Is this normal EAM behavior?

[Hiballer]

I am currently running build 7125 on both a 32-bit and a 64-bit machine. Recently, I've moved most of my activity to my 64-bit machine so the 32-bit guy sits there most of the time idling. Rather than be logged on all the time, I log off, but leave the machine running. Actually both are running 24/7.

If I am not logged in on the 32-bit machine I have found that when I do, EAM immediately starts a scan of my system. Now, when I was keeping myself logged in all the time, it ran normally at 0200. But since I've logged myself off, now the scan won't start until I log back in. Despite the fact that the scan runs in the background, there is a perceptive lag that is annoying, and I want to eliminate that by forcing the scan back to 0200.

My question, finally, is: How do I make EAM think I am logged on so that the scan will run at the normal time? If there is a setting in the Settings page for that, I've missed it. if there isn't one, then I strongly suggest that a setting possibly marked as "Run scans even if the user is not logged on" and a check box.

I am the only users on any of my systems.

Bill

 

[GT500]

1 hour ago, Hiballer said:

... I want to eliminate that by forcing the scan back to 0200.

In the settings for the scheduled scan:

 

If you turn that option off, then you won't have the scan run every time you log in.

 

1 hour ago, Hiballer said:

How do I make EAM think I am logged on so that the scan will run at the normal time?

When a scan runs, the main EAM window (a2start.exe) opens. Since a2start.exe runs as the current logged in user, it isn't currently possible to run a scan when no user is logged in.

Theoretically there is a way around this, however it requires creating a Scheduled Task using the Windows Task Scheduler to run a2cmd.exe in place of the normal scheduled scan. Also note that this has not been tested, so I can't guarantee that it works. If you want to try it, I can check and see if it works, and if so I can explain how to set it up.

[Hiballer]

That option is already turned off. It was never activated.

I use Task Scheduler all the time for backups (using MS Sync Toy) as well as several other home-grown tasks. I experimented with s2cmd, but was never able to get it to scan. I never got the parameters set up right to the command. Maybe something like naming the scan in the EAM settings, and then calling that scan from Task Scheduler. Then it could be called like this: "C:\program Files\Emsisoft Anti-Malware\a2cmd /Midnight Scan"

This is the way that Sync Toy works. Since Task Scheduler allows you to choose a user to associate with the task, that would work I think.

Bill

 

[GT500]

If you just want to run a malware scan, then the following would do it:

a2cmd.exe /s /malware

Note that the /s is important, as it tells a2cmd to use the service that EAM uses for updates/scanning/etc. The version of a2cmd that comes bundled with EAM and EIS has to use the service, or it will fail to run.

Note that you should have it check for updates first, so running the following before running the command to scan would be best:

a2cmd.exe /s /u

You can even get a bit more advanced if you'd like and have it save a log somewhere that you can review later:

a2cmd.exe /s /l="C:\Users\<username>\Desktop\A2CMD_Scheduled_Scan_Log.txt" /malware

If you want to write a batch file to automate all of this, then you could automate changing the log name with every scan by using date and time for instance. Here's an example of code that will do it with standard USA date/time formats (code borrowed from here):

a2cmd.exe /s /u
a2cmd.exe /s /l="C:\Users\<username>\Desktop\A2CMD_Scheduled_Scan_Log_%DATE:~10,4%-%DATE:~4,2%-%DATE:~7,2%_%TIME:~0,2%_%TIME:~3,2%_%TIME:~6,2%.txt" /malware

Just be sure to replace <username with your username, or change the folder where it saves the log, otherwise the log won't be saved.

BTW: I did test the above example batch code by pasting it into a Command Prompt, and it does work.

Note that the log is saved after the scan is terminated, and I simply used Ctrl+C to stop the scan so that it would output the log.

[Hiballer]

Excellent! Thanks, Arthur. This is just what I'm looking for. Is there a list of the various parameters available using something like the "/?" that MS uses? If something like that is closely-held I'll understand.

 

Bill

 

[GT500]

Yes, run can a2cmd.exe with /s /? to output the help information. Note that when running a2cmd.exe, you need to run the Command Prompt as an Administrator. Also note that a Scheduled Task running when no user is logged in will need to run as the SYSTEM user, otherwise it will not work.

Here's the output of a2cmd.exe /s /? for quick reference:

a2cmd.exe [path] | [parameters]

Scan types (can be used together):

   /f=[], /files=[path]   Scan files. Full path to file or folder required
   /quick                 Scans all active programs, Spyware Traces and
                          TrackingCookies
   /malware               Good and fast result, but only important folders will
                          be scanned
   /rk, /rootkits         Scan for active Rootkits
   /m,  /memory           Scan Memory for active Malware
   /t,  /traces           Scan for Spyware Traces

   /fh=[handle] /pid=[PID]            Scan file by handle. Process ID of the
                                      handle is required
   /b=[pointer] /bs=[size] /pid=[PID] Scan buffer. Buffer size and process ID
                                      are required

Scan settings (used with scan types):

   /pup                        Alert Potentially Unwanted Programs (PUP)
   /a, /archive                Scan in compressed archives (zip, rar, cab)
   /am                         Scan in mail archives
   /n, /ntfs                   Scan in NTFS Alternate Data Streams
   /cloud=[]                   If it is "1" then scanner will use cloud 
                               requests (defaul value is "1")
   /dda, /directdiskaccess     Use direct disk access
   /l=[], /log=[filepath]      Save a logfile in UNICODE format
   /la=[], /logansi=[filepath] Save a logfile in ANSI format
   /x=[], /ext=[list]          Scan only specified file extensions, comma
                               delimited
   /xe=[], /extexclude=[list]  Scan all except the specified file extensions
   /wl=[], /whitelist=[file]   Load whitelist items from the file
   /d,     /delete             Delete found objects including references
   /dq,    /deletequick        Delete found objects quickly
   /q=[], /quarantine=[folder] Put found Malware into Quarantine
   /rebootallowed              Allows automatic OS restart, if this is required
                               to remove found threads
   /s, /service   Run scan via windows service and keep the engine loaded

Malware handling (standalone parameters):

   /ql, /quarantinelist            List all quarantined items
   /qr=[], /quarantinerestore=[n]  Restore the item number n of the quarantine
   /qd=[], /quarantinedelete=[n]   Delete the item number n of the quarantine

Online updates:

   /u, /update                Update Malware signatures
   /uf=<feed>,
   /updatefeed=<feed>         Update from specified update feed
                              Applicable only to standalone a2cmd package.
   /proxy=[proxyname:port]    Proxy address and port number
   /proxyuser=[username]      Proxy user name
   /proxypassword=[password]  Proxy user password

General commands:

   /k=[key], /key=[key] Set license key information (required only once)
   /?, /help            Show help message

Result codes:

   0 - No infections were found
   1 - Infections were found

 

[GT500]

I should probably point out that the output is from the current beta of version 2017.1.0.7125, however I don't think there are any real differences in how the parameters work in 12.2 and this newer beta.

[GT500]

For extra reference, there is documentation available here for the standalone version of A2CMD which includes some examples and screenshots. Almost everything is the same, except for the fact that the version with EAM and EIS requires the /s parameter, and of course you don't have to worry about the license activation parameter with the version that comes with EAM and EIS.

[Hiballer]

Perfect! I am assuming that the batch file(s) I might set up should be IN the EAM home directory though. otherwise Windows will reject the command (unless you add the whole path to it or add the path to the system path.

 

I will give this some study and see what comes of it. Oddly enough, the "Run as an administrator" check box was greyed out for some reason on the BAT file. I suspect this is why my first attempt failed.

Bill

 

 

[GT500]

You would have to add the following to the beginning of the batch file if it isn't in the EAM folder:

cd "%SystemDrive%\Program Files\Emsisoft Anti-Malware"

If you want to save the batch file in the EAM folder, then self-protection in EAM will need to be turned off, otherwise you will not be able to save files in the EAM folder.

 

On 1/31/2017 at 3:58 PM, Hiballer said:

dly enough, the "Run as an administrator" check box was greyed out for some reason on the BAT file. I suspect this is why my first attempt failed.

In the case of batch files that you want to run manually, if you don't want to have to right-click on them and select to "Run as administrator", then you can try adding the BatchGotAdmin code to the beginning of the batch file and then when you double-click on it to run it there will be a UAC prompt to elevate the permissions:

[Hiballer]

I've since found out that if you create a BAT file using an Administrator account, it already is set to run as an administrator. But the whole thing has been negated by the small VB application I created that makes use of an INI file before running. Since it is an EXE file, I don't have the same problems that a BAT file would give me. If I need to change any of the parameters (including where the log file goes), I can run the GUI for my app and alter the INI file. Then, the EXE files runs using the Task Scheduler whenever I want it to run. Kind of the long way around the barn, but it allows a lot of flexibility.

I appreciate your help, Arthur.

Bill

 

 

[GT500]

You're welcome.