fidelius2 3 Posted November 25, 2016 Share Posted November 25, 2016 (edited) Hello, One of my OS is Windows 7 64 bits and I use the latest Winrar x64. I have integrated ECLS.EXE in order to scan an archive. Here is the command line : "C:\Program Files\ESET\ESET NOD32 Antiviru\ecls.exe" /base-dir="C:\Program Files\ESET\ESET NOD32 Antivirus" /log-file=c:\temp\ECLS.TXT /log-rewrite /log-console /aind /no-boots /mail /arch /sfx /rtp /adware /unsafe /unwanted /heur /adv-heur /clean-mode=delete /no-quarantine It seems to extract the archive but it returns this error message : impossible to execute ecls Note this does not happen under Windows XP. Thank you for your help. Edited November 25, 2016 by fidelius2 Link to comment Share on other sites More sharing options...
itman 1,659 Posted November 25, 2016 Share Posted November 25, 2016 My question is why are you using ECLS to scan a WinRAR archive in the first place? The realtime ThreatSense scanner will scan archives w/o issue. If you have any doubts, you can test it here: hxxp://www.amtso.org/feature-settings-check-download-of-compressed-malware/ to ensure you have ThreatSense properly configured. Link to comment Share on other sites More sharing options...
fidelius2 3 Posted December 2, 2016 Author Share Posted December 2, 2016 The link you give is the EICAR test. I want to understand why ecls in winrar works well in Windows XP but cannot be executed in Windows 7. Maybe it is related to administrator account ? Link to comment Share on other sites More sharing options...
itman 1,659 Posted December 5, 2016 Share Posted December 5, 2016 (edited) The link you give is the EICAR test. The AMTSO compressed malware tests do use the EICAR test virus string. This is done since virtually all AV vendors support detection of the EICAR test for operational validation purposes. If an AV solution is able to detect the EICAR string in the download process used by the various AMTSO compressed malware tests, you can be assured that their real-time signature/hueristic detection processing is functioning properly. The default setting in Eset for "on file creation" is to scan the file using all available ThreatSense real-time options. I believe archives are scanned to 10 levels deep. This is the proper way for compressed file downloads to be scanned; at time of file creation. Waiting to scan a download until a command line ECLS scan can be run increases your risk for malware infection. Also, Eset's real-time scanning protects files created by means other than Internet download such as coping of files from an external storage device. Edited December 5, 2016 by itman Link to comment Share on other sites More sharing options...
Recommended Posts