a2cmd.exe hung?

[JeremyNicoll 55]

W8.1 64bit

 

I just restarted EIS in response to the msg about a new version installing itself, then read in the blog about improvements

to, amongst other things a2cmd.  What's that I thought?  Nothing in th ehelp file so I looked in the install directory.  Ah, a

tooltip says "command-line scanner".  Ok, better help?  Let's see what it says:

 

In a command window I issued:

 

C:\"C:\Program Files\Emsisoft Internet Security\a2cmd.exe" /?

 

which produced a UAC password prompt which I answered.  And then what?   Nothing.  No response at all in the command

window, though any attempt to move the window or click in it makes the system play an error 'bong' sound.

 

ProcessHacker shows it's doing nothing, but IS elevated.  I used PH to terminate it, and whatever that did, I did then get a

response in the command window.  It says, simply, "Access is denied".   That's a pretty odd response to a /?  I feel.

[GT500 573]

You need to launch the Command Prompt with administrator rights, otherwise a2cmd.exe will execute in a new window and immediately close once it's finished. You also need to use the /s parameter to tell it to use the service since you have EIS installed, otherwise it will simply display an error message and exit.

Here's the contents of the /? output for easy reference:

a2cmd.exe [path] | [parameters]

Scan types (can be used together):

   /f=[], /files=[path]   Scan files. Full path to file or folder required
   /quick                 Scans all active programs, Spyware Traces and
                          TrackingCookies
   /malware               Good and fast result, but only important folders will
                          be scanned
   /rk, /rootkits         Scan for active Rootkits
   /m,  /memory           Scan Memory for active Malware
   /t,  /traces           Scan for Spyware Traces

   /fh=[handle] /pid=[PID]            Scan file by handle. Process ID of the
                                      handle is required
   /b=[pointer] /bs=[size] /pid=[PID] Scan buffer. Buffer size and process ID
                                      are required

Scan settings (used with scan types):

   /pup           Alert Potentially Unwanted Programs (PUP)
   /a, /archive   Scan in compressed archives (zip, rar, cab)
   /n, /ntfs      Scan in NTFS Alternate Data Streams
   /ac, /advancedcaching       Use advanced caching
   /dda, /directdiskaccess     Use direct disk access
   /l=[], /log=[filepath]      Save a logfile in UNICODE format
   /la=[], /logansi=[filepath] Save a logfile in ANSI format
   /x=[], /ext=[list]          Scan only specified file extensions, comma
                               delimited
   /xe=[], /extexclude=[list]  Scan all except the specified file extensions
   /wl=[], /whitelist=[file]   Load whitelist items from the file
   /d,     /delete             Delete found objects including references
   /dq,    /deletequick        Delete found objects quickly
   /q=[], /quarantine=[folder] Put found Malware into Quarantine
   /rebootallowed              Allows automatic OS restart, if this is required
                               to remove found threads
   /s, /service   Run scan via windows service and keep the engine loaded

Malware handling (standalone parameters):

   /ql, /quarantinelist            List all quarantined items
   /qr=[], /quarantinerestore=[n]  Restore the item number n of the quarantine
   /qd=[], /quarantinedelete=[n]   Delete the item number n of the quarantine

Online updates:

   /u, /update                Update Malware signatures
   /uf=<feed>,
   /updatefeed=<feed>         Update from specified update feed
                              Applicable only to standalone a2cmd package.
   /proxy=[proxyname:port]    Proxy address and port number
   /proxyuser=[username]      Proxy user name
   /proxypassword=[password]  Proxy user password

General commands:

   /k=[key], /key=[key] Set license key information (required only once)
   /?, /help            Show help message

Result codes:

   0 - No infections were found
   1 - Infections were found

[JeremyNicoll 55]

Thanks for the /? output.

Why couldn't I find any info at all about use of a2cmd in the help file?


> You need to launch the Command Prompt with administrator rights...

But when I didn't do that, I got a UAC prompt, satisfied that, and PH showed
that a2cmd was elevated, so did that not achieve the same thing?

In any case, while I can see that using a2cmd needs elevation, I don't see
why producing the help info should.  Is there no way (even if it automatically
relaunches to get elevation) that the first program could say something useful
about that in the original command window?  Even a "Must run elevated" message
would be better than a hang.


> ... will execute in a new window and immediately close once it's finished.

So you're saying that a2cmd executed in another window and (presumably) the
output from the /? was available, very briefly, there.  OK, but that doesn't
explain why the window where I entered the command became unusable.


> use the /s parameter ... otherwise it will simply display an error message

Is that the "Access is denied." message?  If it means "You have EIS installed
and should have used the /s parameter." shouldn't it say so?
 

[GT500 573]

Why couldn't I find any info at all about use of a2cmd in the help file?

The help file is for Emsisoft Anti-Malware and Emsisoft Internet Security. Technically A2CMD is a separate program that is bundled with our other products, and it has its own separate documentation.

> You need to launch the Command Prompt with administrator rights...

But when I didn't do that, I got a UAC prompt, satisfied that, and PH showed that a2cmd was elevated, so did that not achieve the same thing?

The UAC prompt is displayed because the manifest in the a2cmd.exe file. At some point changes were made so that it could no longer run normally without being launched from an elevated Command Prompt, however the manifest still contains the element that tells it to display the UAC prompt. I think it does technically run when you don't use an elevated Command Prompt, it's just that the UAC opens it in a new window, and this sort of breaks the output.

In any case, while I can see that using a2cmd needs elevation, I don't see why producing the help info should.  Is there no way (even if it automatically relaunches to get elevation) that the first program could say something useful about that in the original command window?  Even a "Must run elevated" message would be better than a hang.

I don't think A2CMD is aware that it is a new window. Regardless, unless Windows supplies an API for writing output to running instance of cmd.exe other than the one your program is being executed by, then I expect directly modifying the memory of the running cmd.exe process that originally tried to launch a2cmd.exe would be required to pull it off (assuming that would work).

So you're saying that a2cmd executed in another window and (presumably) the output from the /? was available, very briefly, there.  OK, but that doesn't explain why the window where I entered the command became unusable.

I think it has something to do with the way the UAC works with command line applications, however I haven't done any testing to see if this works the same way with other programs (I'm not even sure where I could find another command line program for Windows that had a manifest that would produce a UAC prompt).

> use the /s parameter ... otherwise it will simply display an error message

Is that the "Access is denied." message?  If it means "You have EIS installed and should have used the /s parameter." shouldn't it say so?

The error message is supposed to say that you need to use the /s parameter. "Access is denied" is usually just a generic permissions related error (although other things can cause it as well).