Scott Sheedy

EEK Command line scanner (whitelist)

Recommended Posts

Good day,

I have been testing products for use as a remedial tool to be used for targeted scans. We have McAfee , along with Avecto Defendpoint through ePO as our corporate standard for endpoint security. As part of our endpoint security response, when we have identified a end point as requiring such activity, we are looking for a product for making targeted scans for remediation. Enter EEK Pro.

I have been testing various products , and so far EEK seems like the right tool for our needs. We have nearly 12,000 end points and we need a tool at each major location for our Service Desk team.  EEK's command line scanner is the perfect tool for our needs, I have been working to create the perfect batch file to run the scanner with a preset command line switches for our needs and ease of use for our technicians.  The only issue I have had is with the "whitelist" feature.  

 

Quote

/wl=[path], /whitelist=[path]

Uses the specified whitelist file for excluding certain files, folders or malware names in the scan. Whitelist files must be text files where each line is one of the items to be excluded.
Example: a2cmd /f="c:\" /wl="c:\whitelist.txt"

I have been creating our own, as we have a lot of in house scripting and SCCM that sets off many false positives, but this is not the issue, it is the fact I am seemingly unable to whitelist by file name.  If I add directories (and we have a few) they are skipped by the scan, as expected, but adding individual file names however does not. We would like to whitelist our in house files, not always entire directories for obvious reasons.

Is there special formatting to be used when whitelisting files over directories?

Any assistance would be great, this is the last hurdle for me to be able to make the final recommendation, as I believe EEK Pro is exactly what we need. I would be adding my batch file, and whitelist to each stick before shipping it to each of 13 sites for use.

Thanks very much for your time,

Scott Sheedy

 

 

Share this post


Link to post
Share on other sites

Hello Scott!

When you enter filenames in the whitelist text file, are you adding just the filename, or the full path to the file? The latter is needed.

Folder names should have a trailing backslash ( \ ), and it seems like you're probably already doing that if they're working.

If that doesn't get it going for you, please show me a 3-4 line snippet, obfuscated, of the whitelist file you're trying to use so we can take a look.

Share this post


Link to post
Share on other sites

You're welcome Scott,

Yes, wildcards can be used. You'll need to be sure the pattern is proper though. In your example of *.*\blahblah.exe, that would only match folders that have a dot in the name. Otherwise you'd use something like C:\*\blahblah.exe for example, or C:\*\*.blah where 'blah' is the extension you want to whitelist.

Share this post


Link to post
Share on other sites

Thanks so much for your reply. 

That worked perfectly and testing of your product has resumed. White list testing has been successful.

Last phase is testing with bitlocker to go encryption.  Enterprise policy is that all external storage devices are registered, and encrypted. I have been testing on an exempt test environment system now I move to live system testing. This means every system techs visit for remedial response will require the device to be encrypted.

Are there any known issues with running from an encrypted USB stick?

 

Thanks very much do appreciate your time in responding.

Share this post


Link to post
Share on other sites

My pleasure, Scott.

No issues I'm aware of, no. As long as the encryption driver is doing its job before attempting to scan, that is.

Let us know if you have trouble and we'll try to help.

Share this post


Link to post
Share on other sites

Hi David,

Just wanted to pop in and thank you for your support.

And to let you know that your assistance was in no small part, responsible for us buying 15 licenses of EEKPro for our major locations.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.