Petrovic

Level 63
Verified
Trusted
Raptor BETA is a real-time behavior detection technology that monitors suspicious activity on an endpoint. Raptor leverages machine learning and automated, behavioral-based classification in the cloud to detect zero-day malware in real time.

Raptor BETA is available as a free tool and is also bundled with Stinger. McAfee plans to incorporate Raptor into future anti-malware products.

How Do You Use Raptor?

  • Download the latest version of Raptor
  • At the prompt, save the file to a location on your system.



  • Navigate to the folder that contains the downloaded Raptor file, and double-click raptor.exe.

  • The Raptor icon is displayed in your system tray.
  • Once installed, Raptor monitors and detects files exhibiting malicious behaviors on the endpoint. Click Clean to remove malicious executables and its traces from your system.
    Note: If you wish to remove the malicious files a later point of time, click Dismiss.

In the system tray, right-click the Raptor icon to perform these actions:

  • Start — Raptor starts monitoring system for malicious behaviors.
  • Stop — Raptor stops monitoring the system.
  • View Log — Displays detection details for malicious files found.
  • Quarantine — Creates backup of files that were repaired to restore if required.
  • About — Provides details about Raptor client and build version.
  • Remove Raptor — Uninstalls Raptor from an endpoint.
  • Exit — Quits Raptor program. Raptor will resume on the next system reboot.

Frequently Asked Questions

Q: How is Raptor different from Stinger?
A: Stinger is a standalone utility that uses signature files to detect and remove specific viruses. Raptor is a behavior detection technology that monitors suspicious activity to detect zero-day malware in real time.

Q: What are the requirements for Raptor?
A: Windows 7, 8, and 8.1 operating systems, and a working Internet connection.

Q: Where is the detection log saved and how can I view it?
A: The log file is saved under C:\Program Files\McAfee\Raptor. From the system tray, right-click the Raptor icon and select View Log to see log details.

Q: Where are the quarantine files stored?
A: The quarantine files are stored under C:\Program Files\McAfee\Raptor\RaptorQuarantine.

Q: If a user did not select Clean or Dismiss for a detection, what happens?
A: A user needs to respond within five minutes otherwise a default action of Dismiss is applied. There will be no trace of this detection except in the Raptor log file.

Q: Do I need to manually start Raptor after a system reboot?
A: Raptor automatically begins monitoring the system at boot.

Q: What is Raptor’s footprint on an endpoint?
A: Raptor install is approximately 1.5 MB and it takes up about 30MB of memory for monitoring the system.

Q: What user or system details are collected by Raptor?
A: Instead of sending the whole file, Raptor sends the behavioral trace of the file execution which is typically a few bytes of information. This is the minimum amount of information necessary for Raptor to determine the nature of the file. The behavioral trace information includes file name, file path, process ID, event, the OS version, and a randomly generated GUID of the machine.

Q: Is it possible for an administrator to view Raptor logs via McAfee ePO?
A: In the initial release, Raptor is being offered as a standalone tool. In future versions, Raptor can be deployed and managed from McAfee ePO, allowing administrators to view reports from a central console.

Q: How can I get support for Raptor?
A: Raptor is not a supported application. McAfee makes no guarantees about this product.

Q: Where can I send feedback to regarding Raptor?
A: Please provide your feedback via the McAfee Community Forum page for Raptor.

Q: How do I uninstall/remove Raptor from the system?
A: Right-click the Raptor icon running on the system tray and select the REMOVE Raptor option.
http://www.mcafee.com/us/downloads/free-tools/raptor.aspx
 
  • Like
Reactions: 14troy14 and yigido

Spawn

Administrator
Verified
Staff member
TWC: McAfee Raptor Beta Review - http://www.thewindowsclub.com/mcafee-raptor-windows

According to McAfee, Raptor leverages machine learning and behavioral based classification in the cloud to detect zero-day malware in real time. Right now, the tool is in Beta and available free, and also comes as a bundle with Stinger. McAfee plans to include Raptor into its future antimalware software.

The best things about McAfee Raptor is that you do not have to worry about regular definition updates. Once installed, McAfee Raptor lies in the Notification Area and keeps the system protected. A pop-up window will appear, if it identifies any malware, which you can clean by clicking on the Clean button.

You can also view the Quarantined items using the context menu that appears when you right-click on the system tray icon. You can then delete the items or restore them by selecting the item and clicking on delete or on restore.​

Important: McAfee Raptor, like McAfee Stinger installs the McAfee Validation Trust Protection Service, which is difficult to remove, even after the tool is uninstalled. You may want to run McAfee Consumer Products Removal tool to remove this service.

Does anyone currently use the McAfee Raptor Beta tool?
 
  • Like
Reactions: Parsh

Atlas147

Level 30
Verified
Content Creator
TWC: McAfee Raptor Beta Review - http://www.thewindowsclub.com/mcafee-raptor-windows

According to McAfee, Raptor leverages machine learning and behavioral based classification in the cloud to detect zero-day malware in real time. Right now, the tool is in Beta and available free, and also comes as a bundle with Stinger. McAfee plans to include Raptor into its future antimalware software.

Does anyone currently use the McAfee Raptor Beta tool?
Seems to be in development for a long time now, haven't heard much about it since this post came up...
 

OokamiCreed

Level 18
Verified
Trusted
After 9 hours of restless use of the in a VM and on host, there are a few things those who are interested should know before you call this product junk:

  • It's a behavioral blocker. Don't expect it to detect adware as a lot of the times adware doesn't exhibit malicious behavior.
  • It's a behavioral blocker. This means IT DOES NOT scan files laying on your drive. They MUST be executed.
  • I have witnessed high accuracy against many types of malware including ransomware and exploits - it's bad at steam stealers for some reason
  • Runs about 15-35MB of RAM - does not slow down the computer - runs well beside AV's (tested are AVG IS and CIS)
  • Will allow files to run unless you tell it to delete it fast enough - gives option to dismiss (ignore and allow continue use)
  • While the files are running, Raptor will record what it does and give you a list of files it added to your system to delete
  • I haven't seen any false positives

I do not know of it's reverse capabilities (if it even has any). I haven't had any malware that say... changes host file, etc. I'm barely able to find ransomware so was only able to test it's ability against that to a limited degree.
 
D

Deleted member 178

Yep, Emsi was for security geeks like us, since they focused on extending their market shares, they simplified their products a lot for common users. And then i lost interest on them.
 
  • Like
Reactions: XhenEd

jamescv7

Level 61
Verified
Trusted
Behaviour Blocker as being so simplified may be considered as acceptable manner but not for HIPS since the concept is totally complex and wide at all.

As long protection capabilities does not sacrifice at all.
 
  • Like
Reactions: Kuttz and XhenEd
I

illumination

Why use BB when you have anti-exec?
Simple = boring :p
Only users that download often would find a anti-exec "non-boring" boderlining annoying... Anti-exec softwares are best suited for those that do not change their system often, and in which, it becomes, as you stated "boring".. ;)
 

Latest Threads