Submit a Virus or Malware Sample

How to Submit Virus or Malware Samples to McAfee Labs

When submitting a sample to McAfee Labs for review, you may use one of three delivery methods:

  • McAfee Service Portal
    This is the preferred method for McAfee Labs to receive submissions from all McAfee Customers. When you use this method we can process and respond to samples more rapidly. You’ll find instructions for using the McAfee Service Portal under McAfee KnowledgeBase ID KB68030.
  • GetSusp
    Download the GetSusp utility to submit samples. McAfee recommends that you use GetSusp as a first tool of choice when you analyze a suspect computer. For full details see KB69385. Even if you do not have a valid Grant Number, GetSusp allows you to submit samples to McAfee.
  • Email
    You may submit samples directly to McAfee Labs by attaching the file(s) in an email to When submitting samples via email, you must archive them in a password-protected Zip file with the password “infected” (all lowercase). For instructions on how to create a Zip file and password protect it, see these articles: Using WinZip


Submission Information

To help us speed the sample review process, please provide the following information along with your sample:

  • A list of all files contained in the sample submission, including a brief description of where or how you found them
  • What symptoms cause you to suspect that the sample is malicious
  • Whether any security products find a virus (tell us the security vendor, its product name, the version number, and the virus name assigned to the sample)
  • Your McAfee product information (product name, engine, and .DAT version)
  • Any system details that may be relevant, including operating system and service packs


Finding Samples to Submit

McAfee KnowledgeBase Article KB53094 can assist customers in finding malicious samples on their systems.


What Not to Submit

Please do not send screenshots, anti-virus or HijackThis logs, or prefetch files through McAfee Service Portal or email. Send only the suspected malicious files.