Which exe file to choose for Quick Scan in Version 3

Discussion in 'ESET Smart Security' started by src2206, Nov 24, 2007.

Thread Status:
Not open for further replies.
  1. src2206

    src2206 Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    45
    Hello

    I have recently upgraded to version 3 from 2.7. I am running Windows XP.

    With previous version there was an exe file in the installation folder to which I pointed my Download Managers to start the Downloaded File Scan automatically as soon as the download is completed.

    But in this version I could not locate any similar NOD32 file analogous to version 2.7 to enable the Quick Scan as son as download is completed.

    Please let me know which file should I point my Download manager to to get the above functionality.

    Thank you.
     
  2. src2206

    src2206 Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    45
    Could someone please help me out? o_O

    I really need suggestions/ directions. :(
     
  3. ASpace

    ASpace Guest

    You are posting in the wrong forum.

    Anyway ... In v3 ESET have created command-line scanner called ecls.exe located at %ProgramFiles% -> ESET -> Eset NOD32 Antivirus

    So , you can use it with the following options:
    Code:
    ecls.exe /aind /auto /files /arch /max-archive-level=10 /sfx /rtp /symlink /adware /unsafe /unwanted /pattern /heur /adv-heur /action=clean /no-log-all
     
  4. src2206

    src2206 Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    45
    Thank you for your reply hitech_boy and sorry for missing the forum!:doubt:

    So should I start the same topic in the proper forum?

    Anyways, I tried your method but it did not result satisfactorily. A new command window was open alright, informing that of the command line scanner, but I did not get any confirmation whether the scan was completed, let alone the result (either good or bad). o_O
     
  5. ASpace

    ASpace Guest

    I might be wrong about the commands ?

    Can you try to download Eicar zip archive and may ecls.exe scan it to see if it actually works/removes the threat ?

    No , you don't need to start new topic :thumb:
     
  6. src2206

    src2206 Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    45
    Thanks HiTech_boy

    From where can I download the test file?
     
  7. ASpace

    ASpace Guest

  8. src2206

    src2206 Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    45
    Thank you HiTech_boy

    Sadly

    1. the downloaded file was not flagged by the command line scanner.

    2. What worried me more is that it seems, NOD32 is not providing any Real Time Download Protection (which Free AVs like AVAST! and AVG Free provides and functions perfectly), or is there any seeting in the AV that I need to change?

    3. As I accessed the Quick Scanner from the Right Click menu and then Scanned theZIP file, NOD32 reported it as :

    C:\Documents and Settings\Administrator\Desktop\eicar_com.zip » ZIP » eicar.com - Eicar test file

    But the file was not removed/ quarantined automatically! Was not that supposed to be? That is should not a infected file be automatically quarantined by NOD32? Or is there any settings change that i need todo in the program?

    Please suggest.

    Thank you again.
     
  9. ASpace

    ASpace Guest

    Of course they provide real time protection which is enabled by default . Just the zip file I gave you is downloaded with secure connection (encryption) and there is no way for EA to scan ecrupted file . Moreover it is in zip .

    EA will detect this in real time when you extract it on your computer .

    If you want to test the real time protection try the not SSL downloads here:
    http://www.eicar.org/anti_virus_test_file.htm


    By default , this only scans . But if you right click the file -> choose Advanced options -> Clean files you'll see the difference



    As for the command line options , I must be doing something wrong and if you don't get answer from someone else here about the options to be used , contact ESET Support from the internal forum (open the GUI -> Help -> Contact Customer Care)
     
  10. src2206

    src2206 Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    45
    Thank you very much HiTech_boy, you have been a great help as always. :)

    yes, the Real time scanner is working perfectly and the advanced option also did what you pointed.

    My sincere regards.

    Regarding the command line scanner, I may be wrong too.

    This is what I did:

    In the Virus Scan option of the Download agent (like DownloadStatusBar extension in FireFox), I used the Browse option and pointed it to the ecls.exe file. I hop I did not do anything wrong.

    What would be best if I could get a window like I get after performing a quick scan. As the screen shot attached. In a nutshell is not there any exe component of NOD32 ver 3.0 which can launch this On demand Scanner (as available in the previous 2.7 version)?
     

    Attached Files:

  11. ASpace

    ASpace Guest


    No , no . This is wrong . After you browse for ecls.exe you must manually enter the command at the end . It should be :

    and end with these
    when there is a space between ecls.exe and /aind


    You said you want some kind of notification . In case you want this , you should change clean to prompt , this way ECLS will ask you for intervention if a threat is found
     
  12. src2206

    src2206 Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    45
    Thanks again

    Well with reference to the attached screen shot, I have entered the following in the "Anti-Virus Program Location" field:

    I downloaded the test file again, but it was reported to me that "AntiVirus Software not found!". I tried to put the whole command in the Argument field, after %1, but that also did not work out. :(

    So what should I do now? Isn't there any way to get a interface like the previous screen shot?
     

    Attached Files:

  13. ASpace

    ASpace Guest

    You can try placing the parameters in the argument section but I am not sure if it is going to work .

    You can safely stop using this option and rely on the web-protection and the real time file system . With them enabled (as they are by default) , there is no way for a threat to activate on your computer :thumb:
     
  14. src2206

    src2206 Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    45
    Thank you very much HiTech_boy for your assurance, I was really worried-call me paranoid if you wish :), but it is better to be safe than sorry.
     
  15. ASpace

    ASpace Guest

    No problem!
    You are welcome! :thumb:
     
  16. Alf_

    Alf_ Registered Member

    Joined:
    May 7, 2007
    Posts:
    48
    Location:
    The Netherlands
    HiTech_boy is right. In fact, with using the virusscan command in the download manager the file is actually scanned twice...
    As long as you leave the 'Scan newly files on creation' (or something similar; I don't have ESS installed at the moment) enabled, nothing to worry about with your download manager.
    If you still want to try it, do this:
    - put quotations marks around the ecls.exe path+name because there are spaces in it
    - add this parameter: /base-dir="<path to ecls.exe>"
     
  17. mcm

    mcm Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    2
    Tried your options suggestions in the parameter settings of Flashget changing actions from "clean" to =prompt
    Downloaded eicarcom2.zip using the standard protocol http to see what happened with your suggested parameters. It did not download the file and displayed the following pop-up message instead:

    Is this what is supposed to happen ? I was expecting it to download and then scan.
     

    Attached Files:

    Last edited: Nov 27, 2007
  18. ASpace

    ASpace Guest

    Obviously Flashget uses HTTP communication and as v3 is scanning this , it was blocked before reaching the hard drive . The file couldn't be downloaded because it was already blocked => which is another confirmation that no third scan necessary (just don't use these parameters and rely on the other modules)
     
Thread Status:
Not open for further replies.