ATTK is a tool that can be used to scan and collect system information and suspicious files from a system suspected to be infected/compromised. This information is used by your support engineer and the Antimalware Team to review and attempt to identify the suspicious process(es) and/or file(s). This tool can collect the following information on Linux Systems:
- System: Kernel, user, disk and Time
- Autorun: Scheduled tasks and start-up
- Browser History
- File metadata
- File scan
Q: What are the supported distributions?
A: The following distributions are supported:
|Solaris||10 U8||x64||libmenu5 and libpanel5 are required for TUI|
Q: Does it support IBM AIX and HP-UX?
Q: Can it perform cleanup?
A: Yes, it can use offline pattern (lpt$ptn) and spyware pattern (ssaptn). You can refer to this guide: How to perform Malware Cleanup on ATTK for Linux.
Q: Does it support Yara Scan?
A: Yes. You can refer to this guide: How to use Yara Scan in ATTK for Linux.