Nathan Bylsma

EEK Command line Whitelist Issue

Recommended Posts

Hi everyone. So I downloaded Emsisoft Emergency Kit and then I saw you can use it from the command prompt.
Immediately I went and downloaded the eicar.com test file to use.
Everything went great until I tried to whitelist is.

My whitelist.txt contains the following: (I attached the txt file as well)

E:\*\eicar.com
e:\*\eicar
E:\avtestfile\eicar.com
e:\avtestfile\eicar.com
E:\avtestfile\eicar
e:\avtestfile\eicar

 

As it can be clearly seen I created a separate partition to do the testing.

Am I doing something wrong ?

Is there a specific format to use ?

I would very much appreciate it if someone could give a little guidance.
Thank you!
 

whitelist.txt.txt

Share this post


Link to post
Share on other sites

It seems to work OK in my testing. It's possible that whitelist processing is erroring out for you since you have invalid paths in the whitelist.

I created a folder named "test" on a USB flash drive (assigned drive letter E:\), I saved the EICAR test file in this folder, and then added the following exclusion to whitelist.txt:

E:\test\eicar.com

I then executed the scan from an elevated Command Prompt using the following command:

C:\EEK\bin64\a2cmd.exe /f=E:\ /rk /m /t /pup /a /n /wl=C:\Users\GT500\Desktop\whitelist.txt

 

Share this post


Link to post
Share on other sites

Still doesn't work. 

 

My whitelist contains the following:

E:\avtestfile\eicar.com

 

 

My commands are run as followed:    

cd C:\EEK\bin64

a2cmd /f=E:\avtestfile /log=E:\log.txt /wl=E:\whitelist.txt

 

Results are the same. I'll attach the log file as well as my whitelist if that might help. Perhaps you know of a workaround for this to work ?

scanlog.log whitelist.txt.txt

Share this post


Link to post
Share on other sites

Does it work if you leave a blank line at the end of the whitelist.txt file?

Share this post


Link to post
Share on other sites

Nope, a number of times I tried leaving either a blank space or a blank line in the whitelist.txt but still no luck at whitelisting it.

I also left a few spaces in the command after the whitelist argument yet it still finds 1 virus (eicar.com).

 

You think uninstalling and reinstalling might do the trick ?

Share this post


Link to post
Share on other sites
20 hours ago, Nathan Bylsma said:

You think uninstalling and reinstalling might do the trick ?

I wouldn't expect a reinstall to have any effect.

I noticed that your whitelist.txt has a UTF-8 character encoding, however I tested in a virtual machine and only had Notepad so my whitelist.txt had an ANSI character encoding. Try converting/saving your whitelist.txt file into ANSI, and let me know if that helps.

Share this post


Link to post
Share on other sites
2 hours ago, GT500 said:

I wouldn't expect a reinstall to have any effect.

I noticed that your whitelist.txt has a UTF-8 character encoding, however I tested in a virtual machine and only had Notepad so my whitelist.txt had an ANSI character encoding. Try converting/saving your whitelist.txt file into ANSI, and let me know if that helps.

I figured it out, all thanks to you. When I was about to save it with ANSI character encoding, as I typed it showed the autocomplete name which was "whitelist.txt.txt". You see when I saved it the first time I typed in the entire name + file extension and set it to save as a txt file and it saved it as whitelist.txt.txt. I got it to work, but I can't help to feel a bit stupid now. Thank you very much for your effort, hope you have a great weekend.

Share this post


Link to post
Share on other sites

Yes, Windows does hide file extensions by default, so unless you disable that in folder options then you wouldn't have even known. I'm glad you were able to figure it out. ;)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.