Jump to content

EEK Command line scanner (whitelist)


Scott Sheedy
 Share

Recommended Posts

Good day,

I have been testing products for use as a remedial tool to be used for targeted scans. We have McAfee , along with Avecto Defendpoint through ePO as our corporate standard for endpoint security. As part of our endpoint security response, when we have identified a end point as requiring such activity, we are looking for a product for making targeted scans for remediation. Enter EEK Pro.

I have been testing various products , and so far EEK seems like the right tool for our needs. We have nearly 12,000 end points and we need a tool at each major location for our Service Desk team.  EEK's command line scanner is the perfect tool for our needs, I have been working to create the perfect batch file to run the scanner with a preset command line switches for our needs and ease of use for our technicians.  The only issue I have had is with the "whitelist" feature.  

 

Quote

/wl=[path], /whitelist=[path]

Uses the specified whitelist file for excluding certain files, folders or malware names in the scan. Whitelist files must be text files where each line is one of the items to be excluded.
Example: a2cmd /f="c:\" /wl="c:\whitelist.txt"

I have been creating our own, as we have a lot of in house scripting and SCCM that sets off many false positives, but this is not the issue, it is the fact I am seemingly unable to whitelist by file name.  If I add directories (and we have a few) they are skipped by the scan, as expected, but adding individual file names however does not. We would like to whitelist our in house files, not always entire directories for obvious reasons.

Is there special formatting to be used when whitelisting files over directories?

Any assistance would be great, this is the last hurdle for me to be able to make the final recommendation, as I believe EEK Pro is exactly what we need. I would be adding my batch file, and whitelist to each stick before shipping it to each of 13 sites for use.

Thanks very much for your time,

Scott Sheedy

 

 

Link to comment
Share on other sites

Hello Scott!

When you enter filenames in the whitelist text file, are you adding just the filename, or the full path to the file? The latter is needed.

Folder names should have a trailing backslash ( \ ), and it seems like you're probably already doing that if they're working.

If that doesn't get it going for you, please show me a 3-4 line snippet, obfuscated, of the whitelist file you're trying to use so we can take a look.

Link to comment
Share on other sites

You're welcome Scott,

Yes, wildcards can be used. You'll need to be sure the pattern is proper though. In your example of *.*\blahblah.exe, that would only match folders that have a dot in the name. Otherwise you'd use something like C:\*\blahblah.exe for example, or C:\*\*.blah where 'blah' is the extension you want to whitelist.

Link to comment
Share on other sites

Thanks so much for your reply. 

That worked perfectly and testing of your product has resumed. White list testing has been successful.

Last phase is testing with bitlocker to go encryption.  Enterprise policy is that all external storage devices are registered, and encrypted. I have been testing on an exempt test environment system now I move to live system testing. This means every system techs visit for remedial response will require the device to be encrypted.

Are there any known issues with running from an encrypted USB stick?

 

Thanks very much do appreciate your time in responding.

Link to comment
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...