20 Oct How to Use Stinger
It’s not a substitute for full antivirus protection, however, a specialized instrument to assist administrators and users when dealing with infected system.
McAfee Stinger now finds and eliminates GameOver Zeus and CryptoLocker.
How can you use Stinger?
- Download the latest version of Stinger.
- Once prompted, choose to save the file to a suitable location on your hard diskdrive, such as the Desktop folder.
- When the downloading is complete, browse to the folder which includes the downloaded Stinger document, and execute it. If necessary, click on the”Customize my scanning” link to add extra drives/directories for your scan.
- Stinger has the capacity to scan goals of Rootkits, which isn’t allowed by default.
- Click the Scan button to begin scanning the specified drives/directories.
- By default, Stinger will repair any infected files that it finds.
- Stinger leverages GTI File Reputation and runs network heuristics at Moderate level by default. If you select”High” or”Very High,” McAfee Labs recommends that you set the”On threat detection” activity to”Report” just for the first scan.
To Find out More about GTI File Reputation watch the following KB articles
KB 53735 – FAQs for Worldwide Threat Intelligence File Reputation
KB 60224 – The best way to verify that GTI File Reputation is set up properly
KB 65525 – Identification of generically detected malware (International Threat Intelligence detections)
Frequently Asked Questions
Q: I understand I have a virus, but Stinger did not find one.read about it mcafee download from Our Articles Why is this?
An: Stinger is not a replacement for a full anti-virus scanner. It’s simply supposed to find and remove certain threats.
Q: Stinger discovered a virus it couldn’t repair. Why is this?
A: This is most likely because of Windows System Restore performance having a lock on the infected document. Windows/XP/Vista/7 consumers should disable system restore prior to scanning.
Q: how Where’s the scanning log stored and how do I see them?
Inside Stinger, navigate to the log TAB and the logs have been displayed as list of time stamp, clicking on the log file name opens the file in the HTML format.
Q: How Where are the Quarantine files saved?
A: The quarantine documents are saved under C:\Quarantine\Stinger.
Q: What is your”Threat List” option under Advanced menu utilized for?
A: The Threat List provides a list of malware that Stinger has been configured to detect. This listing doesn’t include the results from running a scan.
Q: Why Are there any command-line parameters accessible when running Stinger?
A: Yes, the command-line parameters have been displayed by going to the help menu within Stinger.
Q: I conducted Stinger and now have a Stinger.opt file, what’s that?
A: When Stinger conducts it generates the Stinger.opt record that saves the recent Stinger configuration. After you conduct Stinger the second time, your previous configuration is employed as long as the Stinger.opt file is in precisely the identical directory as Stinger.
Is this expected behaviour?
A: whenever the Rootkit scanning option is chosen within Stinger tastes — VSCore documents (mfehidk.sys & mferkdet.sys) on a McAfee endpoint will be updated to 15.x. These files are installed only if newer than what’s on the machine and is needed to scan for the current creation of newer rootkits. If the rootkit scanning option is disabled within Stinger — the VSCore update won’t happen.
Q: How Does Stinger work rootkit scanning when installed via ePO?
A: We’ve disabled rootkit scanning at the Stinger-ePO package to set a limit on the auto update of VSCore components once an admin deploys Stinger to thousands of machines. To enable rootkit scanning in ePO style, please use these parameters while checking in the Stinger package in ePO:
For detailed instructions, please refer to KB 77981
Q: How What versions of Windows are supported by Stinger?
A: Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7, 8, 10, 2012, 2016, RS1, RS2, RS3, RS4, RS5, 19H1, 19H2. Moreover, Stinger requires the machine to get Web Explorer 8 or over.
Q: What are the requirements for Stinger to execute at a Win PE environment?
A: when creating a custom Windows PE picture, add support to HTML Application components utilizing the instructions offered in this walkthrough.
Q: How How do I obtain hold for Stinger?
An: Stinger isn’t a supported application. McAfee Labs makes no guarantees concerning this product.
Q: how How do I add custom made detections into Stinger?
A: Stinger has the choice where a user can enter upto 1000 MD5 hashes as a custom made blacklist. Throughout a system scan, if any files fit the habit blacklisted hashes – the files will get deleted and detected. This feature is provided to assist power users who have isolated a malware sample(s) that no detection can be found yet in the DAT documents or GTI File Reputation. To leverage this attribute:
- In the Stinger port goto the Advanced –> Blacklist tab.
- Input MD5 hashes to be detected either through the Input Signal Hash button or click the Load hash List button to point to a text file containing MD5 hashes to be contained in the scanning. SHA1, SHA 256 or other hash types are jobless.
- During a scan, files which match the hash will have a detection title of Stinger! . Total dat repair is used on the file.
- Documents which are digitally signed with a valid certificate or people hashes that are already marked as clean in GTI File Reputation won’t be detected as part of their customized blacklist. This is a security feature to prevent users from accidentally deleting files.
Q: How How do run Stinger with no Real Protect component getting installed?
A: The Stinger-ePO bundle does not fulfill Actual Protect. In order to conduct Stinger with no Real Protect becoming installed, execute Stinger.exe –ePO