How to Utilize Stinger

  • 内容
  • 评论
  • 相关

It is not a substitute for full antivirus protection, but a specialized tool to assist administrators and users when dealing with infected system.

McAfee Stinger now detects and eliminates GameOver Zeus and CryptoLocker.

How do you use Stinger?
  • When prompted, choose to save the file to a suitable location on your hard diskdrive, such as your Desktop folder.
  • Once the downloading is complete, browse to the folder that includes the downloaded Stinger file, and run it.
  • The Stinger interface will be shown. If necessary, click the"Customize my scan" link to include additional drives/directories to your scan.
  • Stinger has the capability to scan goals of Rootkits, which is not allowed by default.
  • Click on the Scan button to begin scanning the given drives/directories.
  • By default, Stinger will repair any infected files that it finds.
  • Stinger Requires GTI File Reputation and runs system heuristics at Moderate level . If you select"High" or"Very High," McAfee Labs recommends you place the"On hazard detection" actions to"Report" just for the initial scan.

    To Find out More about GTI File Reputation view the following KB articles

    KB 53735 - FAQs for International Threat Intelligence File Reputation

    KB 60224 - How to verify that GTI File Reputation is installed correctly

    KB 65525 - Identification generically detected malware (Global Threat Intelligence detections)

  • Frequently Asked Questions

    Q: I know I have a virus, however, Stinger did not detect link website Why is this?
    An: Stinger isn't a replacement for an entire anti-virus scanner. It is only supposed to find and remove specific threats.

    Q: Stinger found a virus that it could not repair. What's this?
    A: This is most likely due to Windows System Restore performance having a lock to the infected document. Windows/XP/Vista/7 users must disable system restore prior to scanning.

    Q: how Where is the scanning log saved and how do I view them?
    A: By default the log file is stored in where Stinger.exe is conducted. Inside Stinger, browse to the log TAB along with the logs are displayed as list of the time stamp, clicking on the log file name opens the file in the HTML format.

    Q: How Which would be the Quarantine documents saved?
    A: The quarantine documents are saved under C:\Quarantine\Stinger.

    This list doesn't include the results from running a scan.

    Q: Why Are there any command-line parameters accessible when running Stinger?
    A: Yes, the command-line parameters are shown by going to the help menu in Stinger.

    Q: I conducted Stinger and finally have a Stinger.opt record, what is that?
    A: When Stinger conducts it generates the Stinger.opt file that saves the existing Stinger configuration. After you operate Stinger the second time, your previous configuration is used as long as the Stinger.opt file is in precisely the exact same directory as Stinger.

    Q: Stinger updated components of VirusScan. Is this expected behavior?
    A: When the Rootkit scanning alternative is chosen within Stinger tastes -- VSCore documents (mfehidk.sys & mferkdet.sys) on a McAfee endpoint will be updated to 15.x. These files are installed only if newer than what's about the machine and is required to scan for the current generation of newer rootkits. In case the rootkit scanning option is disabled inside Stinger -- that the VSCore update won't happen.

    Q: How Does Stinger work rootkit scanning when deployed through ePO?
    A: We have disabled rootkit scanning from the Stinger-ePO package to restrict the vehicle upgrade of VSCore components once an admin deploys Stinger to thousands of machines. To enable rootkit scanning in ePO style, please use these parameters while assessing in the Stinger bundle in ePO:

    --reportpath=%temp% --rootkit

    For detailed directions, please refer to KB 77981

    Q: How What versions of Windows are backed by Stinger?
    Furthermore, Stinger demands the machine to have Web Explorer 8 or above.

    Q: What are the requirements for Stinger to do at a Win PE surroundings?
    A: when developing a custom Windows PE picture, add support for HTML Application parts using the directions offered within this walkthrough.

    Q: How How do I obtain hold for Stinger?
    A: Stinger is not a supported program. McAfee Labs makes no warranties about this product.

    Q: How do I add customized detections into Stinger?
    A: Stinger gets the choice where a user can enter upto 1000 MD5 hashes as a customized blacklist. During a system scan, even if any files match the custom blacklisted hashes - the documents will get detected and deleted. This attribute is provided to help power users that have isolated a malware sample(s) that no detection can be found however in the DAT files or GTI File Reputation. To leverage this feature:

    1. From the Stinger interface goto the Advanced --> Blacklist tab. SHA1, SHA 256 or other hash kinds are unsupported.
    2. During a scan, files which fit the hash is going to have detection title of Stinger! . Full dat repair is used on the found file.
    3. Files that are digitally signed with a valid certification or those hashes that are marked as blank in GTI File Reputation won't be detected as part of the custom blacklist. This is a safety feature to prevent customers from accidentally deleting files.

    Q: How How can conduct Stinger without the Actual Protect component getting installed?
    A: The Stinger-ePO package doesn't fulfill Actual Protect. So as to run Stinger with no Real Protect getting installed, execute Stinger.exe --ePO




    电子邮件地址不会被公开。 必填项已用*标注