Jcowles

A2mcd scanning from a Network Share Freezes

Recommended Posts

Good morning, 

I am evaluating the command line scanner software for use in my lab.  

My company, before login in or even booting the OS,  we scan the machine for virus.

We are looking for a solution for roughly 1K machines a year

  1. Scan all local hard drives / partitions / volumes from a network share
  2. Creates a report
  3. Run in Windows PE environment that is PXE booted (not booting off USB Keys) - I know we won't catch everything in PE)  
  4. Full command line 

A2mcd seems to fill most of the  requirements

  1. A2cmd seems to freeze at preparing for scan (I have waited 5 plus minutes), when I run the application from a mapped network share, but runs fine with the same command line when I copy the EEK folder directly to the HD
    1. when launched from a network share it fills up 100% of the memory and stays at "preparing for scanning.... "
    2. No network utilization
    3. No cpu utilization 
  2. Is there a way for A2CMD from the command line to scan all local partitions, without developing a script to find out what partitions there are an put them in the files= command or does the /deep option do this? 
  3. If I use the /deep option, do I need to /pup / archive / ntfs, etc  (I don't mind the speed, I just want it to be through) 
  4. As a side note when A2CMD runs it uses nearly 100% of available  memory 

What logs / information do you need to help troubleshoot the scanning from a network share.  

Thanks, 

Jim 

 

 

Share this post


Link to post
Share on other sites

When running software from a network share, please keep in mind that the software will only have access to its own files over the network, and any disruption of network connectivity could cause problems with the software when running this way. I recommend copying to software to the computer you intend to scan before executing it rather than trying to run it over the network.

 

5 hours ago, Jcowles said:

Run in Windows PE environment that is PXE booted (not booting off USB Keys) - I know we won't catch everything in PE)  

This is not recommended. Malware today doesn't generally use rootkits or other methods of hiding from scanners that would prevent the scanner from detecting it while Windows is running normally. In addition to that, system file protection mechanisms built in to anti-virus software aren't going to work properly when scanning a drive with Windows installed while booted from another Operating System, so you could do damage to the drive by using the scanner from a PE disk.

Also, keep in mind that most software is not designed to run on or tested in PE environments. This includes our software. While it might be possible to execute a2cmd.exe from something like a Win10PE SE boot disk, it almost certainly would not work right from a vanilla Windows PE disk built using Microsoft's tools.

 

5 hours ago, Jcowles said:

Is there a way for A2CMD from the command line to scan all local partitions, without developing a script to find out what partitions there are an put them in the files= command or does the /deep option do this? 

The /deep parameter is intended to scan all connected disks.

 

5 hours ago, Jcowles said:

If I use the /deep option, do I need to /pup / archive / ntfs, etc  (I don't mind the speed, I just want it to be through) 

Yes, you will need to add the parameters for whatever additional options you want to use.

 

5 hours ago, Jcowles said:

As a side note when A2CMD runs it uses nearly 100% of available  memory 

A2CMD needs to load its signatures into memory when it executes. Since we use two databases (ours and BitDefender's) it's a lot of data, and it's best not to try to read it from disk while scanning. I would believe the databases generally total somewhere around 500 MB to 600 MB, and the scanning process may use more than that as it loads files into memory to scan them.

 

5 hours ago, Jcowles said:

What logs / information do you need to help troubleshoot the scanning from a network share.

I'll ask our QA if there are any known issues in regards to network shares. Ideally it would be best if we could reproduce any issues ourselves, however if we need logs then I will let you know.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.