plat1098

EEK Commandline Scanner--Pup Option Stays Off

Recommended Posts

Hello everyone.  :D

Was using the above for a while when it spontaneously stopped scanning for potentially unwanted programs.  Tried the  /pup command and the /p one with and without the space after a2cmd, it still says "off" in the list of scanner options.   Can someone assist me with this please? Also, does one need the bin32 for a 64 bit system?

 

I have searched this forum for answers to this issue before posting.  Thanks!

 

plat

 

 

Share this post


Link to post
Share on other sites
5 hours ago, plat1098 said:

Was using the above for a while when it spontaneously stopped scanning for potentially unwanted programs.  Tried the  /pup command and the /p one with and without the space after a2cmd, it still says "off" in the list of scanner options.

I would believe there's a bug that causes the option to scan for PUPs to always show as off in the output from A2CMD. I'll check to make sure.

 

5 hours ago, plat1098 said:

... does one need the bin32 for a 64 bit system?

It's technically not needed, however EEK may redownload it if missing.

Share this post


Link to post
Share on other sites

Hi, GT500, thank you for your reply.  Is there any more information forthcoming?  I can "live" without the PUP scanning capability but it's better to know and not waste time trying to make it work.  To update and run the malware scan takes all of maybe 40 seconds for 74,000 items.  If you can let me know how/if the PUP detections can be brought back, that would be good. 

Thanks for the bin32 tidbit, I'll leave it alone.

plat

 

Share this post


Link to post
Share on other sites

I've asked about whether or not this is a bug with the output, or a but with PUP detection. I'll let you know as soon as I get a reply. ;)

Share this post


Link to post
Share on other sites

Just for confirmation, what version of a2cmd.exe do you have? Our QA team says that this is not a known issue, and they were not able to reproduce it in testing.

Share this post


Link to post
Share on other sites

OK, thank you for this information. I'd un/reinstalled EEK a day or so ago but nothing changed.  Maybe this is something I should be shrugging off as the report states pup detections were in fact enabled.  But the snip (which shows the version you requested) displaying the desired feature first on, then off is a little intriguing. Another machine w/no connections to this one likewise showed this.  Admittedly, I haven't been using EEK via commandline for too too long.   I'll go by the report and ask for info just for education, OK?  :)

Thanks for your help.  :)

logs.db3

a2settings.ini

scan_171223-204707.txt

5a457b7628892_eekwithpuponandoff.thumb.PNG.439b7d198f6ecbad724698533ec35580.PNG
Download Image

 

Share this post


Link to post
Share on other sites

Actually, the report predates the issue and should be disregarded, I see no further scan reports are in the EEK file on C:.  In fact, I just ran another scan to get a report and there isn't any.  I'm also using OSArmor but those logs don't indicate anything having to do with this. 

Share this post


Link to post
Share on other sites
On 12/28/2017 at 6:44 PM, plat1098 said:

In fact, I just ran another scan to get a report and there isn't any.

Correct, you have to use the /log or /l parameter to specify where to save the log. Sort of like the following:

a2cmd.exe /quick /log="..\Reports\Cmd_Scan_2017_12_29.txt"

 

Share this post


Link to post
Share on other sites

OK, I see.  This seems a little messed up and confusing on here and this just started happening.  Before, I was using this w/no issue whatsoever.   After applying your above command, the first scan report ended up in the bin64 folder.  The second landed in Reports.  There was no third--does your above command for a report have to be applied every time you want it?  Here is a malware scan with the /pup command entered prior to the /malware one.  The report is below--pup detections don't seem enabled.  I enable the detection, the Scan settings say "ON" then I initiate the scan.  When the scan is initiated, the PUP setting is changed to OFF.  a2cmd.exe /malware or a2cmd /malware, both work.  I don't see the reason to un/reinstall a third time but I will if you find it's necessary. 

 

Edit:  I'm going to uninstall OSArmor and see if that changed anything. 

 

Cmd_Scan_2017_12_30.txt

Edited by plat1098
adding something

Share this post


Link to post
Share on other sites

If you just used the sample command that GT500 supplied you will have a problem.  He specified the log location as: "..\Reports\Cmd_Scan_2017_12_29.txt"        which is a filepath that means somewhere that is relative to whatever your working directory was when you issued the command (because the initial ".." means go up a level in the file structure form where you are now".

You'd probably be better to use a value like:    "C:\where\ever\you\want\logfile.txt"     which is absolute - always the same place each time it is used.  

Or maybe something like:   "%TEMP%\eekscans\logfile.txt"     so at least the log will end up in your temporary files folder.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, plat1098 said:

After applying your above command, the first scan report ended up in the bin64 folder.  The second landed in Reports.  There was no third--does your above command for a report have to be applied every time you want it?

The command example assumed that the working directory for a2cmd.exe would be the folder it executed from (in this case the bin64 folder). The ".." at the beginning of the path means to start in the parent folder, which is usually where the Reports folder can be found. This type of path is called a relative path, since it is relative to the working directory.

You can use an absolute path for the log as Jeremy suggested in order to ensure that it is always written in the correct location.

 

1 hour ago, plat1098 said:

... pup detections don't seem enabled.  I enable the detection, the Scan settings say "ON" then I initiate the scan.  When the scan is initiated, the PUP setting is changed to OFF.

What happens when you put the /malware parameter first?

image.png
Download Image

 

1 hour ago, plat1098 said:

a2cmd.exe /malware or a2cmd /malware, both work.

That's normal. If you don't specify the file extension, then the Command Prompt will simply try to open the first file it finds with that name. In cases where there is only one file in the folder with that name, there wouldn't be any issues with omitting the .exe extension from the file name when running it.

  • Like 1

Share this post


Link to post
Share on other sites

Hello JeremyNicoll and GT500, and Happy New Year.  :D  First, thanks very much for the impromptu tutorial, clearly this was out of my atmosphere and I apologize for the extra trouble.  It seems that if you want a report, you have to tell EEK every time--here it was just placed in C:. Is there a way to permanently do this, do you modify the ini file or something?  Nevertheless, I got it, it's good.  I swear, this was operative without the additional commands before, don't know what happened.  :unsure:  If this is it as far as report logging goes, OK then, this is satisfactory as-is and I'll just use the command every time I need a formal report.  Thanks again, much obliged. 

plat

logfile.txt

 

Edited by plat1098
added something

Share this post


Link to post
Share on other sites
10 hours ago, plat1098 said:

It seems that if you want a report, you have to tell EEK every time--here it was just placed in C:. Is there a way to permanently do this, do you modify the ini file or something?

The Emergency Kit Scanner should save logs automatically, however the Commandline Scanner (a2cmd.exe) does not. Also note that a2cmd.exe ignores most options in the INI file, so the only way to enable logging is to do so in a command line parameter every time you execute a2cmd.exe (although this can be automated by using batch files if you prefer).

Share this post


Link to post
Share on other sites

Out of interest and curiosity, can at least some of us expect an increase in scan times due to kb4056892?  Example:  on machine w/NVM-e, scan time increased from 30 sec to 50 sec.  It's all relative but I wonder if there is correlation.  Will this slowdown be mitigated in due time?

Share this post


Link to post
Share on other sites

From what I understand, if there are a lot of users logged in, then yes there could be slowdowns in scan speed due to the way the kernel patches work. At least, from what I've been reading, the more users logged in the more of a performance reduction there is. At home with a single user logged in, you probably wouldn't even notice it. On a terminal server at a large company with hundreds of users logged in, or on a VPS hosting server, the performance hit may be rather large.

Share this post


Link to post
Share on other sites

This could be minor but then again, it's cosmetically not my thing.  Recently, the scanner begins and is displayed smack in the midst of the signatures.  Obviously, you can't start the scan until you get the prompt.   Why, and what can be done besides not updating prior to scanning (not a great alternative)? Does this have to be reinstalled (hope not)? This is version 2017.12.  Thanks!

  5a88e5db9691e_emsicmdscan.PNG.42e5bc45583ccbcb4b3144d9d241cdc9.PNG
Download Image

 

 

Share this post


Link to post
Share on other sites

See, this doesn't happen each time but often enough, so the extra step may or may not be necessary.  As long as the issue doesn't compromise the actual scan, I guess I can put up with it.  But if there's a new version coming up that addresses this issue, I'd appreciate it.  I blame this machine as usual though there are no indications in Event Viewer or elsewhere that would point to its being the culprit.  Don't know why the signatures seem to complete downloading and then continue when the scan is initiated.  I'll delete and reinstate the EEK download and see.

OK, thanks again.  :)

plat

 

 

Share this post


Link to post
Share on other sites

a2cmd /update

a2cmd /malware /pup

I deleted the existing EEK and reinstated it from your website yesterday.  Twice the scanner has behaved properly with the above commands.  So, it seems academic as to why it was messed up like that previously.  Since the issue is/was sporadic, running the extra CLS command every time was something I wasn't really keen on because I'm lazy.  Also, this machine is odd and annoying since the Fall Creators Update, causing numerous headaches with its borks and misbehaviors. 

Again, if the issue doesn't affect the scanning capability or is harmful in any other way, it's something to put up with on occasion.  

Thank you for your time and help.  It is always appreciated.

plat

 

 

 

 

Share this post


Link to post
Share on other sites
On 2/21/2018 at 8:35 AM, plat1098 said:

... running the extra CLS command every time was something I wasn't really keen on because I'm lazy.

The following batch file should be able to automate it for you:

@ECHO OFF

:: Set variable to define EEK installation folder for later usage.
SET "EEKFolder=C:\EEK"

:: Checking for admin rights takes a moment, so display a message to make sure Command Prompt isn't sitting there empty with no explanation.
ECHO.
ECHO Checking for Administrator rights.
ECHO This may take a moment.

:: Check if we have admin rights.
FSUTIL DIRTY QUERY %SystemDrive%>NUL
IF %ERRORLEVEL% NEQ 0 (GOTO PromptForAdmin) ELSE (GOTO ContinueProcessing)

:PromptForAdmin
:: Launch CMD with Administrator rights using PowerShell, making sure CMD exits when done.
POWERSHELL.EXE -Command Start-Process '%~f0' -Verb RunAs && EXIT

:ContinueProcessing
CLS

:: Switch to folder that contains EEK
IF DEFINED ProgramW6432 (CD "%EEKFolder%\bin64") ELSE (CD "%EEKFolder%\bin32")

:: Run update with A2CMD.
A2CMD.EXE /Update

:: Clear screen.
CLS

:: Run Malware Scan with A2CMD.
A2CMD.EXE /Malware /PUP

:: Pause Command Prompt so that it remains open until a key is pressed.
PAUSE

 

Edited by GT500
Updated batch code to make it more reliable.
  • Like 1

Share this post


Link to post
Share on other sites

OK, done!  Hopefully, this is no longer an issue and the scanner has been doing well regardless since I reinstalled the EEK package.  

OK, thank you, GT500 and also @JeremyNicoll, this has been highly informative and helpful.  :)

plat

 

 

Share this post


Link to post
Share on other sites

You're welcome. ;)

BTW: I just updated the batch code to be more reliable. It was only able to automatically elevate itself on Windows 7 before, but now works on Windows 8 and Windows 10 as well, and I made a change that fixed issues with spaces in the path when relaunching the batch file with PowerShell to elevate it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.