Utilities used for troubleshooting
技术文章 ID:
KB72766
上次修改时间: 5/15/2017
上次修改时间: 5/15/2017
环境
McAfee Multiple Products
摘要
This article provides information on McAfee and third-party utilities that are frequently used while diagnosing issues, assessing vulnerabilities, and performing other security-related functions. This article contains an explanation of the utilities, download locations, and links to documentation where available.
Contents
Utilities
Related information
7-Zip
7-Zip is a utility for file compression, file sharing, file encryption, and data backup. Several operating systems are supported.
ADPlus
ADPlus is a tool from Microsoft Product Support Services (PSS) that can troubleshoot any process or application that stops responding (hangs) or fails (crashes).
Fiddler
This is a web debugger that allows you to capture HTTP(s) traffic on any system or platform.
Back to contents
IMPORTANT: Ensure that you use this utility only for logging purposes, and use McAfee products only for cleaning/deleting infected files.
ProcDump
The primary purpose of the ProcDump command line utility is to monitor an application for CPU spikes and generate crash dumps during a spike. As an administrator or developer you can use these dumps to determine the cause of the spike.
ProcDump also includes unresponsive Window monitoring (using the same definition that Windows and Task Manager use) and unhandled exception monitoring, and can generate dumps based on the values of system performance counters. ProcDump can also serve as a general process dump utility that you can embed in other scripts.
Back to contents
Process Explorer
Process Explorer shows which handles and DLLs processes are opened or loaded. It helps track down DLL-version problems and handle leaks.
Process Monitor
Process Monitor (ProcMon) is a monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity. ProcMon combines and replaces the features of legacy utilities Filemon and Regmon.
Back to contents
RootkitRevealer
RootkitRevealer is an advanced rootkit detection utility. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish, and HackerDefender.
IMPORTANT: RootkitRevealer is not intended to detect rootkits that do not attempt to hide their files or registry keys.
RootRepeal
RootRepeal is a new rootkit detection utility.
IMPORTANT: RootkitRevealer is not intended to detect rootkits that do not attempt to hide their files or registry keys.
Back to contents
Stinger
McAfee Stinger is a standalone, lightweight utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users dealing with an infected system.
TCPdump
TCPdump is a common packet analyzer that runs from the command line. It allows you to intercept and display TCP/IP and other packets transmitted or received over a network.
Vision
Vision allows you to access a large amount of supplementary information that is useful for determining host status. It displays detailed system information, applications running, and processes and ports in use, stating what port a process is using.
Back to contents
Windows Steps Recorder
Steps Recorder helps troubleshoot problems by capturing screenshots and saving them to a single file that you can send to Technical Support for diagnosis.
WinPcap
WinPcap is a link-layer network access tool for Windows environments. It allows applications to capture and transmit network packets bypassing the protocol stack, and has additional features, including kernel-level packet filtering, a network statistics engine, and support for remote packet capture.
WinRAR
WinRAR is a utility for file compression, file sharing, file encryption, and data backup. Several operating systems are supported.
Back to contents
Back to contents
Contents
Utilities
7-Zip
ADPlus
Autoruns
EICAR
Fiddler
Fport
GMER
IceSword
ProcDump
Process Explorer
Process Monitor
RootkitRevealer
RootRepeal
Stinger
TCPdump
TCPview
Vision
Windows Steps Recorder
WinPcap
WinRAR
WinZip
Wireshark
ADPlus
Autoruns
EICAR
Fiddler
Fport
GMER
IceSword
ProcDump
Process Explorer
Process Monitor
RootkitRevealer
RootRepeal
Stinger
TCPdump
TCPview
Vision
Windows Steps Recorder
WinPcap
WinRAR
WinZip
Wireshark
Related information
7-Zip
7-Zip is a utility for file compression, file sharing, file encryption, and data backup. Several operating systems are supported.
| Website | http://www.7-zip.org/ |
| Documentation/Instructions | http://www.7-zip.org/faq.html |
| Download | http://www.7-zip.org/download.html |
ADPlus
ADPlus is a tool from Microsoft Product Support Services (PSS) that can troubleshoot any process or application that stops responding (hangs) or fails (crashes).
| Website | http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx |
| Documentation/Instructions | http://support.microsoft.com/kb/286350 |
| Download | http://msdn.microsoft.com/en-us/windows/hardware/hh852363 |
Autoruns
This utility shows you what programs are configured to run during computer start-up and logon, and shows you the entries in the order Windows processes them. These programs include ones in your Startup folder, Run, RunOnce, and other Registry keys.
This utility shows you what programs are configured to run during computer start-up and logon, and shows you the entries in the order Windows processes them. These programs include ones in your Startup folder, Run, RunOnce, and other Registry keys.
| Website | http://technet.microsoft.com/en-us/sysinternals/bb963902 |
| Documentation/Instructions | http://technet.microsoft.com/en-us/sysinternals/bb963902 |
| Download | http://technet.microsoft.com/en-us/sysinternals/bb963902 |
EICAR
EICAR is a standard test file for anti-malware products. For information about how to obtain and use EICAR, see KB59742.
| Website | http://www.eicar.org |
| Documentation/Instructions | http://www.eicar.org/86-0-Intended-use.html |
| Download | http://www.eicar.org/85-0-Download.html |
Fiddler
This is a web debugger that allows you to capture HTTP(s) traffic on any system or platform.
|
Website
|
http://fiddler2.com/ |
|
Documentation/Instructions
|
http://fiddler2.com/get-fiddler |
|
Download
|
http://fiddler2.com/get-fiddler |
Back to contents
Fport
Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the netstat -an command, but it also maps those ports to running processes with the PID, process name, and path.
Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the netstat -an command, but it also maps those ports to running processes with the PID, process name, and path.
| Website | http://www.mcafee.com/us/downloads/free-tools/fport.aspx |
| Documentation/Instructions | See Downloaded files |
| Download | http://www.mcafee.com/us/downloads/free-tools/fport.aspx |
| Downloaded files |
Fport.exe md5: dbb75488aa2fa22ba6950aead1ef30d5 readme.txt contains basic usage instructions Change the file name for fport.exe to any other name. This will trigger detection on the file when you scan or run it. |
GMER
GMER is a utility that detects and removes rootkits. It scans for: hidden processes, hidden threads, hidden modules, hidden services, hidden files, hidden disk, sectors (MBR), hidden Alternate Data Streams, hidden registry keys, drivers hooking SSDT, drivers hooking IDT, drivers hooking IRP calls, and inline hooks.
GMER is a utility that detects and removes rootkits. It scans for: hidden processes, hidden threads, hidden modules, hidden services, hidden files, hidden disk, sectors (MBR), hidden Alternate Data Streams, hidden registry keys, drivers hooking SSDT, drivers hooking IDT, drivers hooking IRP calls, and inline hooks.
| Website | http://www.gmer.net/ |
| Documentation/Instructions | http://www.gmer.net/#faq |
| Download | http://www.gmer.net/#files |
IceSword
The IceSword utility shows hidden processes and resources using a Windows Explorer-like interface.
The IceSword utility shows hidden processes and resources using a Windows Explorer-like interface.
| Website | http://www.softpedia.com/progDownload/IceSword-Download-79326.html |
| Documentation/Instructions | http://www.softpedia.com/progDownload/IceSword-Download-79326.html |
| Download (version 1.22) | http://www.softpedia.com/progDownload/IceSword-Download-79326.html |
IMPORTANT: Ensure that you use this utility only for logging purposes, and use McAfee products only for cleaning/deleting infected files.
ProcDump
The primary purpose of the ProcDump command line utility is to monitor an application for CPU spikes and generate crash dumps during a spike. As an administrator or developer you can use these dumps to determine the cause of the spike.
ProcDump also includes unresponsive Window monitoring (using the same definition that Windows and Task Manager use) and unhandled exception monitoring, and can generate dumps based on the values of system performance counters. ProcDump can also serve as a general process dump utility that you can embed in other scripts.
| Website | http://technet.microsoft.com/en-us/sysinternals/dd996900 |
| Documentation/Instructions |
Refer to the website link above.
|
| Download |
Refer to the website link above.
|
Back to contents
Process Explorer
Process Explorer shows which handles and DLLs processes are opened or loaded. It helps track down DLL-version problems and handle leaks.
|
Website
|
|
|
Documentation/Instructions
|
Refer to the website link above.
|
|
Download
|
Refer to the website link above.
|
Process Monitor
Process Monitor (ProcMon) is a monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity. ProcMon combines and replaces the features of legacy utilities Filemon and Regmon.
|
Website
|
|
|
Documentation/Instructions
|
|
|
Download
|
Back to contents
RootkitRevealer
RootkitRevealer is an advanced rootkit detection utility. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish, and HackerDefender.
| Website | http://technet.microsoft.com/en-us/sysinternals/bb897445 |
| Documentation/Instructions |
Refer to the website link above.
|
| Download |
Refer to the website link above.
|
IMPORTANT: RootkitRevealer is not intended to detect rootkits that do not attempt to hide their files or registry keys.
RootRepeal
RootRepeal is a new rootkit detection utility.
| Website | http://sites.google.com/site/rootrepeal |
| Documentation/Instructions |
Refer to the website link above.
|
| Download | http://ad13.geekstogo.com/RootRepeal.rar |
IMPORTANT: RootkitRevealer is not intended to detect rootkits that do not attempt to hide their files or registry keys.
Back to contents
Stinger
McAfee Stinger is a standalone, lightweight utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users dealing with an infected system.
|
Website
|
|
|
Documentation/Instructions
|
Refer to the website link above.
|
|
Download
|
Refer to the website link above.
|
TCPdump
TCPdump is a common packet analyzer that runs from the command line. It allows you to intercept and display TCP/IP and other packets transmitted or received over a network.
|
Website
|
|
|
Documentation/Instructions
|
|
|
Download
|
Back to contents
TCPview
TCPView (for Windows) is a Microsoft program that provides detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a better subset of the Microsoft Windows Netstat program.
The TCPView download includes Tcpvcon, a command-line version with the same functionality.
|
Website
|
|
|
Documentation/Instructions
Windows Netstat instructions |
|
|
Download
|
Refer to the website link above.
|
Vision
Vision allows you to access a large amount of supplementary information that is useful for determining host status. It displays detailed system information, applications running, and processes and ports in use, stating what port a process is using.
|
Website
|
|
|
Documentation/Instructions
|
Refer to the website link above.
|
|
Download
|
Refer to the website link above.
|
Back to contents
Windows Steps Recorder
Steps Recorder helps troubleshoot problems by capturing screenshots and saving them to a single file that you can send to Technical Support for diagnosis.
|
Website
|
|
|
Documentation/Instructions
|
WinPcap
WinPcap is a link-layer network access tool for Windows environments. It allows applications to capture and transmit network packets bypassing the protocol stack, and has additional features, including kernel-level packet filtering, a network statistics engine, and support for remote packet capture.
|
Website
|
|
|
Documentation/Instructions
|
|
|
Download
|
WinRAR
WinRAR is a utility for file compression, file sharing, file encryption, and data backup. Several operating systems are supported.
|
Website
|
|
|
Documentation/Instructions
|
|
|
Download
|
Back to contents
WinZip
WinZip is a utility for file compression, file sharing, file encryption, and data backup. Several operating systems are supported.
|
Website
|
|
|
Documentation/Instructions
|
|
|
Download
|
Wireshark
Wireshark is a third-party network protocol analyzer that lets you capture and interactively browse running traffic on a computer network. It is available for free as open source, and is released under the GNU General Public License version 2. Wireshark was formerly known as Ethereal.
|
Website
|
|
|
Documentation/Instructions
|
|
|
Download
|
Back to contents
相关信息
Main download sites
| McAfee Free Tools | http://www.mcafee.com/us/downloads/free-tools/index.aspx |
| Microsoft Windows Sysinternals | http://technet.microsoft.com/en-us/sysinternals/default |
