Brian Becker

a2cmd whitelist ignored

Recommended Posts

I have tried everything, and can not seem to prevent a2cmd from deleting my application. I would like to run a full scan, including trace scan, but ignore everything in my whitelist. Every scan deletes the folder C:\Program Files\OmniCom\ with the following result...

c:\program files\OmniCom detected: Trace.Directory.WinShadow 3.0!A2

Here are my command line parameters...

a2cmd.exe /f="C:\" /wl=whitelist.txt /l=Log\a2cmd-Scan.log /q=quarantine /t /c /a /n /r

I saved the following whitelist.txt in the a2cmd directory...

C:\Progra~1\OmniCom\

C:\Program Files\OmniCom\

c:\program files\OmniCom\

C:\Progra~1\OmniCom

C:\Program Files\OmniCom

c:\program files\OmniCom

I know it's redundant, but I expect at least one of the lines to have an effect. I've also tried just one line, which also does nothing. I would like to exclude that folder from all scans (even trace scanning). It appears that the whitelist is not considered in a trace scan. Is this a correct assumption? If so, why? and can it be considered in a future release?

BTW... Thank you for an excellent product.

Share this post


Link to post
Share on other sites

Hi Brian, welcome to the forum

Since the detection is a Trace.Directory you have to place the name of the detection into the White List;

That is not the folder or its content was flagged but the way the entry is set in the Registry.

The Traces will be flagged even you will perform, say just a Quick Scan (that my not even scan the particular folder)... and since /T parameter was set

Finally, you are using /Q , therefore the quarantine will happen

(if "Trace.Directory..." flagged and you quarantine - the whole directory is gone)

I would not recommend using /Q as a default.

Please save the report ... and then make a decision after analyzing flagged items

You can search this and old forum using keywords like "a2cmd" ; "CLS" (Command Line Scanner); "White List"; etc. and find many discussions & suggestions

{added} you can read this case for example

My regards

  • Upvote 1

Share this post


Link to post
Share on other sites

Thanks for the info. I will use the trace name from now on. I still question whether this is the best way, since I know I trust a specific program, but may not trust others with the same trace name. Well, I'll take my chances.

I did search the forums for anything about whitelist and could not find anything related. Maybe this could be added to the a2cmd docs to avoid future confusion.

Thank you for your help.

Brian

Share this post


Link to post
Share on other sites

Thanks for reply, Brian

The Search in the old forum can fail

The Search in this new forum is working fine, but it's not the best one, e.g it doeno't have “Match whole phrase” option

So, the better way is to use (“”) - quotes. That will give you more then you are searching for unfortunately ... but still...

In addition to the referred thread, say if you search for “acmd” you can find this case & the WhiteList discussed there as well

“whitelist” should return

http://support.emsisoft.com/topic/1680-whitelist/page__fromsearch__1

and/or http://support.emsisoft.com/topic/1116-fp/page__hl__whitelist__fromsearch__1

and others

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.