Dandandan 0 Posted August 2, 2017 Posted August 2, 2017 So I recently installed file security on my Windows Server 2008 R2 and the first scan has now been going for 120 hours and seems to have no end in sight. A smart scan was also started by schedule and it too has now been going on for around 30 hours. The real time protection is still working but the scans are showing threats on my system but because the scans aren't finished the program isn't doing anything. How long should a scan usually take?
Administrators Marcos 5,736 Posted August 2, 2017 Administrators Posted August 2, 2017 How long does it take to scan with ecls.exe (the command-line scanner) which is part of EFSW? Does the scan complete?
Dandandan 0 Posted August 2, 2017 Author Posted August 2, 2017 @Marcos It hasn't even finished the first scan when installation is complete and it is at 120 hours
Administrators Marcos 5,736 Posted August 2, 2017 Administrators Posted August 2, 2017 Did you really run the command-line scanner ecls.exe as I asked and not a scan from gui?
Dandandan 0 Posted August 2, 2017 Author Posted August 2, 2017 @Marcos I tried running it but it says Scanner initialization failed
Administrators Marcos 5,736 Posted August 3, 2017 Administrators Posted August 3, 2017 You must run it from the ESET install folder, otherwise you'll have to specify the path to the ESET install dir via the --base-dir= parameter.
Dandandan 0 Posted August 7, 2017 Author Posted August 7, 2017 UPDATE: after a total combined time of 400 hours the "first scan" and the first scheduled scan have finally finished. Did not expect it to take that long.
Administrators Marcos 5,736 Posted August 8, 2017 Administrators Posted August 8, 2017 7 hours ago, Dandandan said: UPDATE: after a total combined time of 400 hours the "first scan" and the first scheduled scan have finally finished. Did not expect it to take that long. You must have too many files, probably many archives or iso images that were scanned internally. You can try temporarily disabling scanning of archives to confirm my assumption. Anyways, the second scan should be much faster when it comes to stand-alone PE files as whitelisted files will be omitted from scanning.
Dandandan 0 Posted August 8, 2017 Author Posted August 8, 2017 @MarcosHow do I set the scans so archives are left out? After an extensive review of the scan log it certainly appeared that archives seemed to be the big issue. I am working on a very large server that is running a large law firm so I expected some time to complete the scan. Also in the scans it said it detected several threats and yet nothing was done about them. What should I do for that?
Administrators Marcos 5,736 Posted September 12, 2017 Administrators Posted September 12, 2017 For a list of parameters and switches, run "ecls.exe --help". To disable scanning of archives, use "/no-arch /no-sfx". To enable standard cleaning, use "/clean-mode=standard".
Recommended Posts