thibault 0 Posted January 18, 2017 Share Posted January 18, 2017 Hi, I'm using Eset NOD32 Business Edition 4.2 and wondering why an analysis with ecls.exe take several seconds whereas real time protection (or eshell) works immediately. I've made several tests : eicar.txt test.eml with an eicar.txt attached test.zip with an eicar.txt inside test.zip with an test.eml inside Every time I launch an analysis with ecls.exe, it takes several seconds. I've even tried to disable all advanced mecanisms : ecls.exe /no-ads /no-boots /no-mailbox /no-heur /no-adv-heur eicar.eml But same result: analysis still take more than 3s :-( [ According to ProcessMonitor, time is spent in antivirus (ekrn.exe). ] I've also tried with Eset file security and I got the same results with ecls.exe However, I notice analysis of .eml or .zip was immediate with eShell ; like real time protection (file.open) And eicar is correctly detected as a threat. However, there is no output detailing if a threat was detected and was is the virus name. I'm not sure how to get that information after analysis. Could you help me understand : - Why ecls.exe analysis is so slow ? Even without heuristics. - How can I query eShell to get analysis result - Is there any other mean (API…) to drive the analysis of file with ESET antivirus and to get details about the detected threat? Thank you Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted January 18, 2017 Administrators Share Posted January 18, 2017 V4.2 is way too old. The latest version is Endpoint v6.4 for business users. I assume that scans with ecls are actually fast, however, loading modules takes several seconds. It is normal as all modules need to be loaded and only the engine itself is ~50 MB in size. Please elaborate more what you would like to achieve and why you mind the little delay when ecmd is started. Link to comment Share on other sites More sharing options...
thibault 0 Posted January 19, 2017 Author Share Posted January 19, 2017 I've tried with the lastest Eset file security and I have the same issue (with ecls.exe command line). So product version is not really the issue here. I need speed because the user is waiting a server response from the web interface when the file is uploaded. Uploaded files are stored on an UNC path and can include extensions like .zip. Therefore RealTimeProtection isn’t enough. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted January 19, 2017 Administrators Share Posted January 19, 2017 We don't have a scanner for quickly scanning uploaded files nor incoming emails on a server. Such use of the scanner would be also against EULA. Link to comment Share on other sites More sharing options...
thibault 0 Posted January 19, 2017 Author Share Posted January 19, 2017 I'm sorry to hear Eset is unable to do a quick file analysis, even for a professionnal solution. Do you confirm I have no other option with any Eset product ? Thank you for your help. Link to comment Share on other sites More sharing options...
Recommended Posts