Loading...

Knowledge Center


Utilities used for troubleshooting
Technical Articles ID:  KB72766
Last Modified:  02/12/2014
Rated:


Environment

McAfee Multiple Products

Summary

This article provides information on McAfee and third-party utilities that are frequently used while diagnosing issues, assessing vulnerabilities, and performing other security-related functions. This article contains an explanation of the utilities, download locations, and links to documentation where available.


Contents

Utilities

Related information
 

7-Zip
7-Zip is a utility for file compression, file sharing, file encryption, and data backup. Several operating systems are supported.
 
Website http://www.7-zip.org/
Documentation/Instructions   http://www.7-zip.org/faq.html
Download http://www.7-zip.org/download.html
 

ADPlus
ADPlus is a tool from Microsoft Product Support Services (PSS) that can troubleshoot any process or application that stops responding (hangs) or fails (crashes).
 
Website http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx
Documentation/Instructions   http://support.microsoft.com/kb/286350
Download http://msdn.microsoft.com/en-us/windows/hardware/hh852363


Autoruns
This utility shows you what programs are configured to run during computer start-up and logon, and shows you the entries in the order Windows processes them. These programs include ones in your Startup folder, Run, RunOnce, and other Registry keys.
 
Website http://technet.microsoft.com/en-us/sysinternals/bb963902
Documentation/Instructions   http://technet.microsoft.com/en-us/sysinternals/bb963902
Download http://technet.microsoft.com/en-us/sysinternals/bb963902
 
EICAR

EICAR is a standard test file for anti-malware products. For information on how to obtain and use EICAR, see KB59742.


 
Website http://www.eicar.org
Documentation/Instructions   http://www.eicar.org/86-0-Intended-use.html
Download http://www.eicar.org/85-0-Download.html
 

Fiddler
This is a web debugger that allows you to capture HTTP(s) traffic on any system or platform.

Website
http://fiddler2.com/
Documentation/Instructions  
http://fiddler2.com/get-fiddler
Download
http://fiddler2.com/get-fiddler

Back to contents


Fport
Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the netstat -an command, but it also maps those ports to running processes with the PID, process name, and path. 
 
Website http://www.mcafee.com/us/downloads/free-tools/fport.aspx
Documentation/Instructions   See Downloaded files
Download http://www.mcafee.com/us/downloads/free-tools/fport.aspx
Downloaded files



 
Fport.exe                  md5: dbb75488aa2fa22ba6950aead1ef30d5
readme.txt                contains basic usage instructions

Change the file name for fport.exe to any other name. This will trigger detection on the file when you scan or run it.


GMER
GMER is a utility that detects and removes rootkits. It scans for: hidden processes, hidden threads, hidden modules, hidden services, hidden files, hidden disk, sectors (MBR), hidden Alternate Data Streams, hidden registry keys, drivers hooking SSDT, drivers hooking IDT, drivers hooking IRP calls, and inline hooks.
 
Website http://www.gmer.net/                                
Documentation/Instructions   http://www.gmer.net/#faq
Download       http://www.gmer.net/#files



IceSword
The IceSword utility shows hidden processes and resources using a Windows Explorer-like interface.
 
Website http://www.softpedia.com/progDownload/IceSword-Download-79326.html
Documentation/Instructions   http://www.softpedia.com/progDownload/IceSword-Download-79326.html
Download (version 1.22) http://www.softpedia.com/progDownload/IceSword-Download-79326.html

IMPORTANT:
Ensure that you use this utility only for logging purposes, and use McAfee products only for cleaning/deleting infected files.


ProcDump
The primary purpose of the ProcDump command line utility is to monitor an application for CPU spikes and generate crash dumps during a spike. As an administrator or developer you can use these dumps to determine the cause of the spike.

ProcDump also includes unresponsive Window monitoring (using the same definition that Windows and Task Manager use) and unhandled exception monitoring, and can generate dumps based on the values of system performance counters. ProcDump can also serve as a general process dump utility that you can embed in other scripts.
 
Website http://technet.microsoft.com/en-us/sysinternals/dd996900
Documentation/Instructions  
Refer to the website link above.
Download
Refer to the website link above.

Back to contents



Process Explorer
Process Explorer shows which handles and DLLs processes are opened or loaded. It helps track down DLL-version problems and handle leaks.
 
Website
Documentation/Instructions  
Refer to the website link above.
Download
Refer to the website link above.


Process Monitor
Process Monitor (ProcMon) is a monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity. ProcMon combines and replaces the features of legacy utilities Filemon and Regmon.

Website 
Documentation/Instructions  
Download

Back to contents



RootkitRevealer
RootkitRevealer is an advanced rootkit detection utility. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish, and HackerDefender.
 
Website http://technet.microsoft.com/en-us/sysinternals/bb897445
Documentation/Instructions  
Refer to the website link above.
Download
Refer to the website link above.

IMPORTANT: 
RootkitRevealer is not intended to detect rootkits that do not attempt to hide their files or registry keys.


RootRepeal
RootRepeal is a new rootkit detection utility.
 
Website http://sites.google.com/site/rootrepeal
Documentation/Instructions  
Refer to the website link above.
Download http://ad13.geekstogo.com/RootRepeal.rar

IMPORTANT: 
RootkitRevealer is not intended to detect rootkits that do not attempt to hide their files or registry keys.

Back to contents


Stinger
McAfee Stinger is a standalone, lightweight utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users dealing with an infected system.

Website
Documentation/Instructions  
Refer to the website link above.
Download
Refer to the website link above.


TCPdump
TCPdump is a common packet analyzer that runs from the command line. It allows you to intercept and display TCP/IP and other packets transmitted or received over a network.

Website
Documentation/Instructions  
Download

Back to contents


TCPview
TCPView (for Windows) is a Microsoft program that provides detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.

On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a better subset of the Microsoft Windows Netstat program.

The TCPView download includes Tcpvcon, a command-line version with the same functionality.

Website
Documentation/Instructions
Windows Netstat instructions  
Download
Refer to the website link above.


Vision
Vision allows you to access a large amount of supplementary information that is useful for determining host status. It displays detailed system information, applications running, and processes and ports in use, stating what port a process is using.

Website
Documentation/Instructions  
Refer to the website link above.
Download
Refer to the website link above.

Back to contents


WinPcap
WinPcap is a link-layer network access tool for Windows environments. It allows applications to capture and transmit network packets bypassing the protocol stack, and has additional features, including kernel-level packet filtering, a network statistics engine, and support for remote packet capture.
 
Website
Documentation/Instructions  
Download


WinRAR
WinRAR is a utility for file compression, file sharing, file encryption, and data backup. Several operating systems are supported.

Website
Documentation/Instructions  
Download

Back to contents



WinZip
WinZip is a utility for file compression, file sharing, file encryption, and data backup. Several operating systems are supported.

Website
Documentation/Instructions  
Download


Wireshark
Wireshark is a third-party network protocol analyzer that lets you capture and interactively browse running traffic on a computer network. It is available for free as open source, and is released under the GNU General Public License version 2. Wireshark was formerly known as Ethereal. 

Website
Documentation/Instructions  
Download

Back to contents

Rate this document

Did this article resolve your issue?

Please provide any comments below

Affected Products


Troubleshooting

Glossary of Technical Terms


Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.
United States - English
© 2003-2013 McAfee, Inc.