• 0
ebloch

Ad-Aware Command Line Scanner

Question

Win 7 Home Premium SP-1 64 bit, AA 11.1.5152.0, CLS _x64_11.0.4555.0

 

CLS --updatedefs and --custom "D:\\" run succesfully in unattended batch files

 

Problem or bug :(

The notification section of the main Ad-Aware GUI does NOT update after above operations

 

 

 

 

 

 

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

Win 7 Home Premium SP-1 64 bit, AA 11.1.5152.0, CLS _x64_11.0.4555.0

 

CLS --updatedefs and --custom "D:\\" run succesfully in unattended batch files

 

Questions

1. Does a CLS scan in the main Ad-Aware GU:

A. Use the exclusion list for folders and files?

B. Update the Quarantined Files list on completion?

 

2. After a CLS scan Is there a suggested method to:

A. Extract a report of infected files? (text preferred)

B. Quarantine or delete infected files by manual selection?

 

If 1B is "Yes" and then one method is for 2B is to use --quarantine in the CLS scan command and manually "Restore" or "Delete" using the main Ad-Aware GU

 

 

 

 

Share this post


Link to post
Share on other sites
  • 0

Hi ebloch,

 

2A. According to the manual you can specify a file name, including path, for a result file. The manual specifies the default path and file name.

2B. According to the manual you can specify in the command if you want the detected files to be quarantined, deleted or disinfected.

 

I don't know the answers to 1 A and B, but I can ask my contact person when she is back after all holidays.

 

Manual: http://www.lavasoftsupport.com/index.php?/topic/33636-manual-and-faq-please-check-before-asking-questions/

Share this post


Link to post
Share on other sites
  • 0

Thanks for the quick reply.

 

I had searched the manual but never saw the method to specify the results file. I probably used the wrong search words.

 

I would not mind automatic quarantine IF there is a method to manually Restore selected files. That is the reason for 1A & 1B.

 

Perhaps a CLS --scan-result< path > can send the results to a location that the main Ad-Aware GU can use.

Share this post


Link to post
Share on other sites
  • 0

You're welcome :)

 

CLS has its own chapter near the end of the manual.

 

I have now been able to ask my contact person.

 

1A Yes

1B Yes

 

CLS is another way of managing the Ad-Aware program. When a scan is started through CLS, the scanning module will act in the same way as when a scan is started in the GUI, e.g. results and quarantined files are visible in the GUI. If nothing is specified when starting CLS, cookies will be deleted, some threats will be quarantined automatically and some threats will generate a "what to do" question to the user.

 

AA 11.1.5152.0, CLS _x64_11.0.4555.0

That CLS version is actually the version sent out with Ad-Aware 11.0 and not 11.1. Please, check if you have another version of CLS, too.

Share this post


Link to post
Share on other sites
  • 0

Glad to receive positive answers for 1A & 1B.

 

The problem with my version of CLS was that when running it using the suggested commands like:

"C:\Windows\System32\aacmdline\AdAwareCommandLineScanner.exe" --updatedefs

it always ran the original CLS and not the update.

 

That is because aacmdline is a <SYMLINKD> to the original CLS folder. I have now changed the link to point to:

"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\AdAwareCommandLineScanner"

and copied the new files into that folder. Future upgrades will be a simple delete & copy of the files into that folder.

 

Perhaps Lavasoft should find a method to change the <SYMLINKD> during upgrades or do what I have done.

Share this post


Link to post
Share on other sites
  • 0

I have now run several tests and find that using the CLS does NOT result in a report in the GUI. :(

 

The following command runs a scan but no report in the GUI
START "" /WAIT "C:\Windows\System32\aacmdline\AdAwareCommandLineScanner.exe" --custom "C:\Users\Eric\AppData\Roaming\Mozilla\Firefox"

 

There is a report in:

"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\AdAwareCommandLineScanner\Scan Results"

 

Running a custom scan for the same location using the GUI results in a report with 2 problems which I have Quarantined.

 

What must I do to have the CLS give a report in the GUI ?

 

Maybe use "--scan-result< path >" into the the location used by the GUI ?

Share this post


Link to post
Share on other sites
  • 0

Thanks, I'll check with my contact person when she is back in the office.

Share this post


Link to post
Share on other sites
  • 0

Sorry, I have given you wrong answers.

 

There are two types of command line scanners. The first one is a stand-alone scanner that isn't related to the rest of Ad-Aware and it's described in the last chapter of the manual. The second one is a "hidden" way of doing some of the work that usually is started from the GUI, and it isn't documented at the moment.

 

AdAwareCommandLineScanner.exe is the first one, but when I asked my contact person she assumed that your questions were for the second one, AdAwareCommandLine.exe, since she works more with that one. My answers in post #5 is therefore only for AdAwareCommandLine.exe.

 

AdAwareCommandLineScanner.exe is standalone, independent of common Ad-Aware and only controlled by the command you enter. It ignores the exclusion list and other settings in Ad-Aware GUI and the report will not be visible in the GUI etc. If you manually move the quarantined files from the scanner's own Quarantine folder to the quarantine folder of Ad-Aware, they will be listed in the GUI and it's possible to restore them.

 

The aacmdline SYMLINKD isn't created at all by Ad-Aware 11 installation program and isn't supported.

Is that something that was created by an old version of Ad-Aware, maybe version 9 or 8?

Ad-Aware 10 didn't have a command line scanner at all.

Share this post


Link to post
Share on other sites
  • 0

Using SYMLINKD shortens the command line significantly so I will keep it for now.

 

What is the folder location containing the GUI Quarantined files?

 

CLS results has REF, DAT, and BDQ files. Which file(s) should be copied to the GUI folder?

 

I found "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareCommandLine.exe" (ACL) but it does NOT accept the same command tokens as the CLS.

 

Since there is no documentation for ACL I will need a list of tokens to be used with it. Using the the ACL is preferred if it includes other settings, especially the Exclusion list and would not require copying files.

 

Thanks for your help so far.

 

It may be easier on you if I can correspond with your contact person directly.

Share this post


Link to post
Share on other sites
  • 0

I think the quarantined files are stored in a sub-folder to C:\Program Data\Lavasoft\Ad-Aware 11.

 

AdAwareCommandLine has its own command parameters, and since it's undocumented it can be changed without any notice. It's designed to be used inside Ad-Aware, but since my contact person works with QA, I guess it's useful to use it in test procedures. To document it is on a ToDo list, but I guess there are other things that have much higher priority.

 

Can't you use a normal scheduled scan configured within Ad-Aware?

Share this post


Link to post
Share on other sites
  • 0

I run an unattended batch file overnight which does various "clean up" and backup functions and then, depending on the day of the week, runs a scan using either Ad-Aware, Spybot Search & Destroy, Malwarebytes, Immunet, or MS Security Essentials. Instead of a scan, on Saturdays it makes a disk image using Acronis. I have Nirsoft Utilities http://www.nirsoft.net/ installed which uses the same techniques as "bad" files and must be entered in the Exclusion list for any scanner.

 

Ad-Aware and Malwarebytes scans can take so much time that when I want to use my PC in the morning they are still running. To eliminate this problem I have defined custom scans based on my two partitions C & D.

 

Malwarebytes defines its scan coverage in a Registry entry so my batch now does a RegEdit before the scan is called by a command line which runs the same scan as its GUI would. Ad-Aware does not function in this way.

 

Until I find a different solution I will run Ad-Aware custom scans using the GUI with PTFBpro http://www.ptfbpro.com/ which can enter info into a Custom scan field.

 

I plan to install an SSD to replace my boot HD and that may allow acceptable full scans in one pass. I will update this topic after that happens.

 

Thanks for your efforts to help me.

 

 

 

Share this post


Link to post
Share on other sites
  • 0

Hi again!

 

I have received this information from my contact person:

1. Start the Command Prompt.
2. Go to the folder (with cd command) where Ad-Aware is installed, by default it's C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5192.0\.
3. Enter this command to find out which parameters that are available: AdAwareCommandLine.exe --help

(I'm not sure, maybe you are supposed to first start AdAwareCommandLine.exe and then write --help.)

Share this post


Link to post
Share on other sites
  • 0

I have made some progress and am awaiting the results of my Sunday scan.

 

1.

Last weekend I installed an Samsung SSD Boot Drive (C:\). Unfortunately my system, a Dell Studio XPS 435MT with i7-920 CPU and 12 GB RAM, cannot take full advantage of the SSD but it did cut Boot time in half to slightly over 2 min :D, and greatly improved read/write to C:\ :wub:. The Dell is limited to SATA2 :( while the SSD can use the twice as fast SATA3. Also it does not support :( the AHCI Mode controller which is more efficient.

 

2.

A scan C:\ appeared to take less than one hour :wub: when in the past it took over 10 hours and I usually stopped it before completion. I ran this test using a batch file with the following command:

START "" /WAIT "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareCommandLine.exe" --custom "C:\\"

 

3.

I have modified my overnight batch for Sunday to use --custom "C:\\;D\\" and hope the time is reasonable. Expect a report back after I see the results

 

 

 

Share this post


Link to post
Share on other sites
  • 0

That's a large SSD, I think I only have seen smaller ones before.

Share this post


Link to post
Share on other sites
  • 0

Ad-Aware definitions were updated 3:07PM Saturday afternoon

 

Result of the following command run Sunday morning:

START "" /WAIT "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareCommandLine.exe" --custom "C:\\;D:\\"

 

Contents after scan:

C: 267GB of 500GB Total (SSD)

D: 62GB of 200GB Total (One of two partitions on original 1TB "normal" HD)

 

Ad-Aware reported:

Estimated time: 5 Hours :mellow: (This would be acceptable since started at 2 AM)

Actual time: 40 Minutes :o (Would be longer if there were infected objects)

Infected objects: None :D

 

Previous to SSD install actual time was over 10 hours and I usually stopped the scan after 7 hours.

 

I hope that the AdAwareCommandLine is continued to be offered because it is important to have scans run with exclusions and full reporting of results.

 

I see no value in the AdAwareCommandLineScanner since the AdAwareCommandLine offers the full capabilities of AdAware.

 

If there are any substancial changes in furture scans I will update this topic.

Share this post


Link to post
Share on other sites
  • 0

I just thought of what might have caused the very low scan time:

There is nothing checked in the Custon Scan Settings in the AdAware GUI

The C:\ and D:\ paths are entered but not checked.

 

QUESTIONS:

1.

What, if anything, should be checked to result in a "Full Scan" of the specified folders "C:\\;D:\\" ?

2.

If the settings have no effect how does --custom compare to --quick and --full?

3.

Would adding a --quick scan cover what is missing from a --custom scan?

 

Note that a --full scan is too long because it includes F:\ which is my original C:\ before it was cloned to the SSD.

Share this post


Link to post
Share on other sites
  • 0

I now think that my result was only for "C:\\" and did not include "D:\\" so thefollowing questions arrise because the help files are not clear:

 

1.

Can two --custom scan locations be specified in one command?

 

2.

If yes, is the proper configuration:

A. All inside one set of quotes ?

B. Each in its own set of quotes ?

C. What separators are permitted ?

 

 

 

 

Share this post


Link to post
Share on other sites
  • 0

I just thought of what might have caused the very low scan time:

There is nothing checked in the Custon Scan Settings in the AdAware GUI

The C:\ and D:\ paths are entered but not checked.

 

QUESTIONS:

1.

What, if anything, should be checked to result in a "Full Scan" of the specified folders "C:\\;D:\\" ?

2.

If the settings have no effect how does --custom compare to --quick and --full?

3.

Would adding a --quick scan cover what is missing from a --custom scan?

 

Note that a --full scan is too long because it includes F:\ which is my original C:\ before it was cloned to the SSD.

I have been in contact with Lavasoft.

 

A custom scan does the same checks as a full scan when everything have been selected.

 

Another possibility is that you add F: to the exception list and then start a full scan.

Share this post


Link to post
Share on other sites
  • 0

I now think that my result was only for "C:\\" and did not include "D:\\" so thefollowing questions arrise because the help files are not clear:

 

1.

Can two --custom scan locations be specified in one command?

 

2.

If yes, is the proper configuration:

A. All inside one set of quotes ?

B. Each in its own set of quotes ?

C. What separators are permitted ?

Maybe the "another possibility" in my previous answer is the best choice for you.

Share this post


Link to post
Share on other sites
  • 0

Sometimes one gets too close to a project and does not see the obvious.

 

Of course excluding F:\ and using --full is the answer.

 

Thank you,

 

I will post back with the results.

Share this post


Link to post
Share on other sites
  • 0

I'll forward the "thank you" to my contact person :)

 

Good luck!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now