PsycoStea 0 Posted July 14, 2022 Posted July 14, 2022 I want to write a bat file for the command line scanner. What parameters would be the best for a "quick" scan? What parameters would be the best for a "full" scan? When using /quar-dir=FOLDER is that the directory for the quarantien folder? What is the difference between /heur and /adv-heur?
Administrators Marcos 5,446 Posted July 15, 2022 Administrators Posted July 15, 2022 10 hours ago, PsycoStea said: What parameters would be the best for a "quick" scan? Perhaps I'd recommend using the /no-arch and /no-sfx switch to avoid scanning archives during a quick scan as well as /unwanted and /unsafe to detect potentially unwanted and unsafe applications. I'd also run the scan only on folders that typically contain malware, ie c:\windows, c:\program files, c:\program files (x86), c:\programdata and c:\users. 10 hours ago, PsycoStea said: What parameters would be the best for a "full" scan? Since most of options are enabled by default, you could use just /unwanted and /unsafe switches. 10 hours ago, PsycoStea said: When using /quar-dir=FOLDER is that the directory for the quarantien folder? It's the folder where detected files will be quarantined (stored in a safe form). 10 hours ago, PsycoStea said: What is the difference between /heur and /adv-heur? /heur enabled legacy heuristics. You can disregard it since it made sense 20 and more years ago but not now. On the contrary, advanced heuristics must be enabled in order to detect most of current threats. However, it's enabled by default without the need to use the /adv-heur switch.
PsycoStea 0 Posted July 15, 2022 Author Posted July 15, 2022 (edited) Thanks for the info! 5 hours ago, Marcos said: Perhaps I'd recommend using the /no-arch and /no-sfx switch to avoid scanning archives during a quick scan as well as /unwanted and /unsafe to detect potentially unwanted and unsafe applications. I'd also run the scan only on folders that typically contain malware, ie c:\windows, c:\program files, c:\program files (x86), c:\programdata and c:\users. What parameter sould I use to only scan specific files? 5 hours ago, Marcos said: Since most of options are enabled by default, you could use just /unwanted and /unsafe switches. So I would use .\ecls.exe /unwanted /unsafe for a full scan? How come I can use /unwanted and /unsafe for a quick and full scan? 5 hours ago, Marcos said: It's the folder where detected files will be quarantined (stored in a safe form). If I use this parameter and there is no folder by in that location it will create one first if it doesn't exist? Edited July 15, 2022 by PsycoStea
PsycoStea 0 Posted July 15, 2022 Author Posted July 15, 2022 Is it possible to run a scan with ecls.exe using one line in Powershell? I know how to navigate to the .exe and then execute the .exe but it takes me 2 lines to do it. I tired something like cd C:\'program files'\eset && .\ecls.exe /unwanted /unsafe /quar-dir=c:\users\'test station'\desktop\'ESETQuarantine' but thats doesn't work
Recommended Posts