Jump to content

ESET Endpoint Security command line scanner options


Recommended Posts

I want to write a bat file for the command line scanner.

 

What parameters would be the best for a "quick" scan?

What parameters would be the best for a "full" scan?

When using /quar-dir=FOLDER is that the directory for the quarantien folder?

What is the difference between /heur and /adv-heur?

Link to comment
Share on other sites

  • Administrators
10 hours ago, PsycoStea said:

What parameters would be the best for a "quick" scan?

Perhaps I'd recommend using the /no-arch and /no-sfx switch to avoid scanning archives during a quick scan as well as /unwanted and /unsafe to detect potentially unwanted and unsafe applications. I'd also run the scan only on folders that typically contain malware, ie c:\windows, c:\program files, c:\program files (x86), c:\programdata and c:\users.

10 hours ago, PsycoStea said:

What parameters would be the best for a "full" scan?

Since most of options are enabled by default, you could use just /unwanted and /unsafe switches.

10 hours ago, PsycoStea said:

When using /quar-dir=FOLDER is that the directory for the quarantien folder?

It's the folder where detected files will be quarantined (stored in a safe form).

10 hours ago, PsycoStea said:

What is the difference between /heur and /adv-heur?

/heur enabled legacy heuristics. You can disregard it since it made sense 20 and more years ago but not now. On the contrary, advanced heuristics must be enabled in order to detect most of current threats. However, it's enabled by default without the need to use the /adv-heur switch.

Link to comment
Share on other sites

Posted (edited)

Thanks for the info!

 

5 hours ago, Marcos said:

Perhaps I'd recommend using the /no-arch and /no-sfx switch to avoid scanning archives during a quick scan as well as /unwanted and /unsafe to detect potentially unwanted and unsafe applications. I'd also run the scan only on folders that typically contain malware, ie c:\windows, c:\program files, c:\program files (x86), c:\programdata and c:\users.

What parameter sould I use to only scan specific files?

 

5 hours ago, Marcos said:

Since most of options are enabled by default, you could use just /unwanted and /unsafe switches.

So I would use .\ecls.exe /unwanted /unsafe for a full scan? How come I can use /unwanted and /unsafe for a quick and full scan?

 

5 hours ago, Marcos said:

It's the folder where detected files will be quarantined (stored in a safe form).

If I use this parameter and there is no folder by in that location it will create one first if it doesn't exist?

 

 

Edited by PsycoStea
Link to comment
Share on other sites

Is it possible to run a scan with ecls.exe using one line in Powershell? I know how to navigate to the .exe and then execute the .exe but it takes me 2 lines to do it.

I tired something like 

cd C:\'program files'\eset && .\ecls.exe /unwanted /unsafe /quar-dir=c:\users\'test station'\desktop\'ESETQuarantine'

but thats doesn't work

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...