McAfee GetSusp--麦咖啡样本上报工具

显示全部楼层 · 发表于 2011-10-20 12:24:52

本帖最后由 storystory 于 2011-10-20 12:30 编辑

McAfee GetSusp is intended for users who suspect undetected malware on their system. By using a
combination of clever heuristics and querying McAfee's online database of known clean files to gather
suspicious files, GetSusp eliminates the user's need for deep technical knowledge of computer systems
to isolate undetected malware. McAfee GetSusp is recommended as a tool of first choice when
analyzing a suspect machine.

Features

• Delivered as a single executable file with no installation required.

• Option to run in different modes – GUI and command Line

• Can submit samples or only a MD5 list of the files to McAfee Labs for analysis.

• Ability to do Artemis & known file database lookups to determine if the sample is suspicious.

• Records system and installed McAfee product information date of run, environment variables
and details of all suspected files.

----

How to submit samples:

Dowdload: 点击（相关工具栏）

显示全部楼层 · 发表于 2011-10-20 13:14:30

这个工具是一直都有还是刚刚出炉？

显示全部楼层 · 发表于 2011-10-20 14:56:33

我一直都是发邮件到“Virus_Research@avertlabs.com”
样本压缩成zip格式，解压密码设定为“infected”

这样的好处是McAfee会有封邮件回复，如果该样本最后被确定为病毒文件，更会有第二封邮件回复给你

显示全部楼层 · 发表于 2011-10-20 18:55:02

学习了。。谢谢楼主

显示全部楼层 · 发表于 2011-10-20 20:01:03

墨池发表于 2011-10-20 13:14
这个工具是一直都有还是刚刚出炉？

不是很清楚，但似乎已经很久了.....只是很低调

显示全部楼层 · 发表于 2011-10-21 12:49:27

学习了啊····

[资讯] McAfee GetSusp--麦咖啡样本上报工具

本帖子中包含更多资源