TakeDown

Emsisoft Commandline Scanner - emdmp

Recommended Posts

Hello,

I have Emsisoft commandline scanner installed on my server, recently i witness some strange behavior.

There is a process called "emdmp.exe" that got several instances , is it work properly on my server and what does this processes do  ? 

thank in advanced

Share this post


Link to post
Share on other sites

It saves memory dumps when our software crashes, and it should also send them to our developers automatically so that they can resolve any crashing issues as quickly as possible.

Share this post


Link to post
Share on other sites

Can i cancel the process  "emdmp.exe" so it will not run again ?

 because the server is not connected to the internet and therefor the log will not send to emsisoft.

Share this post


Link to post
Share on other sites
2 hours ago, TakeDown said:

Can i cancel the process  "emdmp.exe" so it will not run again ?

The only way to prevent it from running is to prevent the crash that is causing it to run.

Is there a crash report saved in one of the following locations?

  • C:\Users\<username>\AppData\Local\Temp\emCrReps
  • C:\Windows\Temp\emCrReps

The crash reports are only saved if you were asked whether or not to send a crash report, and clicked the "Send" button in the report (if you clicked "Cancel" the crash reports are not saved).

Share this post


Link to post
Share on other sites

In addition to the above, about how long do the emdmp.exe processes run? Do they stop running on their own after a little while, or do they stay in memory until you manually end them?

Share this post


Link to post
Share on other sites

Hi

I tried to search for any log in the follow path you mentioned, but didn't find any thing.

Yes, the processes still running in the memory and the only way to stop is to remove it manually or restart the machine.

Share this post


Link to post
Share on other sites

OK, that indicates that something is wrong with the emdmp.exe process that's keeping it from stopping. Have you tried adding an exclusion for the Emsisoft Commandline Scanner folder (default should be something like "C:\EmsiCmd") to your other anti-virus software?

Share this post


Link to post
Share on other sites

Your reply  "There is no exclusion to the av folder,"  doesn't quite address what GT500 suggested. 

Do you have any other antivirus or antimalware software running on that machine?  Or anything else giving any kind of 'real-time' protection?  If so, GT500 is suggesting that those products might need to be told to ignore the Emsisoft scanner's folders.   They might be interfering with the proper execution of the Emsi programmes.

Share this post


Link to post
Share on other sites
11 hours ago, TakeDown said:

There is no exclusion to the av folder,

You appear to have McAfee VirusScan (I would believe the Enterprise version) on the system, as well as ClamWin (which isn't very good and I recommend getting rid of).

Please make sure that the folder you have Emsisoft Commandline Scanner installed to excluded in the above anti-virus software, and any other anti-virus software you may have on the system. You may need to contact McAfee to ask how to add exclusions for their software.

 

11 hours ago, TakeDown said:

my current path is "d:\scanners\emsisoft"

can different installation drive cause the problem ?

The Commandline Scanner is designed to be able to run from any drive or folder (as long as it has proper read/write permissions to its own folder, and is executed with Administrator rights), so this shouldn't be causing the issue.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.