McAfee GetSusp is intended for users who suspect undetected malware on their system. By using a combination of clever heuristics and querying McAfee's online database of known clean files to gather suspicious files, GetSusp eliminates the user's need for deep technical knowledge of computer systems to isolate undetected malware. McAfee GetSusp is recommended as a tool of first choice when analyzing a suspect machine.

Download GetSusp GetSusp Community


For a list of Frequently Asked Questions on GetSusp, see article KB 69385.



  • Delivered as a single executable file with no installation required
  • Option to run in several modes—GUI, command line and ePO mode
  • Scans URLs, Documents, PDFs in GUI mode
  • Option to select files before submitting to McAfee in GUI mode
  • Leverages GTI File Reputation to determine if the sample is suspicious
  • Records system and installed McAfee product information date of execution and details of suspected files
  • GetSusp supports Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2016 and Windows 7, 8, 8.1, 10 (up to RS6), 19H1, 19H2, 20H1, 20H2, 21H1, 21H2.

How to use McAfee GetSusp

  1. Download the latest version of GetSusp. When prompted, choose to save the executable file to a convenient location on your hard disk. We recommend creating a folder specifically for GetSusp.
  2. Once downloaded, launch the GetSusp.exe file.

  3. The McAfee GetSusp Interface will be displayed.

    Interface screen shot

  4. If necessary, click the preferences to specify your email address to receive an acknowledgement from McAfee Labs for sample submissions. By default, suspicious files are submitted to McAfee Labs in online mode.

    Preferences screen shot

  5. Click the Scan Now button to begin scanning the system. A EULA is prompted for user acceptance every time a scan is initiated. The license agreement must be accepted in order to proceed.

    License Agreement screenshott

  6. A typical GetSusp system scan takes around three to five minutes. A summary is provided at the end of the scan, and the scan report is launched.
Scan results screen shot
Screen results unchecked screen shot
  1. Visit the McAfee malware community site or contact McAfee technical support for help in troubleshooting your machine or removing malware.
Trellix Logo

You're exiting McAfee Enterprise.

Please pardon our appearance as we transition from McAfee Enterprise to Trellix.

Exciting changes are in the works.
We look forward to discussing your enterprise security needs.

You will be redirected in 0 seconds. If not, please click here to continue

McAfee Logo