NOD32, automatically clean infections?

That's why I removed the /delete switch in the new schedule that I tried, didn't want a accident while testing Advanced Heuristics...

Cheers

 

Bandicoot, and Blackspear, now I can do as I wished and I understand how it works. . .! Awesome job, thanks,

Ray

 

Thanks to everyone for clarifying the command line swithces and showing how they are used and where placed!!

I appreciate it greatly!

Steve

 

Wow, Bleackspear. A lot of options. I actually schedule a scan daily (actually at night). I would like to do one DEEP and THOROUGH scan once a week. Which of these command line options would you recommend (besides "/AH" - I know that important. )?

 

One more small question.... My system has two hard drives, how can I add the second drive (E:\) to the comand line? Or do I need to create a second task altogether?

Again thanks to all that have helped and those who have asked additonal questions as well...!

Ray

 

The reason I ask the above question is that it didn't take long at all to scan my 80MB (which is 60% full), and I thought I read somewhere the "AH" option really extended the scan time. Not on my PC, unless I'm doing something wrong. Here are the options I'm using. I want to scan each and every file on my PC using everything possible (max hueristics, patterns, etc). Do I have everything covered?

c:\ /prompt /pattern+ /scanboot+ /all /scroll+ /arch+ /mapi- /pack+ /ah /quit+ /subdir+

 

Ahhhhh Dazed, now you are beyond me, with the help of Bandicoot I was able to make it work, and then show screenshots of how to do it, and after this I went hunting for and found the available switches. So, to actually what is best for the maximum scanning and detection settings, I'll have to wait for Marcos, Jan, Paul or somebody with experience and knowledge of the switches to come along... I too wait with eager anticipation to load a schedule with every available switch and have Nod make a weekly maximum strength scheduled scan...

Can someone do the same with Paolo Monto’s Advanced Heuristics shell, I and no doubt others would greatly appreciate this, to have step by step screenshots...

Paul, this thread would be a great sticky, with a title something like Command Line Switches for Nod32.

D & C, glad I could help...

Cheers

 

Can someone please explain what the function of "Work Directory" is

Cheers

 

Blackspear - I appreciate your efforts here. I think an explanation of all switches would be helpful. For example, if I use "/AH" , should I also have to use "/Heurdeep", or is that unnecessary?

 

Hi Ray,

No problemmo.... instead of putting "C:\ " at the beginning of the Command Line, put "/local " and then all your non-removeable media will be scanned.

Best regards,
Bandicoot.

 

Hello Mr. Spear,

Probably for you, me and 80 or 90% of NOD32 users, the "Work Directory" box is not really needed. For instance, it can be used by organisations with large networks where maybe a program has to be started remotely and the NOD scheduler needs to know what Directory to look in to start a certain application. So if you're like me.... forget it!

All the best,
Bandicoot.

 

Mr Bandicoot

Again many thanks, it is nolonger clear as mud, it's just clear

Cheers

 

Hello D&C,

Here is a link to show all the Command Line switches..... http://www.nod32.com/support/ans/comm_switches_v1.htm

You can indeed include "/ah " and "/heurdeep " because they run independently. (Actually, maybe you want "/heur+ "... the one you've selected sets the deep heuristic sensitivity... or maybe that's what you want and I should mind my own business! Hee hee...). Normally adding "/ah " will slow the scan down quite a bit but you say that it didn't make much difference on your machine... excellent.

Regards,
Bandicoot.

 

My sincere pleasure Mr. Spear. Well done for posting all the nice screen shots too.

Mr. Coot.

 

After doing all this for a scheduled scan, are you able to watch the scan in progress as you do when you run the manual scan, or is the scheduled scan running in the background?

 

Hi Mannaggia,

If you select "NOD32 Kernel - Execution of an external application" then, yes, the scanning window will pop up so you can see the progress. If you select "NOD32 - scanning" then it run invisibly in the background... but just as efficiently of course. I quite like to see the progress of the scan and there's also that 'comfort factor' of knowing it's doing the business.

Regards,
Bandicoot.

 

Thanks again Bandicoot, now I can safely continue to forget to veiw my scan log for weeks at a time, as forgetting is in my nature....

Ray

 

Thanks Bandicoot. I also like to watch the progress of the scan. There is that 'comfort factor'. I guess I'll give this a try.

 

I did the set up for the scheduled scan. It started up right on time and I was able to watch it as it was scanning. Thanks again Bandicoot.

 

For those in a multi-user computer or network environment, it may be beneficial to use the /break- parameter so the scan can not be stopped (unless the PC/Workstation is rebooted ).

 

From what I can see, the following switches should give the greatest and maximum strength scan with Nod:

/clean /ah /all /subdir+ /heur+ /scanfile+ /scanboot+ /scroll+ /arch+ /pack+ /mapi- /pattern+ /scanboot+ /scanmbr+ /heurdeep /log+ /prompt


/clean = gives option to remove upon detection of infection
/ah = Scan with Advanced Heuristics
/all = Scan all files regardless of their extension
/subdir+ = Scan sub-directories
/heur+ = Enable heuristic analysis
/scanfile+ = Enable scanning of the files
/scroll+ = Enable scrolling
/arch+ = Enable archives (ZIP, ARJ and RAR) scanning
/pack+ = Enable internal runtime packer files scanning
/mapi- = Disable Outlook Error Message
/pattern+ = Enable testing using virus signatures/patterns
/scanboot+ = Enable boot sectors scanning
/scanmbr+ = Enable MBS scanning
/heurdeep = Set deep heuristic sensitivity
/log+ = Enable Log file generation
/prompt = Prompt user for action upon detection

I'm not sure if using the /all switch that forces a scan of every file regardless of extension, makes switches like /subdir null and void, is this the case?

Cheers

 

Blackspear,
I just ran a scan using your switches. The scan took 14:45 on my XP box and scanned 94,091 files and found 2 viruses (this is the one found earlier by AH that I think is a false positive as it is in a popular, reputable program that has been out for months and I restored it after it found it the first time).

I then ran a scan with NOD32 set as I have always had it set. That scan took 12:28 and scanned 94,091 files. So, I guess the only difference was that AH was used in the first scan and not in the second (and didn't find those viruses in the second).

I see a lot more locked files on both these scans. At least I don't recall seeing a bunch of user.dat locked files or system32 locked files before, but maybe I just have a poor memory. I am not using the current release version of NOD32. I have a beta that tech support sent me yesterday.

It is nice to have confirmed that on a fast, newer box with plenty of RAM that AH doesn't add much scan time.

 

Agreed, my scans come into line with your time, VERY little difference in time is seen.

Cheers

 

Blackspear - Thanks. Works great.