On thought so as not to break up anything, I am going to leave this thread alone. All MZ discussion can continue in that thread. Pete
I haven't tried it yet. Where are the installation instructions ? - as they aren't given in the ReadMe.txt nor the .html Is this product still using the manual method of installation ? I thought Florian implemented an *.exe installer that will do the complete installation without having to move the kernel driver and other files around manually on the system ? There isn't an "Installdriver.cmd" in the self-extracting zip. Just asking so that the kernel driver doesn't get borked.
The user has to do it manually It is not even mentioned in the readme.txt, "how" the driver has to be installed. FYI: Just rightclick the corresponding .inf-file, and install the driver. For all other people: After downloading CommandLineScanner from the website, and after double-clicking "cmdscanner_demo.exe" the content is extracted to the directory "cmdScannerDemo" On a 64-bit system the driver has to be installed with rightclicking of "cmdScannerDemo\64-bit\cmdScanner.inf" and choosing of "Install". (32-bit system = "cmdScannerDemo\32-bit\cmdScanner.inf") Now the file "cmdScannerDemo\cmdscanner.ini" has to be copied to: "c:\Windows\cmdscanner.ini" For starting/stopping/restarting or even uninstalling the driver, the corresponding .cmd-files in the directory "cmdScannerDemo" can be used for this. By default CommandLineScanner is not "enabled" [#LETHAL]. To enable it, # has to be removed, so it looks like: [LETHAL]. But this should be done only after intensive testing of added rules: CommandLineScanner is disabled: [#LETHAL] Add some rules Keep watching the logfile for some time ("c:\Windows\cmdscanner.log") The user-added rules should only block what they are intented to block. If this is the case the rules might be considered "safe" Now the user can switch to: [LETHAL]
cmdScanner it is. You need to drop cmdscanner.ini into C:\Windows\ before attempting to run the service. Btw all Excubits' drivers are installed and run like this: 1. Install driver. 2. Drop ini file within C:\Windows\ (the driver itself creates new log file after first service run). 3. Start the service manually via cmd prompt or included Tray.exe.
After installing of the driver: Code: 15:11:02 17.02.2017: Service created: cmdScanner (cmdScanner) Name: cmdScanner Display Name: cmdScanner Filename: C:\Windows\system32\DRIVERS\cmdScanner.sys
As far as I understand it, cmdScanner is the same implementation of command line scanning which was integrated into Bouncer. So another possibility for testing purposes could be to install Bouncer but simply disable all of the other features with the exception of [CMDCHECK] to have control and logging over various command lines and interpreter languages. The following code below would be relevant only to bouncer.ini: Code: [#INSTALLMODE] [#LETHAL] [LOGGING] [#SHA256] [#PARENTCHECK] [CMDCHECK]
This is way too much effort. I need to get it installed, running, and working so I can get to what I need to be doing.
I have not run cmdScanner since prior to coming out of beta. But I just tested now on 14393.693 (64-bit) specifically and the installation of the driver and subsequent start and stopping of the driver caused no errors on my system.
I should note that I also copied the cmdscanner.log file to C:\Windows as well which I normally did not do with other drivers since his drivers will create the log file on their own. But I thought I should mention that in case that might be a potential source of this issue.
You already have it installed on your system - correct ? So all you did is start and stop the driver - correct ? Try uninstalling it completely, delete the driver, clean-up the registry entries and then try re-installing it. The installer will not create the service on 1607 unless a very specific order is followed; see next post.
Allright, I finally got it. I had to create the cmdScannerDemo at C:\. It's quirky. I had to copy the *.ini to C:\Windows after running the *.inf. If I do it before, it won't create the service If I don't do the two things above, in that order, the service will not be created. LOL... Does the GUI\tray icon not start automatically at system start ?
I was meditating and hesitate to reply on this matter but fyi I use to unzip excubits drivers within C:\Program Files\CommandLineScanner\ then drop all files. From there I install the driver with the given steps. No they don't but there's a workaround: https://www.howtogeek.com/208224/ho...and-folders-to-system-startup-in-windows-8.1/ In short for you. 1. Start + R 2. shell:startup 3. An explorer instance is opened in this path: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Drop a previously created Tray.exe shortcut, you can create it in the desktop then drop it into that folder. 4. Restart you machine to check it worked.
I think you're going to love this driver @Lockdown It captures lots of cmd lines the other day I run a test.
Yes, I know the workaround, but I just think it is hilarious that it wasn't designed to work that way from the beginning. I will create the tray.exe registry autorun, make sure it works, then post the key here for others.
That is why I am persisting to get this thing working, even though I am having annoying issues. If I didn't think it was worth the effort I wouldn't be persevering. I have Florian on the line and we're trying to work out why there is a logging issue on 1607.
Something like this? On 8.1 x64 I got these lines: Code: *** excubits.com demo ***: 2017/02/15_12:06 > C:\Program Files\cmdScannerDemo\Tray.exe > C:\Windows\system32\cmd.exe /c sc query cmdScanner *** excubits.com demo ***: 2017/02/15_12:06 > C:\Windows\SysWOW64\cmd.exe > \??\C:\Windows\system32\conhost.exe 0xffffffff *** excubits.com demo ***: 2017/02/15_12:06 > C:\Windows\SysWOW64\cmd.exe > sc query cmdScanner I noticed that after adding those lines to the whitelist, the driver runs faster its processes and they are not logged anymore.
The service is running, but the cmdscanner.log is completely empty - even after system reboot. The .ini is set to log. No logging whatsoever...
This is definitely a programming issue per se or lack of compatibility with Windows 10. Good you are on line with Florian.
