well, an example of Susp could be:
we can
certainly identify a script obfuscator e.g. and we consider its usage/presence as (highly) suspicious.. so then we exactly detect the particular obfuscator and give it a suffix [Susp] (there was no heuristics involved in fact)
and an example of Heur:
we can process a file and if we think there's something fishy, we can go deeper and apply further analysis (emulation, generic unpacking) and collect necessary informations to find malicious behavior patterns etc. - but we don't focus on known suspicious obfuscators, packers here..
basically it could be considered as a difference between "known" and "unknown" threat types.. and of course there could be little deviations from these general rules