Jump to content

Scanning in Safe-Mode doesn't seem to work with NOD32 v9


Recommended Posts

I'm planning to reformat my computer in the near future, so I decided to upgrade from the latest version of NOD32 Antivirus 8 to NOD Antivirus v9 (9.0.318.20) so I could test it out before reformatting my computer.

And to make sure the new license-key system would actually work, and it worked like a charm and activated just fine.

But I'm glad that I decided to test out v9 before reformatting as there seem to be an issue?


What I'm noticing now is that I can't seem to scan my system while running Windows in safe-mode anymore.

I actually tested out this feature before uninstalling v8.

Scanning in safe-mode worked perfectly in v8 like it always did.


Now with v9 nothing happens when I try to scan while in safe-mode when I click on Eset NOD32 Antivirus in the Start menu, even when trying to run as Administrator.

Sometimes it seemed like the mouse cursor would quickly change to show it's in the process of loading, but nothing happens.


I've also noticed that opening programs and sometimes even the task manager can take a while, things seem a bit slower.

Whether that is due to NOD32 v9 or the latest bunch of Windows Updates I can't say.


Some additional details:


I'm running Windows 7 Home Premium 64-bit with the latest Windows Updates installed.


I downloaded the Live Installer from Eset's website, but I didn't install it on-top of v8.

Instead I removed NOD32 v8 completely, rebooted and made sure everything was in order, then rebooted again so I could do a clean install of v9.


NOD32 v9 shows no signs of infection for my system.

Neither does Malwarebytes Anti-Malware (free version used for on-demand scans only)

and Windows Defender also claims that I'm clean.

Link to comment
Share on other sites

ESET has never run in safe mode. To run a scan in safe mode, use the command-line scanner ecls.exe.


The method I described before always allowed me to scan while in safe mode.

Where do I have to look to find the command-line scanner ecls.exe exactly?


Thanks in advance.

Edited by autobotranger
Link to comment
Share on other sites

Think I have found the ecsl.exe file (screenshot attached) in the Eset NOD32 Antivirus folder in programs.

That would be the correct location for the command line scanner?


When I boot into safe-mode and click on it and try to run it the command window does pop up, but for less than a second, then it just disappears and nothing happens.

Same result is I attempt to run the ecsl.exe file as Administrator.

No sign of a running process when looking at the Windows task manager either.


Edited by autobotranger
Link to comment
Share on other sites

  • ESET Insiders

Open Command Prompt and enter:

"The full\Path to ecls\ecls.exe" --help

e.g "C:\Program Files\ESET\ESET Smart Security\ecls.exe" --help


That will give you the list of switches to use, which I've copied below.

ESET Security on-demand scanner
Usage: ecls [OPTIONS..] FILES..

       /base-dir=FOLDER         load modules from FOLDER
       /quar-dir=FOLDER         quarantine FOLDER
       /exclude=MASK            exclude files matching MASK from scanning
       /subdir                  scan subfolders (default)
       /no-subdir               do not scan subfolders
       /max-subdir-level=LEVEL  maximum sub-level of folders within folders to
       /symlink                 follow symbolic links (default)
       /no-symlink              skip symbolic links
       /ads                     scan ADS (default)
       /no-ads                  do not scan ADS
       /log-file=FILE           log output to FILE
       /log-rewrite             overwrite output file (default - append)
       /log-console             log output to console (default)
       /no-log-console          do not log output to console
       /log-all                 also log clean files
       /no-log-all              do not log clean files (default)
       /aind                    show activity indicator
       /auto                    scan and automatically clean all local disks
Scanner options:
       /files                   scan files (default)
       /no-files                do not scan files
       /memory                  scan memory.
       /boots                   scan boot sectors
       /no-boots                do not scan boot sectors (default)
       /arch                    scan archives (default)
       /no-arch                 do not scan archives
       /max-obj-size=SIZE       only scan files smaller than SIZE megabytes
                                  (default 0 = unlimited)
       /max-arch-level=LEVEL    maximum sub-level of archives within archives
                                  (nested archives) to scan
       /scan-timeout=LIMIT      scan archives for LIMIT seconds at maximum
       /max-arch-size=SIZE      only scan the files in an archive if they are
                                  smaller than SIZE (default 0 = unlimited)
       /max-sfx-size=SIZE       only scan the files in a self-extracting
                                  archive if they are smaller than SIZE
                                  megabytes (default 0 = unlimited)
       /mail                    scan email files (default)
       /no-mail                 do not scan email files
       /mailbox                 scan mailboxes
       /no-mailbox              do not scan mailboxes (default)
       /sfx                     scan self-extracting archives (default)
       /no-sfx                  do not scan self-extracting archives
       /rtp                     scan runtime packers (default)
       /no-rtp                  do not scan runtime packers
       /unsafe                  scan for potentially unsafe applications
       /no-unsafe               do not scan for potentially unsafe
                                  applications (default)
       /unwanted                scan for potentially unwanted applications
       /no-unwanted             do not scan for potentially unwanted
                                  applications (default)
       /suspicious              scan for suspicious applications (default)
       /no-suspicious           do not scan for suspicious applications
       /heur                    enable heuristics (default)
       /no-heur                 disable heuristics
       /adv-heur                enable Advanced heuristics (default)
       /no-adv-heur             disable Advanced heuristics
       /ext=EXTENSIONS          scan only EXTENSIONS delimited by colon
       /ext-exclude=EXTENSIONS  exclude EXTENSIONS delimited by colon from
       /clean-mode=MODE         use cleaning MODE for infected objects.
                                  Available options: none, standard (default),
                                  strict, rigorous, delete
       /quarantine              copy infected files (if cleaned) to Quarantine
                                  (supplements ACTION)
       /no-quarantine           do not copy infected files to Quarantine
General options:
       /help                    show help and quit
       /version                 show version information and quit
       /preserve-time           preserve last access timestamp

Exit codes:
  0    no threat found
  1    threat found and cleaned
  10   some files could not be scanned (may be threats)
  50   threat found
  100  error
Link to comment
Share on other sites

Thank you Stackz. I was able to start a scan in safe-mode with success using the commands (also looked them up on Esets website).

Unfortunately there seems to be another issue now, and I'm afraid that I might have caused this one. And everything was starting to go well :(


I accidently marked everything in the command window, the Eset Command Line scanner process and scan results etc, and by a slip of the finger I think it was pasted it into the command window.

That caused the window to continuously scroll down until I closed it.


Now when I attempt to run the line "C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" --help a warning windows pops up with the following text:

"C:\Program Files\ESET\ESET NOD 32 Antivirus\ecls.exe er ikke et gyldigt Win32-program (last part translated into english: Isn't a valid Win32-program).


The text that appears in the command window is:

"C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" --help

Adgang nægtet. (last part translated into english: Access denied)


I've tried to reboot and enter safe-mode again to repeat the scan, but I keep getting the Access Denied message in the command window now.


Edit* Looking at the ecls.exe file now I can see that it has actually been reduced to 0 bytes in size..

Trying to click on the file gives me the same error message "not a valid Win32-program" as in safe-mode.

Seems like I have managed to break/corrupt it with my "little slip-up" in the console window.

Screenshot attached.


At this point it would probably be for the best to fully remove and reinstall NOD32 v9.


Edited by autobotranger
Link to comment
Share on other sites

  • Administrators

Try creating a batch file that will call ecls.exe with the desired parameters, e.g.

"C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" c:

Link to comment
Share on other sites

Try creating a batch file that will call ecls.exe with the desired parameters, e.g.

"C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" c:


Sorry about the late reply. I already removed and reinstalled NOD32 Antivirus v9 this afternoon.

Doing so completely sorted my little screw-up with ecls.exe and now it scans without problems in safe-mode.

I'll make sure to be very mindful in the future when using the command line scanner so I don't repeat the same mistake!


Unfortunately, uninstalling v9 of NOD32 confirmed my suspicion that the new version seems to slow down my system.

When I had removed the program everything ran smooth and fast again, but as soon as I reinstalled v9 my system became noticeably slower again.


Never had such performance issues with NOD32 until now and v8 ran super smooth.

I would like to downgrade to the latest version of NOD32 Antivirus v8 again, just to make absolutely sure that v9.0.318.20 is the culprit for the less than stellar performance.

Once I find out I'll most likely create a new thread and hopefully we can figure out why v9 "might" be causing performance issues on my end.


Would this be the correct site/link to download the latest build of v8 from or will I need to download it from another page on Esets site?



Also in terms of the new license key system. I already converted my old Username and Password into a license key due to trying v9.

How does activating my license on the old v8 work? Will I have to use the new license key or the old username/password system?


Many thanks in advance :)

Link to comment
Share on other sites

  • Administrators

There's a known issue in v9 which may affect performance under certain circumstances (usually when closing files). This will be addressed in the next service build of v9 soon. V9 should be generally faster than v8 when it comes to scanning newly created files (e.g. when copying a lot of exe/dll/sys files).

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...