Sign in to follow this  
Tiamatti

Task scheduler and *.bat help

Recommended Posts

I'm trying to schedule EMSISOFT to run automatically through a2cmd.exe.

I created two *.bat files

1) Update order bat:

"[path]\Emisoft Emergency Kit\bin64\a2cmd.exe" /u

--> working fine

2) Quick scan including malware and pup scan; log in the "log folder", and quaratine if necessary for the quaratine folder

"[path]\Emisoft Emergency Kit\bin64\a2cmd.exe" /quick /malware /pup /l=log /q=quarantine

But i'm not sure it it is correct. Can you help me, or suggest any modifications?

...

I'm using this 2 bat files to schedule the scan with windows task scheduler, by adding those 2 bat files in sequence. So i imagine a2cmd.exe will always

--> open --> update --> close --> open --> run scan (quick, malware, pup)--> log --> quaratine if necessary

Share this post


Link to post
Share on other sites
12 hours ago, Tiamatti said:

But i'm not sure it it is correct. Can you help me, or suggest any modifications?

If you only want to run a Quick Scan (only scans files in memory) then remove /malware from the command. If you want files in your user profile folder and startup items scanned as well, then leave /malware and remove /quick (I'm fairly certain both won't work at the same time, especially since /malware implies /quick). /l= and /q= need to be followed by paths to the locations you want the files to be saved. I would believe that if you use just /q by itself (without the equals) then it will default to the quarantine folder the Emergency Kit Scanner uses, however I have not confirmed that. /pup is used correctly.

Share this post


Link to post
Share on other sites
12 hours ago, GT500 said:

If you only want to run a Quick Scan (only scans files in memory) then remove /malware from the command. If you want files in your user profile folder and startup items scanned as well, then leave /malware and remove /quick (I'm fairly certain both won't work at the same time, especially since /malware implies /quick). /l= and /q= need to be followed by paths to the locations you want the files to be saved. I would believe that if you use just /q by itself (without the equals) then it will default to the quarantine folder the Emergency Kit Scanner uses, however I have not confirmed that. /pup is used correctly.

Hello @GT500. First of all, ty for your help. 

Edit: i fixed the command

Quote

"C:\Users\USER\Documentos\Emsisoft Emergency Kit\bin64\a2cmd.exe" /malware /pup /a /am /n /dda /log="C:\Users\USER\Documents\Emsisoft Emergency Kit\Logs\Scheduled_log" /quarantine="C:\Users\USER\Documents\Emsisoft Emergency Kit\Quarantine"

This way it will create a log file named Scheduled_log in the Logs folder. And it will quarantine in the quarantine folder. 

I added the /a /am /n and /dda comands. So it would scan compressed files, mail archives,  NTFS Alternate Data Streams direct disk access. But i'm not sure about the /n and /dda purposes. What would be the benefits of add "Scan in NTFS Alternate Data Streams" and "Use direct disk access" comands?

And how 

Quote

 /cloud=[]                   If it is "1" then scanner will use cloud requests (defaul value is "1")

works? 

Share this post


Link to post
Share on other sites
14 hours ago, Tiamatti said:

But i'm not sure about the /n and /dda purposes. What would be the benefits of add "Scan in NTFS Alternate Data Streams" and "Use direct disk access" comands?

ADS (Alternate Data Streams) is a feature of the NTFS filesystem. Some malware has been known to store data there, however it's fairly rare to abuse it these days, and Microsoft has hinted at support for it being removed in the future. You can scan it if you want, however it's not something that's important to scan on a regular basis.

DDS (Direct Disk Access) is a traditional way of detecting rootkits, however rootkits are not very common these days, and EEK won't usually remove them (detection of rootkits is meant as a warning and other tools are needed to remove them) due to the danger inherent in doing so.

Share this post


Link to post
Share on other sites
14 hours ago, Tiamatti said:
Quote

 /cloud=[]                   If it is "1" then scanner will use cloud requests (defaul value is "1")

works? 

I would believe that disables connecting to our Anti-Malware Network to supplement the scanner's detection and false positive prevention. It's on by default, so only use this option if you don't want the AMN to supplement the scanner.

Share this post


Link to post
Share on other sites

Tyvm @GT500.

 

I'll dedicate a little of my time to create a guide later, but maybe you should update a2cmd.exe to become more self explanatory later. It would be certainly helpful. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.