Automating ESET SysRescue offline scans

Discussion in 'ESET NOD32 Antivirus' started by twichert, Aug 19, 2010.

Thread Status:
Not open for further replies.
  1. twichert

    twichert Registered Member

    Feb 2, 2010
    Lansing, MI
    I'm currently working with my Windows Deployment Services guy on a way to fully automate the "SysRescue" offline scan tool. This way we can pull boxes from production racks to our DHCP-enabled WDS racks, PXE boot the boxes, and use the SysRescue PE environment like any other WDS deployment image. The idea here is that we won't have to babysit offline scans -- we can boot the box and walk away until the scan is done.

    Has anyone else done anything like this? What kinds of success did you have? What pitfalls did you find?

    So far we've been able to inject all our drivers and automate scanning by modifying the boot.wim with the Windows 7 AIK tools. Here are our steps:

    1) Mount the WIM:
    dism /Mount-Wim /WimFile:C:\winpe_x86\winpe.wim /index:1 /MountDir:C:\winpe_x86\mount

    2) Inject your drivers from WDS:
    dism /image:c:\winpe_x86\mount /Add-Driver /driver:C:\YOUR_FOLDER_OF_INF_DRIVERS\ /recurse

    3) Modify windows\system32\startnet.cmd within the image to run whatever commands you want.

    The only two difficulties I'm running into are 1) ensuring that NOD updates, and 2) detecting when the updates process has concluded so a scan can be initiated. The second issue may require some hackish VBScripting or just an educated guess on the argument to sleep.exe.

    I really would like to see ESET add a synchronous script-friendly interface to their products.

    Snipped: Undocumented command removed
    Last edited by a moderator: Aug 23, 2010
Thread Status:
Not open for further replies.