GetSusp

How to use GetSusp

Trellix GetSusp eliminates the need for deep technical knowledge of computer systems to isolate undetected malware. It does this by using a combination of heuristics and querying the Trellix Global Threat Intelligence (GTI) File Reputation database to gather suspicious files.

GetSusp is recommended as a first tool of choice when analyzing a suspect computer. However, one must follow the existing Trellix support process for escalating suspicious files it finds.

GetSusp includes the following features:

• Delivered as a single executable file with no installation required
• Option to run in several modes—GUI, command line and ePO mode
• Scans URLs, Documents, PDFs in GUI mode
• Option to select files before submitting to Trellix in GUI mode
• Leverages GTI File Reputation to determine if the sample is suspicious
• Records system and installed Trellix product information date of execution and details of suspected files
• GetSusp supports Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2016 and Windows 7, 8, 8.1, 10 (up to RS6), 19H1, 19H2, 20H1, 20H2, 21H1, 21H2 and Windows 11.
  

1. Download the latest version of GetSusp. When prompted, choose to save the executable file to a convenient location on your hard disk. We recommend creating a folder specifically for GetSusp. file.

   Download GetSusp (32-bit) Download GetSusp (64-bit)

   The build below is for Trellix ePO administrators.

   Download GetSusp-ePO (32-bit) Download GetSusp-ePO (64-bit) Download Extension Reports
2. Once downloaded, launch the GetSusp.exe.
   
3. The Trellix GetSusp Interface will be displayed
   
   

For a list of Frequently Asked Questions on GetSusp, see article KB 69385.