EEK Command line Whitelist Issue

[Nathan Bylsma 0]

Hi everyone. So I downloaded Emsisoft Emergency Kit and then I saw you can use it from the command prompt.
Immediately I went and downloaded the eicar.com test file to use.
Everything went great until I tried to whitelist is.

My whitelist.txt contains the following: (I attached the txt file as well)

E:\*\eicar.com
e:\*\eicar
E:\avtestfile\eicar.com
e:\avtestfile\eicar.com
E:\avtestfile\eicar
e:\avtestfile\eicar

 

As it can be clearly seen I created a separate partition to do the testing.

Am I doing something wrong ?

Is there a specific format to use ?

I would very much appreciate it if someone could give a little guidance.
Thank you!
 

whitelist.txt.txt

[GT500 823]

It seems to work OK in my testing. It's possible that whitelist processing is erroring out for you since you have invalid paths in the whitelist.

I created a folder named "test" on a USB flash drive (assigned drive letter E:\), I saved the EICAR test file in this folder, and then added the following exclusion to whitelist.txt:

E:\test\eicar.com

I then executed the scan from an elevated Command Prompt using the following command:

C:\EEK\bin64\a2cmd.exe /f=E:\ /rk /m /t /pup /a /n /wl=C:\Users\GT500\Desktop\whitelist.txt

 

[Nathan Bylsma 0]

Still doesn't work. 

 

My whitelist contains the following:

E:\avtestfile\eicar.com

 

 

My commands are run as followed:    

cd C:\EEK\bin64

a2cmd /f=E:\avtestfile /log=E:\log.txt /wl=E:\whitelist.txt

 

Results are the same. I'll attach the log file as well as my whitelist if that might help. Perhaps you know of a workaround for this to work ?

scanlog.log whitelist.txt.txt

[GT500 823]

Does it work if you leave a blank line at the end of the whitelist.txt file?

[Nathan Bylsma 0]

Nope, a number of times I tried leaving either a blank space or a blank line in the whitelist.txt but still no luck at whitelisting it.

I also left a few spaces in the command after the whitelist argument yet it still finds 1 virus (eicar.com).

 

You think uninstalling and reinstalling might do the trick ?

[GT500 823]

20 hours ago, Nathan Bylsma said:

You think uninstalling and reinstalling might do the trick ?

I wouldn't expect a reinstall to have any effect.

I noticed that your whitelist.txt has a UTF-8 character encoding, however I tested in a virtual machine and only had Notepad so my whitelist.txt had an ANSI character encoding. Try converting/saving your whitelist.txt file into ANSI, and let me know if that helps.

[Nathan Bylsma 0]

2 hours ago, GT500 said:

I wouldn't expect a reinstall to have any effect.

I noticed that your whitelist.txt has a UTF-8 character encoding, however I tested in a virtual machine and only had Notepad so my whitelist.txt had an ANSI character encoding. Try converting/saving your whitelist.txt file into ANSI, and let me know if that helps.

I figured it out, all thanks to you. When I was about to save it with ANSI character encoding, as I typed it showed the autocomplete name which was "whitelist.txt.txt". You see when I saved it the first time I typed in the entire name + file extension and set it to save as a txt file and it saved it as whitelist.txt.txt. I got it to work, but I can't help to feel a bit stupid now. Thank you very much for your effort, hope you have a great weekend.

[GT500 823]

Yes, Windows does hide file extensions by default, so unless you disable that in folder options then you wouldn't have even known. I'm glad you were able to figure it out.