Jump to content

ecls.exe is slow

Recommended Posts


I'm using Eset NOD32 Business Edition 4.2 and wondering why an analysis with ecls.exe take several seconds whereas real time protection (or eshell) works immediately.

I've made several tests :

  • eicar.txt

  • test.eml with an eicar.txt attached

  • test.zip with an eicar.txt inside

  • test.zip with an test.eml inside


Every time I launch an analysis with ecls.exe, it takes several seconds.

I've even tried to disable all advanced mecanisms :

ecls.exe /no-ads /no-boots /no-mailbox /no-heur /no-adv-heur eicar.eml


But same result: analysis still take more than 3s :-(

[ According to ProcessMonitor, time is spent in antivirus (ekrn.exe). ]



I've also tried with Eset file security and I got the same results with ecls.exe

However, I notice analysis of .eml or .zip was immediate with eShell ; like real time protection (file.open)

And eicar is correctly detected as a threat.

However, there is no output detailing if a threat was detected and was is the virus name.

I'm not sure how to get that information after analysis.


Could you help me understand :

- Why ecls.exe analysis is so slow ? Even without heuristics.

- How can I query eShell to get analysis result

- Is there any other mean (API…) to drive the analysis of file with ESET antivirus and to get details about the detected threat?


Thank you

Link to comment
Share on other sites

  • Administrators

V4.2 is way too old. The latest version is Endpoint v6.4 for business users.

I assume that scans with ecls are actually fast, however, loading modules takes several seconds. It is normal as all modules need to be loaded and only the engine itself is ~50 MB in size.

Please elaborate more what you would like to achieve and why you mind the little delay when ecmd is started.

Link to comment
Share on other sites

I've tried with the lastest Eset file security and I have the same issue (with ecls.exe command line). So product version is not really the issue here.

I need speed because the user is waiting a server response from the web interface when the file is uploaded.

Uploaded files are stored on an UNC path and can include extensions like .zip. Therefore RealTimeProtection isn’t enough.

Link to comment
Share on other sites

  • Administrators

We don't have a scanner for quickly scanning uploaded files nor incoming emails on a server. Such use of the scanner would be also against EULA.

Link to comment
Share on other sites

I'm sorry to hear Eset is unable to do a quick file analysis, even for a professionnal solution.

Do you confirm I have no other option with any Eset product ?

Thank you for your help.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...