autobotranger 1 Posted November 13, 2015 Share Posted November 13, 2015 I'm planning to reformat my computer in the near future, so I decided to upgrade from the latest version of NOD32 Antivirus 8 to NOD Antivirus v9 (9.0.318.20) so I could test it out before reformatting my computer. And to make sure the new license-key system would actually work, and it worked like a charm and activated just fine. But I'm glad that I decided to test out v9 before reformatting as there seem to be an issue? What I'm noticing now is that I can't seem to scan my system while running Windows in safe-mode anymore. I actually tested out this feature before uninstalling v8. Scanning in safe-mode worked perfectly in v8 like it always did. Now with v9 nothing happens when I try to scan while in safe-mode when I click on Eset NOD32 Antivirus in the Start menu, even when trying to run as Administrator. Sometimes it seemed like the mouse cursor would quickly change to show it's in the process of loading, but nothing happens. I've also noticed that opening programs and sometimes even the task manager can take a while, things seem a bit slower. Whether that is due to NOD32 v9 or the latest bunch of Windows Updates I can't say. Some additional details: I'm running Windows 7 Home Premium 64-bit with the latest Windows Updates installed. I downloaded the Live Installer from Eset's website, but I didn't install it on-top of v8. Instead I removed NOD32 v8 completely, rebooted and made sure everything was in order, then rebooted again so I could do a clean install of v9. NOD32 v9 shows no signs of infection for my system. Neither does Malwarebytes Anti-Malware (free version used for on-demand scans only) and Windows Defender also claims that I'm clean. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 13, 2015 Administrators Share Posted November 13, 2015 ESET has never run in safe mode. To run a scan in safe mode, use the command-line scanner ecls.exe. Link to comment Share on other sites More sharing options...
autobotranger 1 Posted November 13, 2015 Author Share Posted November 13, 2015 (edited) ESET has never run in safe mode. To run a scan in safe mode, use the command-line scanner ecls.exe. The method I described before always allowed me to scan while in safe mode. Where do I have to look to find the command-line scanner ecls.exe exactly? Thanks in advance. Edited November 13, 2015 by autobotranger Link to comment Share on other sites More sharing options...
autobotranger 1 Posted November 13, 2015 Author Share Posted November 13, 2015 (edited) Think I have found the ecsl.exe file (screenshot attached) in the Eset NOD32 Antivirus folder in programs. That would be the correct location for the command line scanner? When I boot into safe-mode and click on it and try to run it the command window does pop up, but for less than a second, then it just disappears and nothing happens. Same result is I attempt to run the ecsl.exe file as Administrator. No sign of a running process when looking at the Windows task manager either. Edited November 13, 2015 by autobotranger Link to comment Share on other sites More sharing options...
ESET Insiders stackz 112 Posted November 14, 2015 ESET Insiders Share Posted November 14, 2015 Open Command Prompt and enter: "The full\Path to ecls\ecls.exe" --help e.g "C:\Program Files\ESET\ESET Smart Security\ecls.exe" --help That will give you the list of switches to use, which I've copied below. ESET Security on-demand scanner Usage: ecls [OPTIONS..] FILES.. Options: /base-dir=FOLDER load modules from FOLDER /quar-dir=FOLDER quarantine FOLDER /exclude=MASK exclude files matching MASK from scanning /subdir scan subfolders (default) /no-subdir do not scan subfolders /max-subdir-level=LEVEL maximum sub-level of folders within folders to scan /symlink follow symbolic links (default) /no-symlink skip symbolic links /ads scan ADS (default) /no-ads do not scan ADS /log-file=FILE log output to FILE /log-rewrite overwrite output file (default - append) /log-console log output to console (default) /no-log-console do not log output to console /log-all also log clean files /no-log-all do not log clean files (default) /aind show activity indicator /auto scan and automatically clean all local disks Scanner options: /files scan files (default) /no-files do not scan files /memory scan memory. /boots scan boot sectors /no-boots do not scan boot sectors (default) /arch scan archives (default) /no-arch do not scan archives /max-obj-size=SIZE only scan files smaller than SIZE megabytes (default 0 = unlimited) /max-arch-level=LEVEL maximum sub-level of archives within archives (nested archives) to scan /scan-timeout=LIMIT scan archives for LIMIT seconds at maximum /max-arch-size=SIZE only scan the files in an archive if they are smaller than SIZE (default 0 = unlimited) /max-sfx-size=SIZE only scan the files in a self-extracting archive if they are smaller than SIZE megabytes (default 0 = unlimited) /mail scan email files (default) /no-mail do not scan email files /mailbox scan mailboxes /no-mailbox do not scan mailboxes (default) /sfx scan self-extracting archives (default) /no-sfx do not scan self-extracting archives /rtp scan runtime packers (default) /no-rtp do not scan runtime packers /unsafe scan for potentially unsafe applications /no-unsafe do not scan for potentially unsafe applications (default) /unwanted scan for potentially unwanted applications /no-unwanted do not scan for potentially unwanted applications (default) /suspicious scan for suspicious applications (default) /no-suspicious do not scan for suspicious applications /heur enable heuristics (default) /no-heur disable heuristics /adv-heur enable Advanced heuristics (default) /no-adv-heur disable Advanced heuristics /ext=EXTENSIONS scan only EXTENSIONS delimited by colon /ext-exclude=EXTENSIONS exclude EXTENSIONS delimited by colon from scanning /clean-mode=MODE use cleaning MODE for infected objects. Available options: none, standard (default), strict, rigorous, delete /quarantine copy infected files (if cleaned) to Quarantine (supplements ACTION) /no-quarantine do not copy infected files to Quarantine General options: /help show help and quit /version show version information and quit /preserve-time preserve last access timestamp Exit codes: 0 no threat found 1 threat found and cleaned 10 some files could not be scanned (may be threats) 50 threat found 100 error Link to comment Share on other sites More sharing options...
autobotranger 1 Posted November 14, 2015 Author Share Posted November 14, 2015 (edited) Thank you Stackz. I was able to start a scan in safe-mode with success using the commands (also looked them up on Esets website). Unfortunately there seems to be another issue now, and I'm afraid that I might have caused this one. And everything was starting to go well I accidently marked everything in the command window, the Eset Command Line scanner process and scan results etc, and by a slip of the finger I think it was pasted it into the command window. That caused the window to continuously scroll down until I closed it. Now when I attempt to run the line "C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" --help a warning windows pops up with the following text: "C:\Program Files\ESET\ESET NOD 32 Antivirus\ecls.exe er ikke et gyldigt Win32-program (last part translated into english: Isn't a valid Win32-program). The text that appears in the command window is: "C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" --help Adgang nægtet. (last part translated into english: Access denied) I've tried to reboot and enter safe-mode again to repeat the scan, but I keep getting the Access Denied message in the command window now. Edit* Looking at the ecls.exe file now I can see that it has actually been reduced to 0 bytes in size.. Trying to click on the file gives me the same error message "not a valid Win32-program" as in safe-mode. Seems like I have managed to break/corrupt it with my "little slip-up" in the console window. Screenshot attached. At this point it would probably be for the best to fully remove and reinstall NOD32 v9. Edited November 14, 2015 by autobotranger Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 15, 2015 Administrators Share Posted November 15, 2015 Try creating a batch file that will call ecls.exe with the desired parameters, e.g. "C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" c: Link to comment Share on other sites More sharing options...
autobotranger 1 Posted November 15, 2015 Author Share Posted November 15, 2015 Try creating a batch file that will call ecls.exe with the desired parameters, e.g. "C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" c: Sorry about the late reply. I already removed and reinstalled NOD32 Antivirus v9 this afternoon. Doing so completely sorted my little screw-up with ecls.exe and now it scans without problems in safe-mode. I'll make sure to be very mindful in the future when using the command line scanner so I don't repeat the same mistake! Unfortunately, uninstalling v9 of NOD32 confirmed my suspicion that the new version seems to slow down my system. When I had removed the program everything ran smooth and fast again, but as soon as I reinstalled v9 my system became noticeably slower again. Never had such performance issues with NOD32 until now and v8 ran super smooth. I would like to downgrade to the latest version of NOD32 Antivirus v8 again, just to make absolutely sure that v9.0.318.20 is the culprit for the less than stellar performance. Once I find out I'll most likely create a new thread and hopefully we can figure out why v9 "might" be causing performance issues on my end. Would this be the correct site/link to download the latest build of v8 from or will I need to download it from another page on Esets site? hxxp://support.eset.com/kb2885/ Also in terms of the new license key system. I already converted my old Username and Password into a license key due to trying v9. How does activating my license on the old v8 work? Will I have to use the new license key or the old username/password system? Many thanks in advance Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 16, 2015 Administrators Share Posted November 16, 2015 There's a known issue in v9 which may affect performance under certain circumstances (usually when closing files). This will be addressed in the next service build of v9 soon. V9 should be generally faster than v8 when it comes to scanning newly created files (e.g. when copying a lot of exe/dll/sys files). Link to comment Share on other sites More sharing options...
Recommended Posts