Which exe file to choose for Quick Scan in Version 3

Hello

I have recently upgraded to version 3 from 2.7. I am running Windows XP.

With previous version there was an exe file in the installation folder to which I pointed my Download Managers to start the Downloaded File Scan automatically as soon as the download is completed.

But in this version I could not locate any similar NOD32 file analogous to version 2.7 to enable the Quick Scan as son as download is completed.

Please let me know which file should I point my Download manager to to get the above functionality.

Thank you.

 

Could someone please help me out?

I really need suggestions/ directions.

 

You are posting in the wrong forum.

Anyway ... In v3 ESET have created command-line scanner called ecls.exe located at %ProgramFiles% -> ESET -> Eset NOD32 Antivirus

So , you can use it with the following options:

Code:

ecls.exe /aind /auto /files /arch /max-archive-level=10 /sfx /rtp /symlink /adware /unsafe /unwanted /pattern /heur /adv-heur /action=clean /no-log-all

 

Thank you for your reply hitech_boy and sorry for missing the forum!

So should I start the same topic in the proper forum?

Anyways, I tried your method but it did not result satisfactorily. A new command window was open alright, informing that of the command line scanner, but I did not get any confirmation whether the scan was completed, let alone the result (either good or bad).

 

I might be wrong about the commands ?

Can you try to download Eicar zip archive and may ecls.exe scan it to see if it actually works/removes the threat ?

No , you don't need to start new topic

 

Thanks HiTech_boy

From where can I download the test file?

 

From here:
http://www.eicar.org/anti_virus_test_file.htm

Direct:
https://secure.eicar.org/eicar_com.zip

 

Thank you HiTech_boy

Sadly

1. the downloaded file was not flagged by the command line scanner.

2. What worried me more is that it seems, NOD32 is not providing any Real Time Download Protection (which Free AVs like AVAST! and AVG Free provides and functions perfectly), or is there any seeting in the AV that I need to change?

3. As I accessed the Quick Scanner from the Right Click menu and then Scanned theZIP file, NOD32 reported it as :

C:\Documents and Settings\Administrator\Desktop\eicar_com.zip » ZIP » eicar.com - Eicar test file

But the file was not removed/ quarantined automatically! Was not that supposed to be? That is should not a infected file be automatically quarantined by NOD32? Or is there any settings change that i need todo in the program?

Please suggest.

Thank you again.

 

Of course they provide real time protection which is enabled by default . Just the zip file I gave you is downloaded with secure connection (encryption) and there is no way for EA to scan ecrupted file . Moreover it is in zip .

EA will detect this in real time when you extract it on your computer .

If you want to test the real time protection try the not SSL downloads here:
http://www.eicar.org/anti_virus_test_file.htm

By default , this only scans . But if you right click the file -> choose Advanced options -> Clean files you'll see the difference



As for the command line options , I must be doing something wrong and if you don't get answer from someone else here about the options to be used , contact ESET Support from the internal forum (open the GUI -> Help -> Contact Customer Care)

 

Thank you very much HiTech_boy, you have been a great help as always.

yes, the Real time scanner is working perfectly and the advanced option also did what you pointed.

My sincere regards.

Regarding the command line scanner, I may be wrong too.

This is what I did:

In the Virus Scan option of the Download agent (like DownloadStatusBar extension in FireFox), I used the Browse option and pointed it to the ecls.exe file. I hop I did not do anything wrong.

What would be best if I could get a window like I get after performing a quick scan. As the screen shot attached. In a nutshell is not there any exe component of NOD32 ver 3.0 which can launch this On demand Scanner (as available in the previous 2.7 version)?

 

No , no . This is wrong . After you browse for ecls.exe you must manually enter the command at the end . It should be :

and end with these

when there is a space between ecls.exe and /aind


You said you want some kind of notification . In case you want this , you should change clean to prompt , this way ECLS will ask you for intervention if a threat is found

 

Thanks again

Well with reference to the attached screen shot, I have entered the following in the "Anti-Virus Program Location" field:

I downloaded the test file again, but it was reported to me that "AntiVirus Software not found!". I tried to put the whole command in the Argument field, after %1, but that also did not work out.

So what should I do now? Isn't there any way to get a interface like the previous screen shot?

 

You can try placing the parameters in the argument section but I am not sure if it is going to work .

You can safely stop using this option and rely on the web-protection and the real time file system . With them enabled (as they are by default) , there is no way for a threat to activate on your computer

 

Thank you very much HiTech_boy for your assurance, I was really worried-call me paranoid if you wish , but it is better to be safe than sorry.

 

No problem!
You are welcome!

 

HiTech_boy is right. In fact, with using the virusscan command in the download manager the file is actually scanned twice...
As long as you leave the 'Scan newly files on creation' (or something similar; I don't have ESS installed at the moment) enabled, nothing to worry about with your download manager.
If you still want to try it, do this:
- put quotations marks around the ecls.exe path+name because there are spaces in it
- add this parameter: /base-dir="<path to ecls.exe>"

 

Tried your options suggestions in the parameter settings of Flashget changing actions from "clean" to =prompt
Downloaded eicarcom2.zip using the standard protocol http to see what happened with your suggested parameters. It did not download the file and displayed the following pop-up message instead:

Is this what is supposed to happen ? I was expecting it to download and then scan.

 

Obviously Flashget uses HTTP communication and as v3 is scanning this , it was blocked before reaching the hard drive . The file couldn't be downloaded because it was already blocked => which is another confirmation that no third scan necessary (just don't use these parameters and rely on the other modules)