Trellix Stinger utilizes next-generation scan technology, including rootkit scanning, and scan performance optimizations. It detects and removes threats identified under the "Threat List" option under Advanced menu options in the Stinger application. Stinger now detects and removes GameOver Zeus and CryptoLocker.
To use Trellix Stinger:
Builds below are for ePO administrators and 64-bit systems.
Q: I know I have a virus, but Stinger did not detect one. Why is this?
A: Stinger is not a substitute for a full anti-virus scanner. It is only designed to detect and remove specific threats.
Q: Stinger found a virus that it couldn't repair. Why is this?
A: This is most likely due to Windows System Restore functionality having a lock on the infected file. Windows/XP/Vista/7 users should disable system restore prior to scanning.
Q: Where is the scan log saved and how can I view them?
A: By default the log file is saved from where Stinger.exe is run. Within Stinger, navigate to the log TAB and the logs are displayed as list with time stamp, clicking on the log file name opens the file in the HTML format.
Q: Where are the Quarantine files stored?
A: The quarantine files are stored under C:\Quarantine\Stinger.
Q: What is the "Threat List" option under Advanced menu used for?
A: The Threat List provides a list of malware that Stinger is configured to detect. This list does not contain the results from running a scan.
Q: Are there any command-line parameters available when running Stinger?
A: Yes, the command-line parameters are displayed by going to the help menu within Stinger.
Q: I ran Stinger and now have a Stinger.opt file, what is that?
A: When Stinger runs it creates the Stinger.opt file that saves the current Stinger configuration. When you run Stinger the next time, your previous configuration is used as long as the Stinger.opt file is in the same directory as Stinger.
Q: Stinger updated components of VirusScan. Is this expected behavior?
A: When the Rootkit scanning option is selected within Stinger preferences – VSCore files (mfehidk.sys & mferkdet.sys) on a Trellix endpoint will be updated to 22.x. These files are installed only if newer than what's on the system and is needed to scan for today’s generation of newer rootkits. If the rootkit scanning option is disabled within Stinger – the VSCore update will not occur.
Q: Does Stinger perform rootkit scanning when deployed via ePO?
A: We’ve disabled rootkit scanning in the Stinger-ePO package to limit the auto update of VSCore components when an admin deploys Stinger to thousands of machines. To enable rootkit scanning in ePO mode, please use the following parameters while checking in the Stinger package in ePO:
For detailed instructions, please refer to KB 77981
Q: What versions of Windows are supported by Stinger?
A: Windows 2008 R2, 7, 8, 10, 2012, 2016, RS1, RS2, RS3, RS4, RS5, 19H1, 19H2, 20H1, 20H2, 21H1. In addition, Stinger requires the machine to have Internet Explorer 8 or above.
Q: What are the requirements for Stinger to execute in a Win PE environment?
A: While creating a custom Windows PE image, add support for HTML Application components using the instructions provided in this walkthrough.
Q: How can I get support for Stinger?
A: Stinger is not a supported application. Trellix Labs makes no guarantees about this product.
Q: How can I add custom detections to Stinger?
A: Stinger has the option where a user can input upto 1000 MD5 hashes as a custom blacklist. During a system scan, if any files match the custom blacklisted hashes - the files will get detected and deleted. This feature is provided to help power users who have isolated a malware sample(s) for which no detection is available yet in the DAT files or GTI File Reputation. To leverage this feature:
Businesses have too much to lose if they don't prioritize security at every entry level. With more date to protect and cyberthreats eveolving, everyone must play a part in creating a culture of security. Let our Free Tools help implement a 'security-first' mindset across your entire company
Need a little more protectionfor your business?Explore the Trellix Platform