ecls.exe v4 : "/action=" option removed ?

Discussion in 'ESET NOD32 Antivirus' started by Memory, Jul 3, 2011.

Thread Status:
Not open for further replies.
  1. Memory

    Memory Guest

    I'm currently test driving a bunch of download managers.
    I'm setting up the command line switches/parameters/options like this :
    But the "/action=prompt" option seems to crash the CLS. The CMD-window flashes by in split second. When I remove "/action=prompt", I can see the scanner doing its job. But not the result because the window closes immediately after the scan is completed

    So I compared v3 and v4 switches and parameters, and "/action" scanner option was removed in v4.
    ESET Command Line Scanner Parameters (ecls.exe) (3.0)
    ESET Command Line Scanner Parameters (ecls.exe) (4.0)

    1) Why was "/action=" removed ?
    2) Is there an alternative for "/action=" ?
    3) Is there a way to leave the CMD-window open, after the scan, so that I can see the end result ?

    At the top of the CMD-window, the first line is "WARNING! The scanner was run in the account of a limited user!"
    I tried with the Administrator account, but that obviously failed because there is no password :
    4) Is there a way (without a small utility program to elevate the user) ?
     
    Last edited by a moderator: Jul 3, 2011
  2. Memory

    Memory Guest

    Am I the only human being using the command line scanner ?

    I'm also prepared to listen to (possibly incognito) aliens hanging around here.
    You may encounter me speaking in Dutch, English, or German. Any other language will be a conversation killer.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Use the /cleanmode= switch instead. For more details, refer to the help displayed after running ecls --help.
     
  4. Memory

    Memory Guest

    Before I opened this thread :

    I had already looked at the output of ecls with
    I had also already looked online at the ecls parameters for v3 and v4.

    I'm writing some scripts for v4, and wanted to use v3's "/action=prompt" parameter as I did before.

    The "/clean-mode=MODE" of v4, which you suggested, has no prompt action. It looks like prompting has been completely removed from ecls.exe v4.

    But let's call it a day, and leave things as they are. I can't use parameters which aren't there to begin with.

    Thanks either way.

    NOD32 v3 :

    /action=ACTION
    performs the specified actions when an infected object is detected. Available actions are none, clean and prompt

    /clean-mode=MODE
    Wasn't there yet.

    NOD32 v4 :

    /action=ACTION
    looks like it's gone.

    /clean-mode=MODE
    use cleaning MODE for infected objects. Available options: none, standard (default), strict, rigorous, delete
     
  5. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Insufficient information in the help file!!!
    What mean "supplements action" in quarantine switch? Or what differences exist between none, standard, strict, rigorous and delete modes?
    And if files are quarantined, how restore them?
     
    Last edited: Jul 13, 2011
  6. tony_m

    tony_m Eset Staff Account

    Joined:
    Nov 22, 2010
    Posts:
    239
    The quarantine is a supplement action, it is only possible to quarantine a file if it was previously cleaned.

    In standard mode, the whole archive would be deleted, where all the files it contains are infected files. In strict cleaning mode, the archive would be deleted if it contains at least one infected file, regardless of the status of the other files in the archive.

    Rigourous means that infected will be always deleted, even if it's an actual file infected with a virus. So basically using this option may cause system instability if infected crucial system files are deleted.

    Here's how to restore a quarantined file:

    http://kb.eset.com/esetkb/index?page=content&id=SOLN2143

    Hope this helps.
     
  7. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Good answer tony
    so, are you saying the ECLS's quarantine folder is located by default in "all users\%AppData%\eset\eset nod32 antivirus\charon" folder?
     
Thread Status:
Not open for further replies.