how to switch "Direct disk access" on in CLS?

Recommended Posts

Product: Command Line Scanner version, obtained by online update of EEK version

Operating System: Windows 7 Home Premium, 64 bit, SP1

Other Security: AVG Anti-Virus Free Edition 2013, Windows Firewall, KeyScrambler plugin for Firefox version

I see "Direct disk access" listed with 5 other scan settings when running the Command Line Scanner.

It seems to be missing from the online documentation and the help screen, even though it is praised in a recent knowledge base article.

What is the switch to turn it on?



Share this post

Link to post
Share on other sites

Dear Jim,

to turn on the Direct disk access please use the flag /dda in the scan command.

To get all possible flags and the commandline scanner help use the command

a2cmd /help

and you will get all needed informations....

Emsisoft Commandline Scanner v.

© 2003-2012 Emsisoft - www.emsisoft.com

a2cmd.exe [path] | [parameters]

Scan parameters (can be used together):

/f=[], /files=[path] Scan files. Full path to file or folder required

/quick Scans all active programs, Spyware Traces and


/smart Good and fast result, but only important folders will

be scanned

/deep Slowest scan. All files on all hard disks will be

scanned deeply

/rk, /rootkits Scan for active Rootkits

/m, /memory Scan Memory for active Malware

/t, /traces Scan for Spyware Traces

/c, /cookies Scan for Tracking Cookies

/fh=[handle] /pid=[PID] Scan file by handle. Process ID of the

handle is required

/b=[pointer] /bs= /pid=[PID] Scan buffer. Buffer size and process ID

are required

Scan settings parameters (used with scan parameters):

/r, /riskware Alert Riskware that is often used by Malware

/a, /archive Scan in compressed archives (zip, rar, cab)

/n, /ntfs Scan in NTFS Alternate Data Streams

/ac, /advancedcaching Use advanced caching

/dda, /directdiskaccess Use direct disk access

/l=[], /log=[filepath] Save a logfile in UNICODE format

/la=[], /logansi=[filepath] Save a logfile in ANSI format

/x=[], /ext=

  • Scan only specified file extensions, comma


/xe=[], /extexclude=

  • Scan all except the specified file extensions

/wl=[], /whitelist=[file] Load whitelist items from the file

/d, /delete Delete found objects including references

/dq, /deletequick Delete found objects quickly

/q=[], /quarantine=[folder] Put found Malware into Quarantine

Malware handling parameters (standalone parameters):

/ql, /quarantinelist List all quarantined items

/qr=[], /quarantinerestore=[n] Restore the item number n of the quarantine

/qd=[], /quarantinedelete=[n] Delete the item number n of the quarantine

Update settings parameters:

/u, /update Update Malware signatures

/ub, /updatebeta Update Malware signatures (beta)

/proxy=[proxyname:port] Proxy address and port number

/proxyuser=[username] Proxy user name

/proxypassword=[password] Proxy user password

General parameters:

/?, /help Show help message

If you have any more questions or problems, just let me know.

Share this post

Link to post
Share on other sites

Dear Christian,

Thank-you for keeping me informed. I read the new documentation but I am still puzzled by the /f parameter.

Here is the pertinent documentation:

/f=[path], /files=[path]

Scans a disk, a folder or a single file for malware infections. Folder paths with spaces have to be put in quotation marks. Only one path can be specified.

Example: a2cmd /f="c:\windows\"

Please review this thread, where I have posted evidence that seems to prove that multiple paths can be specified and scanned using the /f parameter.

What is the explanation for the results shown in the quoted logfile? (reproduced below, my comments in red)

I find it hard to believe that only one path can be specified with the /f parameter. Previous versions ( allowed multiple paths. Allowing only one path reduces the power and versatility of the Command Line Scanner.

Thanks for your help,


Emsisoft Commandline Scanner - Version 3.0

Last update: 11/11/2012 06:10:13

Scan settings:

Scan type: Custom Scan

Objects: F:\eicar (1).com, F:\eicar (2).com, F:\eicar (3).com Each of the 3 files specified using /f are considered an object

Detect Riskware: Off

Scan archives: Off

ADS Scan: Off

File extensions: Off

Advanced caching: Off

Direct disk access: Off

Scan start: 11/11/2012 15:32:36

F:\eicar (1).com detected: EICAR-Test-File (not a virus) (B) Here are the scan results, listing 3 infected files

F:\eicar (2).com detected: EICAR-Test-File (not a virus) (B)

F:\eicar (3).com detected: EICAR-Test-File (not a virus) (B)

Scanned 1 Here is the total number of files scanned. How can this be less than the number of infected files that were found?

Found 3

Scan end: 11/11/2012 15:32:40

Scan time: 0:00:03

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.