ESET File Security Scan taking 100+ Hours

[Dandandan 0]

So I recently installed file security on my Windows Server 2008 R2 and the first scan has now been going for 120 hours and seems to have no end in sight. A smart scan was also started by schedule and it too has now been going on for around 30 hours.

The real time protection is still working but the scans are showing threats on my system but because the scans aren't finished the program isn't doing anything.

How long should a scan usually take?

[Marcos 1,922]

How long does it take to scan with ecls.exe (the command-line scanner) which is part of EFSW? Does the scan complete?

[Dandandan 0]

@Marcos It hasn't even finished the first scan when installation is complete and it is at 120 hours

[Marcos 1,922]

Did you really run the command-line scanner ecls.exe as I asked and not a scan from gui?

[Dandandan 0]

@Marcos I tried running it but it says Scanner initialization failed

[Marcos 1,922]

You must run it from the ESET install folder, otherwise you'll have to specify the path to the ESET install dir via the --base-dir= parameter.

[Dandandan 0]

UPDATE: after a total combined time of 400 hours the "first scan" and the first scheduled scan have finally finished. Did not expect it to take that long.

[Marcos 1,922]

7 hours ago, Dandandan said:

UPDATE: after a total combined time of 400 hours the "first scan" and the first scheduled scan have finally finished. Did not expect it to take that long.

You must have too many files, probably many archives or iso images that were scanned internally. You can try temporarily disabling scanning of archives to confirm my assumption. Anyways, the second scan should be much faster when it comes to stand-alone PE files as whitelisted files will be omitted from scanning.

[Dandandan 0]

@MarcosHow do I set the scans so archives are left out? After an extensive review of the scan log it certainly appeared that archives seemed to be the big issue. I am working on a very large server that is running a large law firm so I expected some time to complete the scan.

Also in the scans it said it detected several threats and yet nothing was done about them. What should I do for that?

[Marcos 1,922]

For a list of parameters and switches, run "ecls.exe --help". To disable scanning of archives, use "/no-arch /no-sfx". To enable standard cleaning, use "/clean-mode=standard".