Hi,
I'm using Eset NOD32 Business Edition 4.2 and wondering why an analysis with ecls.exe take several seconds whereas real time protection (or eshell) works immediately.
I've made several tests :
eicar.txt
test.eml with an eicar.txt attached
test.zip with an eicar.txt inside
test.zip with an test.eml inside
Every time I launch an analysis with ecls.exe, it takes several seconds.
I've even tried to disable all advanced mecanisms :
ecls.exe /no-ads /no-boots /no-mailbox /no-heur /no-adv-heur eicar.eml
But same result: analysis still take more than 3s :-(
[ According to ProcessMonitor, time is spent in antivirus (ekrn.exe). ]
I've also tried with Eset file security and I got the same results with ecls.exe
However, I notice analysis of .eml or .zip was immediate with eShell ; like real time protection (file.open)
And eicar is correctly detected as a threat.
However, there is no output detailing if a threat was detected and was is the virus name.
I'm not sure how to get that information after analysis.
Could you help me understand :
- Why ecls.exe analysis is so slow ? Even without heuristics.
- How can I query eShell to get analysis result
- Is there any other mean (API…) to drive the analysis of file with ESET antivirus and to get details about the detected threat?
Thank you