Site icon Emsisoft | Cybersecurity Blog

Remediation with Emsisoft Commandline Scanner | Windows Device Protection | Emsisoft Tutorial


Hi there. In today’s video, we’re going to talk about one of the more advanced features that comes with Emsisoft protection software: the Emsisoft Commandline Scanner. The scanner is included with Emsisoft Business Security, Emsisoft Enterprise Security, and the Emsisoft Emergency Kit.

The Emsisoft Commandline Scanner is a tool for professionals who prefer the power of command line applications over a graphical user interface. It’s one of the most sophisticated command line scanners available, used by services like VirusTotal to scan user-uploaded files.

If you’re looking for a way to initiate malware scans from third-party software, or if you want to integrate malware scans as part of your support infrastructure, then this could be the perfect tool for you. Scans along with their settings can be saved in scripts or batch files executing multiple actions in a coordinated manner.

The Emsisoft Commandline Scanner executable is ‘a2cmd.exe’, located in your Emsisoft Anti-Malware folder, which is typically located in the Program Files folder.  The scanner needs administrative privileges, so make sure that the tool that you use to run it has these. Running the scanner without any parameters will give you the full list of the commands and parameters.

The command line parameters fall into 4 categories:

  1. “Scan types” specify what to scan;
  2. “Scan settings” let you configure which scanner features to use;
  3. “Malware handling” allows you to act on items that have been quarantined. These options must be used alone and cannot be combined with other scan options.
  4. And finally, “Online updates’ allows you to update and specify update settings related to all program components and signatures. As with “Malware handling”, “Online updates” must be used alone, and not combined with other scan options

Let’s start with a simple scan and build from there.  To begin with, we’ll run an update to ensure that you have the latest protection.

Now that we’re updated, let’s start with a scan. A ‘Malware Scan’ is the best choice for most cases: it’s fast and thoroughly examines all known areas of the device where active malware typically resides. If on the other hand you only have one or more paths to scan, you can specify them using commas as delimiters. We’ll scan a specific directory, with slash-f-equals-c-colon-backslash-data, check potentially unwanted programs, with slash-PUP, and malware traces using slash-traces.  We’ll save the output to a log file on the desktop, and quarantine any detections – just don’t forget to add the trailing backslash for log and quarantine destination folders – and it’s a good idea to enclose folder paths in quotation marks.

The log file records the scan type, all settings used for the scan, the start and end time, the number of files scanned as well as the number of detections.

To check on what files have been quarantined, we can use the quarantine list option.  You can then choose to restore any quarantined file using the /qr option, or delete any file using the /qd option.

By creating a batch file, we can combine multiple commands and use conditional statements to invoke different actions based on the outcome.  For example, the following batch file combines the three commands we just ran into one executable.  First I’ll go to my desktop, and then run the batch file.

Using the Commandline Scanner makes sense when you have a demand for frequently repeating scans of one or more files or directories. Some examples include:

Be sure to check out the advanced parameters, which you can use to scan memory buffers or files via file handles to avoid unnecessary duplicate read actions from the harddrive. We’ll leave it up to you to review the documentation and explore those parameters on your own.  You can find a link to the documentation in the description box below.

As you can see, the Emsisoft Commandline Scanner is an excellent tool for a variety of automated scanning jobs. And that brings us to the end of today’s video. Thanks for joining us. Bye for now.

Exit mobile version