JeremyNicoll

Custom scan problems

Recommended Posts

Using EAM 2018.12.1.9144  on W8.1 64-bit

I just performed a custom scan of the files on two drives, something I do roughly weekly.  At the end of this I clicked the GUI's "View report" button and got an error message saying "The logfile of this scan is no longer available".     Looking in:  C:\ProgramData\Emsisoft\Reports     there is no file with today's date.

As it is, the GUI end-of-scan summary looks wrong to me - it says that 532528 files were scanned... which is roughly the number I'd expect if only one drive had been scanned.   The same scan a week ago reported it had scanned 949198 files.

I'll pm debuglogs to GT500.

Share this post


Link to post
Share on other sites

@stapp  Yes, I think so.   And looking at my forensic log I see something similar, with the most recent entry that mentions scanning: "Scanning is in progress" - that expands to say:

05/01/2019 11:05:51
Scanning master boot record ...

05/01/2019 11:05:51
Scanning system folder 'CSIDL_DRIVERS'...

05/01/2019 11:05:52
Scanning memory ...

05/01/2019 11:05:58
Scanning traces ...

05/01/2019 11:06:01
Scanning folder ...

05/01/2019 11:23:40
Scanning folder ...

and it's now 1257.    None of the running a2- tasks in task manager show any appreciable cpu or IO, so I expect the scan has crashed.

 

Share this post


Link to post
Share on other sites

the new version now scans fewer files than before:

Emsisoft Anti-Malware - Versión 2018.12
Última actualización: 5/01/2019 11:00:28 a. m.
Iniciado por: DESKTOP-OGLDG4M\onbox
Nombre del ordenador: DESKTOP-OGLDG4M
Versión de SO: Windows 10x64 

Configuraciones del análisis:

Tipo de análisis: 
Objetos: Rootkits, Memoria, Trazas, C:\

Detectar PUP: Activado
Análisis de archivos: Activado
Análisis de archivos de correo: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Acceso directo al disco: Desactivado

Inicio del análisis:    5/01/2019 11:00:46 a. m.

Analizados    163063
Encontrados    0

Fin del análisis:    5/01/2019 11:31:38 a. m.
Duración del análisis:    0:30:52

version 2018.9.2.8988

Configuraciones del análisis:

Tipo de análisis: 
Objetos: Rootkits, Memoria, Trazas, C:\

Detectar PUP: Activado
Análisis de archivos: Activado
Análisis de archivos de correo: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Acceso directo al disco: Desactivado

Inicio del análisis:    18/10/2018 07:04:07 p.m.

Analizados    246316
Encontrados    0

Fin del análisis:    18/10/2018 08:47:33 p.m.
Duración del análisis:    1:43:26

version 2018.9.2.8968

Configuraciones del análisis:

Tipo de análisis: 
Objetos: Rootkits, Memoria, Trazas, C:\

Detectar PUP: Activado
Análisis de archivos: Activado
Análisis de archivos de correo: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Acceso directo al disco: Desactivado

Inicio del análisis:    09/10/2018 11:24:40 a.m.

Analizados    404806
Encontrados    0

Fin del análisis:    09/10/2018 01:38:18 p.m.
Duración del análisis:    2:13:38

Share this post


Link to post
Share on other sites

I use malwarebytes as second opinion software, I'm not comparing the two software, but it seems that MalwareBytes is looking for more files

MalwareBytes 314164 

Emsisoft 163063

MalwareBytes:

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 314164
Amenazas detectadas: 1
Amenazas en cuarentena: 1
Tiempo transcurrido: 2 hr, 56 min, 41 seg

Emsisoft AntiMalware:

Configuraciones del análisis:

Tipo de análisis: 
Objetos: Rootkits, Memoria, Trazas, C:\

Detectar PUP: Activado
Análisis de archivos: Activado
Análisis de archivos de correo: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Acceso directo al disco: Desactivado

Inicio del análisis:    5/01/2019 11:00:46 a. m.

Analizados    163063
Encontrados    0

Fin del análisis:    5/01/2019 11:31:38 a. m.
Duración del análisis:    0:30:52

Share this post


Link to post
Share on other sites
6 hours ago, JeremyNicoll said:

@onbox - did Malwarebytes also skip archives (zips etc)?     I see Malwarebytes took nearly six times as long (3h versus 30m).

Yes, When Scan within archives is enabled, Malwarebytes will scan four levels deep within archive (ZIP, RAR, 7Z, CAB and MSI) files. If this option is disabled, the archive is excluded from scanning. Please note that encrypted archives cannot be fully tested.

Share this post


Link to post
Share on other sites
7 hours ago, JeremyNicoll said:

@onbox - did Malwarebytes also skip archives (zips etc)?     I see Malwarebytes took nearly six times as long (3h versus 30m).

Scan without archives: 309080 - 16 min, 6 seg

Share this post


Link to post
Share on other sites

The scan that on Saturday presumably crashed, was of the files (not looking at zips' contents), on two drives C:\ and E:\.  I've just run the scans for one drive at a time without a problem.  The number of files scanned on C:\ just now was 545160 which is a bit more than the number reported on Sat (532528), possibly implying the problem on Saturday happened while scanning C:\.

 

Share this post


Link to post
Share on other sites
On 1/5/2019 at 9:11 PM, onbox said:

the new version now scans fewer files than before:

This doesn't have anything to do with this topic. ;)

 

On 1/5/2019 at 6:52 AM, JeremyNicoll said:

Using EAM 2018.12.1.9144  on W8.1 64-bit

I just performed a custom scan of the files on two drives, something I do roughly weekly.  At the end of this I clicked the GUI's "View report" button and got an error message saying "The logfile of this scan is no longer available".     Looking in:  C:\ProgramData\Emsisoft\Reports     there is no file with today's date.

As it is, the GUI end-of-scan summary looks wrong to me - it says that 532528 files were scanned... which is roughly the number I'd expect if only one drive had been scanned.   The same scan a week ago reported it had scanned 949198 files.

I'll pm debuglogs to GT500.

@JeremyNicoll is this only happening when doing Custom Scans, or is it happening with all scans?

What settings are you using with your Custom Scans?

I'll ask if this is already a known issue.

Share this post


Link to post
Share on other sites

@GT500 The only other scans I ever do are context ones, and those I've done recently have all been fine.  Settings for the failed custom scan were

Objects: Rootkits, Memory, Traces, C:\, E:\

Detect PUPs:            On
Scan archives:          Off
Scan mail archives:     On
ADS Scan:               On

File extension filter:  Off
Direct disk access:     Off  

(I keep separate notes of what a scan is going to be, and its results*, so this was not copied from the never-produced report file, but my pre-scan notes.  Also, I use 'load settings' to set the settings from the same preset file each time I do this scan.)

* because in some cases I expect scans to find certain things and I have an automated way to check that the things found were what I expected.

Share this post


Link to post
Share on other sites

OK, thanks. I'll see if I can reproduce the issue on my Win 10 system.

Share this post


Link to post
Share on other sites

@GT500 - In the instance that stapp had a while ago, it was surmised that the scan process had crashed and the code around it hadn't recognised that.  If my problem's the same, then maybe all that can be done now is for the logic around a scan to have more(?) debug logging applied to it or something in the hope that eventually someone will (even if the crash isn't fixed) at least find a way to recover from that.

Share this post


Link to post
Share on other sites

You mean the service crashed, or the thread that was scanning abnormally terminated in a way that wasn't caught?

BTW: I wasn't able to reproduce the issue on Win 10 x64.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.