Sign in to follow this  
Lynx

CLOSED "EMSI & Services" by RudeRedDog

Recommended Posts

Greetings All

I received the following request by PM, which I rather place into the open forum, since users and the developers would like to add some thoughts.

Hello there Lynx.

I have a query and hope you have a possible solution.

Also, if desired, you can have this placed into an actual entry in the forum if you feel it would be of benefit.

What I have a a need to have a service that runs on my system, shutdown before the EMSI product starts its scanning. Since this scanning takes place at 1am, I usually am not - note the word 'usually' - up and able to handle the shutdown of the service.

I know from browsing the web that Netsh.exe can be used to shut down the service in question, if it is running, so as to allow EMSI to scan unimpeded. This need was requested by the support center person.

To that end, I want to use the MS Task Scheduler to schedule the run of the netsh.exe with the correct command line so as to have the service (sbiesvc.exe which is part of SandBoxIE) stopped just before the scan starts, then have the service restarted upon scan completion.

Granted there may be a simpler way, but I do not know of it. The problem I have is how to put these parts together to achieve what I want. That is how to actually get the scheduler to run the proper batch file or command line to shut down the service then how to get the scheduler to run the correct items in order to restart the service.

I do not know if this is up your alley or not, and if so then could you point me towards someone who might have the expertise to bring this about? I really want to have my EMSI scans run at normal speeds and not take over 9-12 hours to complete, if the complete at all.

Any help would be appreciated.

Sorry for being so long winded, but I need to make sure you have what information you need.

Also - Windows XP SP3, all updates applied, EMSI AMW, OA Free, Process Lasso, Secunia PSI, Hardware wired firewall, other items to be disclosed as requested.

Have a nice day,

RudeRedDog

Hi RudeRedDog,

Yes, you can use

Net start serviceName

Net stop serviceName

respectively in order to invoke and shutdown the service. You can write a batch or script, and schedule that.

The only issue here at the moment, as I can see it is - when you are using the EAM (meaning GUI version) the scan will stop, the report will be saved automatically as it's implemented currently... but the Application will not be stopped since it's waiting for the user's intervention.

There is no "Exit Code" as far as I know and that was placed in the Wish List a quite while ago.

Therefore you don't know when the scan was actually ended if EAM was left unattended, so you can continue your batch or script accordingly

At the same time the "Result Code" that I requested was implemented in Command Line Scanner (CLS) long ago. See the description in a2cmd_readme.txt

I would suggest trying the said Utility. It's a very flexible Tool in this respect and can better fit for unattended scans and creating branched batches or scripts (scanning different discs/performing different actions/...)

Brief note: don't use /q parameter and save the report(s), that can be analyzed later

There are many discussions with the examples and images in our old and new forums regarding CLS.

a side note: there is "Actions after the scan end", but those actions are quite limited at the moment

Basically, what else can go into the Wish List is enhancing this feature, so we can do more than just "Shut down PC", but say exit EAM itself and "run anything" after that.

Many Software have such facilities ... even "run before & after". That can be very helpful

As for decreasing the scan time. If you were running an additional AV (which is not listed) with the real-time resident, disabling the latter (its "onAccess" feature) usually reduces scanning time 2.5-3 times.

You can use Custom Scans where archives are excluded or some other types of files that can be big and cannot be infected (like some media files, etc). Other things depend on System performance as a whole / physical characteristics of the drives/ number of files / whether you running background (resource-hungry) processes, and so on

My regards

Share this post


Link to post
Share on other sites

Have to agree with Lynx - net stop servicename and net start servicename used at the beginning and end of the CLS seems the best way to approach this.

When the service is stopped, does the scan take the same amount of time each time it is run (give or take 10-15 minutes)? If so, and the service is what causes the scan to run slowly, why not schedule a batch script to run 10 mins before and, say, half an hour after you expect the scheduled scan to finish?

10 mins before scan starts:

PreEAM.cmd:

@echo off

net stop servicename

exit

EAM Scan runs and finishes

Half hour after scan usually finishes:

PostEAM.cmd:

@echo off

net start servicename

exit

or something similar.

Share this post


Link to post
Share on other sites

Thanks H_D.

Sure that will better work with CLS rather than with EAM.

In addition to mentioned Net you can use SC (see descriptions by issuing >SC /?)

and How to create a Windows service

==============

I still don't see the way in order to use anything like that (delays) with EAM.

The reasons were explained above

We have to be able to exit EAM, which was left unattended (additional action) and being aware of the result.

Leaving that aside, and if we may abstract away from this issue - there are several tricks that can be used regarding stopping staring the service or process.

Delaying using "approximated time" before & after is not a proper way to do that.

If you are using programming language/advanced scripting and alike that is possible by employing APIs

As for the more simplistic implementations like batches you can do the following

For approximate delays when you want to wait a certain amount of time you can use:

1) Sleep.exe, which can be found in MS Resource Kit;

2) tricky-sneaky method, which would simply ping your PC "for nothing" :) like

PING -n 11 127.0.0.1 > NUL

in this case the batch file will pause for 10 seconds

In order to determine more precisely whether the process is still running

3) quite interesting and rather better trick - a combination of Tasklist & Find commands

command here

:DELAY

tasklist | find /i "procName.exe" > NUL

if not %errorlevel%==1 goto :DELAY

next command here

Cheers!

  • Upvote 1

Share this post


Link to post
Share on other sites

hi !

unless i have missunderstood the problem, wouldn´t the easiest be to create a bat-file with the following structure:

------------------

shutdown service

run a2cmd

restart service

------------------

then create a task in taskscheduler, set the bat-file to run at the time you want.

Share this post


Link to post
Share on other sites

Thanks for the reply, hackerman1

Yes what you wrote will work,... but...

1) don't forget that CLS was suggested as an alternative, since the initial question was about EAM in conjunction with "another service". Basically we don't know about the implementation of that service;

2) Speaking of batches and commands execution. That depends. In many cases the next command will be fired up straight after the previous one and you have to know how the "previous" is implemented, since the next line in the command will be executed after receiving a return code (again) from the previous command. Not all are returning that including known commands (those are executables as well... redundant remark :) )

or

the previous process may return an "error code" straight after its launch, not when it's physically closed. There are many examples of that

So, all that has to be known and tested beginning with stopping the service as required by the OP

As you said, the following example is working fine (indexing has to be enabled)

net stop "Indexing Service"
a2cmd /quick > f:temp\redir.txt
net start "Indexing Service"

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.