Start a scan from the commandline?

Discussion in 'ESET Endpoint Products' started by RobJanssen, Apr 4, 2013.

Thread Status:
Not open for further replies.
  1. RobJanssen

    RobJanssen Registered Member

    Joined:
    Jul 15, 2011
    Posts:
    55
    In 2011 I asked for a feature to start a scan from the commandline.
    At that point, we had updated from 2.7 to 4.2 and lost the functionality.
    It was then mentioned that it would be back in 4.3

    Now we have upgraded to Endpoint Antivirus 5.0.5126 and still I cannot find
    this function. If it is present, how can it be used?

    What I need is a command that triggers an in-depth scan of the computer,
    just like the one that can be started from the GUI, and that will report back
    the result to the Remote Administrator.

    I know about ecls /auto but it only writes to stdout and does not create a
    result event for the Remote Administrator.

    I know how to schedule scans that run at a certain time, but I only want to
    run the task in the weekend from a script that runs on each workstation after
    a wake-on-LAN has been done. I don't want to bother the users with a
    scan that runs when they are using the computer.

    So how can I just start a scan, wait for it to complete, and then continue in a script.
     
  2. RobJanssen

    RobJanssen Registered Member

    Joined:
    Jul 15, 2011
    Posts:
    55
    No reply at all. Does this mean that this is still not possible?
    Will this functonality ever return?
     
  3. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    Would /log-console or /preserve-time not work in this instance? I'm researching further possibilities but in the meantime I wanted to at least give you something to start with. Here's the KB Article with the Command Line Parameters, which I believe you may already be familiar.
     
  4. RobJanssen

    RobJanssen Registered Member

    Joined:
    Jul 15, 2011
    Posts:
    55
    I know how ecls works but I don't know of any way (and when asking this in 2011 it then did not exist either) to let ecls log an event that will be picked up by Remote Administrator.
    So, that when I look in the "Scan Log" tab of the Remote Administrator I see the results of those scans that have been run on the (hundreds of) workstations and look for infections etc.
    Of course I can run ecls and output to a file, and then write some custom scripting to collect those files on a server and search them for output patterns, but isn't that a task for Remote Administrator?
    In the 2.7 version there was a program NOD32.EXE that performed this task.
     
  5. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    I'm probably missing something obvious but if you want the scan to just run on the weekend, why not just schedule it to run on a weekend day and time. That way after a wakup in lan is triggered it should start scanning. You could probably also set it to shutdown after the scan.
    I'm not sure how you would go running other tasks in your script after the scan, maybe a problem it you have tasks which can not be run concurrently with the ESET scan.
     
  6. RobJanssen

    RobJanssen Registered Member

    Joined:
    Jul 15, 2011
    Posts:
    55
    There are several problems with this approach:

    1. when you schedule the scan to occur before the time the computer wakes up, the scan will be started immediately after wakeup. This means it will use the virus signatures that are present on the computer at that time, not the newest signatures. Of course I want to wait for the newest signatures to be loaded first, and then start the scan. ESET does not support this so I need to script that.

    2. when running the weekly maintenance, software updates are installed as well. they often require a reboot. so I first want to install all available updates and reboot when necessary, and only then the scan should start. no problem in the script, but cannot be accomplished with a fixed scan start time

    3. the "shutdown after scan" is unreliable. I tried it last weekend, and several computers hung during the shutdown. this is a matter I am still investigating, but it occurs in other environments too. The symptom is that the computer continues the shutdown when any key (even Ctrl or Shift) is touched or when the mouse is moved or clicked. The screen just shows "windows is shutting down" at that time.

    remember that it all worked fine in version 2.7 of NOD32!!!
    one could simply call NOD32.exe with a couple of commandline switches and it would do exactly what I need: run a scan, and report the results back to Remote Administrator. The program is active performing the scan, when the program ends the script continues, perfect.
    However this functionality was removed by ESET and I have no idea why.
    It was promised to return it in a later version but that did not happen until now, it seems.
    (the ecls program can still run the scan in the way I need, but it is not integrated with Remote Administrator! an oversight)
     
Thread Status:
Not open for further replies.