SNVC 0 Posted July 10, 2014 Share Posted July 10, 2014 I created a little bat file. Then converted it to an exe. I scheduled eset to run the exe and I get nothing. It gives me a last run date and time but nothing happens. I double click the exe and it runs fine. Any ideas Link to comment Share on other sites More sharing options...
Arakasi 549 Posted July 11, 2014 Share Posted July 11, 2014 This may answer the question to why sometimes a scheduled scan does not run. I have seen multiple inquires regarding why the scheduled on-demand scan didn't run. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,694 Posted July 11, 2014 Administrators Share Posted July 11, 2014 Scheduled tasks run applications in the system account, couldn't this be what causes the issue? If you schedule a task to run the calculator (calc.exe) for instance, does that work? Link to comment Share on other sites More sharing options...
rugk 397 Posted July 11, 2014 Share Posted July 11, 2014 It would also good if you could upload the bat and/or exe-file, so we can test it. If it contains sensitive data then delete it before or make a test-batch file without this data. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted July 11, 2014 Share Posted July 11, 2014 It would also good if you could upload the bat and/or exe-file, so we can test it. If it contains sensitive data then delete it before or make a test-batch file without this data. Well we could make our own batch file to test this theory, wouldn't need his. Link to comment Share on other sites More sharing options...
rugk 397 Posted July 11, 2014 Share Posted July 11, 2014 It would also good if you could upload the bat and/or exe-file, so we can test it. If it contains sensitive data then delete it before or make a test-batch file without this data. Well we could make our own batch file to test this theory, wouldn't need his. Yes, I'm currently testing it. Link to comment Share on other sites More sharing options...
rugk 397 Posted July 11, 2014 Share Posted July 11, 2014 (edited) So this are my test results: 1. Calc.exe started by the schedule Screenshot(s): If I click on "View the message" then it shows the real calculator: Processes: Here you can see that the real calc.exe runs with system privileges. If I click on "Ask me later" then the process which was showing the "error message" exits: So I have to terminate the calc.exe and the UI0Detect.exe to exit all processes, but that's natural, because I don't close calc.exe. If I close calc.exe then it shows: and it closes calc.exe. Only the UI0Detect.exe (under user "system") is still running. 2. Calc.exe started by the schedule manually Screenshot: Processes: Then it is simply running under the current user (but it's elevated): 3. Batch file started by the schedule Screenshot(s): Processes: This was quite the same like with the calc.exe. Exept of the fact that conhost.exe starts every time with the batch but this is normal. A stranger fact is that there is displayed a wrong username (%username% in batch file). More at 4. 3. Batch file started by the schedule manually Screenshot(s): This was also quite similar. And although the "real" username (in it was executed) was the local user (elevated) %username% expands to Win7$. I have to say that the real username would be "Admin" and the computer name was "Win7". I also test it with a batch file putted into an exe, but this changes nothing. Now I only uploaded pictures of the following test, because in all other test are similar to the test before. 4. Batch file that wasn't waiting by the schedule No I tried to run a batch file that did not wait for the user - it only wait a few seconds. And the result was quite the same. I only have to say that every time I saw the "error message" it was minimized and it blinks. Summary No error occurred during my tests, all files started properly. There is one strange fact: The username that is every time wrong. And there are differences between manually and automatic starting with the scheduler. So for you @: Maybe your script runs very quick and so you can't see the normal windows message. I also only tested in with Windows 7. Maybe on other Windows versions there are differences. And again to @all: I uploaded the batch script* which I used and here you can download a Batch To Exe Converter. (there is also an online version available) * virustotal analyse here Edited July 12, 2014 by rugk Link to comment Share on other sites More sharing options...
Administrators Marcos 4,694 Posted July 11, 2014 Administrators Share Posted July 11, 2014 No error occurred during my tests, all files started properly. There is one strange fact: The username that is every time wrong. This is how Windows expands the %username% variable in the local system account. Instead of %username%, run "whoami" and the result will be "nt authority/system". Link to comment Share on other sites More sharing options...
rugk 397 Posted July 12, 2014 Share Posted July 12, 2014 Yes "whoami" returns the right username. Link to comment Share on other sites More sharing options...
Recommended Posts