreciate your view of our work.
Getsusp scans an entire machine, including itself – I very much doubt it would report itself as unknown, I have to ask though in the words of Adam Savage, did you post your comment to add to the conversation, or so that you have added to the conversation?