Exclude specific file from on demand scanning?

Discussion in 'NOD32 version 2 Forum' started by Mele20, Jun 1, 2004.

Thread Status:
Not open for further replies.
  1. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    How do I exclude a specific file or folder from being scanned during an on demand scan?

    I have the NOD32 scanner set up to scan everything with AH. It keeps finding a "virus" in several places which stops the scan because it can't clean it so it asks me what to do. I could just scan without cleaning turned on and the scanner wouldn't stop everytime it finds the virus but it still would flag a false positive. Or, I could add delete, if not cleanable, and then it would not stop the scanner but it would delete a false positive taking my perfectly fine application away from me. So, neither are viable alternatives.

    Eset says this false positive will be corrected in the new beta (not the beta I have but the one that will be soon available to all). Even so, I need to learn how to exclude a particular file/folder from being scanned. I read the help file but didn't see how to do this.
     
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    If the file is uncleanable, can you select "No Action" for "Uncleanable Viruses"? I'm not sure, but that might allow the scan to continue.
     
  3. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    That would allow the scan to continue but I want to know how to exclude. There must be a way. With using AH, there are going to be more incidents of this nature where there is a false positive and, therefore, there will be a need to be able to exclude that file/folder from the scan until Eset corrects the false positive. What if I want the scanner to notify me if it can't clean a virus and ask what to do, but I don't want it hanging on a false positive? I need to be able to exclude the false positive. I suppose I could zip up the file in question and password protect it...but that is a bit of trouble. It would be easier I think to just exclude it from being scanned.

    If I were to do what you suggest though, what do I add/delete in this command line to achieve that? I guess "prompt" is what I need to delete. Do I need to add "no action"? That is not on the list of command line switches that Blackspear posted. Maybe all I need to do is remove "prompt" and then if it can't clean this virus, it won't hang but will just keep going. I guess I have to try it to see.

    c:\ /clean /ah /all /subdir+ /heur+ /scanfile+ /scanboot+ /scroll+ /arch+ /pack+ /mapi- /pattern+ /scanboot+ /scanmbr+ /heurdeep /log+ /prompt
     
  4. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Sorry, Mele20. Just trying to help. Not sure if there is a command switch for it, but it is an option on my scan control dialog box. Good luck!:)
     
  5. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    The problem is how does one add the "NOD32 Kernal Execution of an External Application" task to your profiles? I don't think you can because you cannot choose AH scanning as part of the regular NOD32 scanner. The option "take no action" on the scan control dialog box is for the profiles you set up for on demand scanning. But on demand scanning does not use AH so you cannot set this AH scan, with all the switches that we have been discussing here as one of your profiles. Thus, "take no action" is not available.

    You understand? (Maybe I am bumbling too much in trying to explain). What I think I need is a command line switch for "take no action". Or I need a way to exclude those false positives from being scanned.

    I do appreciate your trying to help. :)
     
  6. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Mele20

    Do not know if this is what you mean or will help.

    Take Care,
    TheQuest :cool:
     

    Attached Files:

  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I think Mele is talking about your screenshot, except using the Right Click option from Paolo Monti's Shell Extension, and/or by using a scheduled scan, both options use switches...

    Cheers :D
     
  8. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Thank you Blackspear! You understand me better than I understand me :D ....at least where this is concerned. LOL

    What I did was take all those command switches c:\ /clean /ah /all /subdir+ /heur+ /scanfile+ /scanboot+ /scroll+ /arch+ /pack+ /mapi- /pattern+ /scanboot+ /scanmbr+ /heurdeep /log+ /prompt

    and then I went to System Tools/Schedule Planner and I set up a scheduled task to run nightly called
    NOD32 Kernal - Execution of an External Application. The On Demand scanner uses the above switches to determine how to do this task. The scanner pays no attention to what is set up in the NOD32 scanner for scanning from various profiles. Thus, I don't think that extension editor will be followed when this scan is run. Just like choosing quarantine doesn't work because there isn't any switch called "quarantine".

    This is like this because AH is not a part of the NOD32 scanner. I think the only solution would be a switch like "no action" which doesn't exist so I think I have to live with it. :) I will just have to run the scan while I am at the computer rather than asleep and keep checking it to see if it has hung on a false positive. Maybe Eset will fix the false positive in the next definitions, but then this is an AH false positive...so how is that fixed? That is an interesting question that I would like to know more about.
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Try just removing the /clean switch, this will only scan, though you will still have the results at the end, and from there you can take further action if required.

    Glad I could be of service ;)

    Cheers :D
     
  10. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I suppose that might be the best answer. I don't particularly like the idea of having to run the scanner again if were to find something that isn't a false positive, but since that is not very likely, your suggestion is probably the best solution.

    Thanks. :)
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    My Pleasure Mele :D

    Cheers :D
     
Thread Status:
Not open for further replies.