JeremyNicoll 57 Report post Posted March 31, 2016 W8.1 64bit I just restarted EIS in response to the msg about a new version installing itself, then read in the blog about improvements to, amongst other things a2cmd. What's that I thought? Nothing in th ehelp file so I looked in the install directory. Ah, a tooltip says "command-line scanner". Ok, better help? Let's see what it says: In a command window I issued: C:\"C:\Program Files\Emsisoft Internet Security\a2cmd.exe" /? which produced a UAC password prompt which I answered. And then what? Nothing. No response at all in the command window, though any attempt to move the window or click in it makes the system play an error 'bong' sound. ProcessHacker shows it's doing nothing, but IS elevated. I used PH to terminate it, and whatever that did, I did then get a response in the command window. It says, simply, "Access is denied". That's a pretty odd response to a /? I feel. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted April 1, 2016 You need to launch the Command Prompt with administrator rights, otherwise a2cmd.exe will execute in a new window and immediately close once it's finished. You also need to use the /s parameter to tell it to use the service since you have EIS installed, otherwise it will simply display an error message and exit. Here's the contents of the /? output for easy reference: a2cmd.exe [path] | [parameters] Scan types (can be used together): /f=[], /files=[path] Scan files. Full path to file or folder required /quick Scans all active programs, Spyware Traces and TrackingCookies /malware Good and fast result, but only important folders will be scanned /rk, /rootkits Scan for active Rootkits /m, /memory Scan Memory for active Malware /t, /traces Scan for Spyware Traces /fh=[handle] /pid=[PID] Scan file by handle. Process ID of the handle is required /b=[pointer] /bs=[size] /pid=[PID] Scan buffer. Buffer size and process ID are required Scan settings (used with scan types): /pup Alert Potentially Unwanted Programs (PUP) /a, /archive Scan in compressed archives (zip, rar, cab) /n, /ntfs Scan in NTFS Alternate Data Streams /ac, /advancedcaching Use advanced caching /dda, /directdiskaccess Use direct disk access /l=[], /log=[filepath] Save a logfile in UNICODE format /la=[], /logansi=[filepath] Save a logfile in ANSI format /x=[], /ext=[list] Scan only specified file extensions, comma delimited /xe=[], /extexclude=[list] Scan all except the specified file extensions /wl=[], /whitelist=[file] Load whitelist items from the file /d, /delete Delete found objects including references /dq, /deletequick Delete found objects quickly /q=[], /quarantine=[folder] Put found Malware into Quarantine /rebootallowed Allows automatic OS restart, if this is required to remove found threads /s, /service Run scan via windows service and keep the engine loaded Malware handling (standalone parameters): /ql, /quarantinelist List all quarantined items /qr=[], /quarantinerestore=[n] Restore the item number n of the quarantine /qd=[], /quarantinedelete=[n] Delete the item number n of the quarantine Online updates: /u, /update Update Malware signatures /uf=<feed>, /updatefeed=<feed> Update from specified update feed Applicable only to standalone a2cmd package. /proxy=[proxyname:port] Proxy address and port number /proxyuser=[username] Proxy user name /proxypassword=[password] Proxy user password General commands: /k=[key], /key=[key] Set license key information (required only once) /?, /help Show help message Result codes: 0 - No infections were found 1 - Infections were found Quote Share this post Link to post Share on other sites
JeremyNicoll 57 Report post Posted April 1, 2016 Thanks for the /? output.Why couldn't I find any info at all about use of a2cmd in the help file?> You need to launch the Command Prompt with administrator rights...But when I didn't do that, I got a UAC prompt, satisfied that, and PH showedthat a2cmd was elevated, so did that not achieve the same thing?In any case, while I can see that using a2cmd needs elevation, I don't seewhy producing the help info should. Is there no way (even if it automaticallyrelaunches to get elevation) that the first program could say something usefulabout that in the original command window? Even a "Must run elevated" messagewould be better than a hang.> ... will execute in a new window and immediately close once it's finished.So you're saying that a2cmd executed in another window and (presumably) theoutput from the /? was available, very briefly, there. OK, but that doesn'texplain why the window where I entered the command became unusable.> use the /s parameter ... otherwise it will simply display an error messageIs that the "Access is denied." message? If it means "You have EIS installedand should have used the /s parameter." shouldn't it say so? Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted April 2, 2016 Why couldn't I find any info at all about use of a2cmd in the help file? The help file is for Emsisoft Anti-Malware and Emsisoft Internet Security. Technically A2CMD is a separate program that is bundled with our other products, and it has its own separate documentation. > You need to launch the Command Prompt with administrator rights... But when I didn't do that, I got a UAC prompt, satisfied that, and PH showed that a2cmd was elevated, so did that not achieve the same thing? The UAC prompt is displayed because the manifest in the a2cmd.exe file. At some point changes were made so that it could no longer run normally without being launched from an elevated Command Prompt, however the manifest still contains the element that tells it to display the UAC prompt. I think it does technically run when you don't use an elevated Command Prompt, it's just that the UAC opens it in a new window, and this sort of breaks the output. In any case, while I can see that using a2cmd needs elevation, I don't see why producing the help info should. Is there no way (even if it automatically relaunches to get elevation) that the first program could say something useful about that in the original command window? Even a "Must run elevated" message would be better than a hang. I don't think A2CMD is aware that it is a new window. Regardless, unless Windows supplies an API for writing output to running instance of cmd.exe other than the one your program is being executed by, then I expect directly modifying the memory of the running cmd.exe process that originally tried to launch a2cmd.exe would be required to pull it off (assuming that would work). So you're saying that a2cmd executed in another window and (presumably) the output from the /? was available, very briefly, there. OK, but that doesn't explain why the window where I entered the command became unusable. I think it has something to do with the way the UAC works with command line applications, however I haven't done any testing to see if this works the same way with other programs (I'm not even sure where I could find another command line program for Windows that had a manifest that would produce a UAC prompt). > use the /s parameter ... otherwise it will simply display an error message Is that the "Access is denied." message? If it means "You have EIS installed and should have used the /s parameter." shouldn't it say so? The error message is supposed to say that you need to use the /s parameter. "Access is denied" is usually just a generic permissions related error (although other things can cause it as well). Quote Share this post Link to post Share on other sites