AdAware Command Line Scanner
Win 7 Home Premium SP-1 64 bit, AA 11.1.5152.0, CLS _x64_11.0.4555.0
CLS --updatedefs and --custom "D:\\" run succesfully in unattended batch files
Problem or bug
The notification section of the main Ad-Aware GUI does NOT update after above operations
-
Glad to receive positive answers for 1A & 1B.
The problem with my version of CLS was that when running it using the suggested commands like:
"C:\Windows\System32\aacmdline\AdAwareCommandLineScanner.exe" --updatedefs
it always ran the original CLS and not the update.
That is because aacmdline is a <SYMLINKD> to the original CLS folder. I have now changed the link to point to:
"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\AdAwareCommandLineScanner"
and copied the new files into that folder. Future upgrades will be a simple delete & copy of the files into that folder.
Perhaps Lavasoft should find a method to change the <SYMLINKD> during upgrades or do what I have done.
0 -
Win 7 Home Premium SP-1 64 bit, AA 11.1.5152.0, CLS _x64_11.0.4555.0
CLS --updatedefs and --custom "D:\\" run succesfully in unattended batch files
Questions
1. Does a CLS scan in the main Ad-Aware GU:
A. Use the exclusion list for folders and files?
B. Update the Quarantined Files list on completion?
2. After a CLS scan Is there a suggested method to:
A. Extract a report of infected files? (text preferred)
B. Quarantine or delete infected files by manual selection?
If 1B is "Yes" and then one method is for 2B is to use --quarantine in the CLS scan command and manually "Restore" or "Delete" using the main Ad-Aware GU
0 -
Thanks for the quick reply.
I had searched the manual but never saw the method to specify the results file. I probably used the wrong search words.
I would not mind automatic quarantine IF there is a method to manually Restore selected files. That is the reason for 1A & 1B.
Perhaps a CLS --scan-result< path > can send the results to a location that the main Ad-Aware GU can use.
0 -
Hi ebloch,
2A. According to the manual you can specify a file name, including path, for a result file. The manual specifies the default path and file name.
2B. According to the manual you can specify in the command if you want the detected files to be quarantined, deleted or disinfected.
I don't know the answers to 1 A and B, but I can ask my contact person when she is back after all holidays.
0 -
You're welcome
CLS has its own chapter near the end of the manual.
I have now been able to ask my contact person.
1A Yes
1B Yes
CLS is another way of managing the Ad-Aware program. When a scan is started through CLS, the scanning module will act in the same way as when a scan is started in the GUI, e.g. results and quarantined files are visible in the GUI. If nothing is specified when starting CLS, cookies will be deleted, some threats will be quarantined automatically and some threats will generate a "what to do" question to the user.
AA 11.1.5152.0, CLS _x64_11.0.4555.0
That CLS version is actually the version sent out with Ad-Aware 11.0 and not 11.1. Please, check if you have another version of CLS, too.
0 -
I have now run several tests and find that using the CLS does NOT result in a report in the GUI.
The following command runs a scan but no report in the GUI
START "" /WAIT "C:\Windows\System32\aacmdline\AdAwareCommandLineScanner.exe" --custom "C:\Users\Eric\AppData\Roaming\Mozilla\Firefox"There is a report in:
"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\AdAwareCommandLineScanner\Scan Results"
Running a custom scan for the same location using the GUI results in a report with 2 problems which I have Quarantined.
What must I do to have the CLS give a report in the GUI ?
Maybe use "--scan-result< path >" into the the location used by the GUI ?
0 -
Thanks, I'll check with my contact person when she is back in the office.
0 -
Sorry, I have given you wrong answers.
There are two types of command line scanners. The first one is a stand-alone scanner that isn't related to the rest of Ad-Aware and it's described in the last chapter of the manual. The second one is a "hidden" way of doing some of the work that usually is started from the GUI, and it isn't documented at the moment.
AdAwareCommandLineScanner.exe is the first one, but when I asked my contact person she assumed that your questions were for the second one, AdAwareCommandLine.exe, since she works more with that one. My answers in post #5 is therefore only for AdAwareCommandLine.exe.
AdAwareCommandLineScanner.exe is standalone, independent of common Ad-Aware and only controlled by the command you enter. It ignores the exclusion list and other settings in Ad-Aware GUI and the report will not be visible in the GUI etc. If you manually move the quarantined files from the scanner's own Quarantine folder to the quarantine folder of Ad-Aware, they will be listed in the GUI and it's possible to restore them.
The aacmdline SYMLINKD isn't created at all by Ad-Aware 11 installation program and isn't supported.
Is that something that was created by an old version of Ad-Aware, maybe version 9 or 8?
Ad-Aware 10 didn't have a command line scanner at all.
0 -
Using SYMLINKD shortens the command line significantly so I will keep it for now.
What is the folder location containing the GUI Quarantined files?
CLS results has REF, DAT, and BDQ files. Which file(s) should be copied to the GUI folder?
I found "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareCommandLine.exe" (ACL) but it does NOT accept the same command tokens as the CLS.
Since there is no documentation for ACL I will need a list of tokens to be used with it. Using the the ACL is preferred if it includes other settings, especially the Exclusion list and would not require copying files.
Thanks for your help so far.
It may be easier on you if I can correspond with your contact person directly.
0 -
I think the quarantined files are stored in a sub-folder to C:\Program Data\Lavasoft\Ad-Aware 11.
AdAwareCommandLine has its own command parameters, and since it's undocumented it can be changed without any notice. It's designed to be used inside Ad-Aware, but since my contact person works with QA, I guess it's useful to use it in test procedures. To document it is on a ToDo list, but I guess there are other things that have much higher priority.
Can't you use a normal scheduled scan configured within Ad-Aware?
0 -
I run an unattended batch file overnight which does various "clean up" and backup functions and then, depending on the day of the week, runs a scan using either Ad-Aware, Spybot Search & Destroy, Malwarebytes, Immunet, or MS Security Essentials. Instead of a scan, on Saturdays it makes a disk image using Acronis. I have Nirsoft Utilities http://www.nirsoft.net/ installed which uses the same techniques as "bad" files and must be entered in the Exclusion list for any scanner.
Ad-Aware and Malwarebytes scans can take so much time that when I want to use my PC in the morning they are still running. To eliminate this problem I have defined custom scans based on my two partitions C & D.
Malwarebytes defines its scan coverage in a Registry entry so my batch now does a RegEdit before the scan is called by a command line which runs the same scan as its GUI would. Ad-Aware does not function in this way.
Until I find a different solution I will run Ad-Aware custom scans using the GUI with PTFBpro http://www.ptfbpro.com/ which can enter info into a Custom scan field.
I plan to install an SSD to replace my boot HD and that may allow acceptable full scans in one pass. I will update this topic after that happens.
Thanks for your efforts to help me.
0 -
What an advanced user you are!
Good Luck!
0 -
Hi again!
I have received this information from my contact person:
1. Start the Command Prompt.
2. Go to the folder (with cd command) where Ad-Aware is installed, by default it's C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5192.0\.
3. Enter this command to find out which parameters that are available: AdAwareCommandLine.exe --help(I'm not sure, maybe you are supposed to first start AdAwareCommandLine.exe and then write --help.)
0 -
I have made some progress and am awaiting the results of my Sunday scan.
1.
Last weekend I installed an Samsung SSD Boot Drive (C:\). Unfortunately my system, a Dell Studio XPS 435MT with i7-920 CPU and 12 GB RAM, cannot take full advantage of the SSD but it did cut Boot time in half to slightly over 2 min , and greatly improved read/write to C:\ . The Dell is limited to SATA2 while the SSD can use the twice as fast SATA3. Also it does not support the AHCI Mode controller which is more efficient.
2.
A scan C:\ appeared to take less than one hour when in the past it took over 10 hours and I usually stopped it before completion. I ran this test using a batch file with the following command:
START "" /WAIT "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareCommandLine.exe" --custom "C:\\"
3.
I have modified my overnight batch for Sunday to use --custom "C:\\;D\\" and hope the time is reasonable. Expect a report back after I see the results
0 -
Great what a fantastic improvement!
I'm jealous
0 -
This is where I bought mine several weeks ago and they are still being offered:.
http://www.ebay.com/itm/ws/eBayISAPI.dll?ViewItem&item=370986999948
It is offered by Adorama at a price lower than their store price and Samsung 840 EVO is rated the highest.
0 -
Size to fit the contents of C:\ plus some expansion room.
0 -
That's a large SSD, I think I only have seen smaller ones before.
0 -
Ad-Aware definitions were updated 3:07PM Saturday afternoon
Result of the following command run Sunday morning:
START "" /WAIT "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareCommandLine.exe" --custom "C:\\;D:\\"
Contents after scan:
C: 267GB of 500GB Total (SSD)
D: 62GB of 200GB Total (One of two partitions on original 1TB "normal" HD)
Ad-Aware reported:
Estimated time: 5 Hours (This would be acceptable since started at 2 AM)
Actual time: 40 Minutes (Would be longer if there were infected objects)
Infected objects: None
Previous to SSD install actual time was over 10 hours and I usually stopped the scan after 7 hours.
I hope that the AdAwareCommandLine is continued to be offered because it is important to have scans run with exclusions and full reporting of results.
I see no value in the AdAwareCommandLineScanner since the AdAwareCommandLine offers the full capabilities of AdAware.
If there are any substancial changes in furture scans I will update this topic.
0 -
I just thought of what might have caused the very low scan time:
There is nothing checked in the Custon Scan Settings in the AdAware GUI
The C:\ and D:\ paths are entered but not checked.
QUESTIONS:
1.
What, if anything, should be checked to result in a "Full Scan" of the specified folders "C:\\;D:\\" ?
2.
If the settings have no effect how does --custom compare to --quick and --full?
3.
Would adding a --quick scan cover what is missing from a --custom scan?
Note that a --full scan is too long because it includes F:\ which is my original C:\ before it was cloned to the SSD.
0 -
I now think that my result was only for "C:\\" and did not include "D:\\" so thefollowing questions arrise because the help files are not clear:
1.
Can two --custom scan locations be specified in one command?
2.
If yes, is the proper configuration:
A. All inside one set of quotes ?
B. Each in its own set of quotes ?
C. What separators are permitted ?
0 -
I just thought of what might have caused the very low scan time:
There is nothing checked in the Custon Scan Settings in the AdAware GUI
The C:\ and D:\ paths are entered but not checked.
QUESTIONS:
1.
What, if anything, should be checked to result in a "Full Scan" of the specified folders "C:\\;D:\\" ?
2.
If the settings have no effect how does --custom compare to --quick and --full?
3.
Would adding a --quick scan cover what is missing from a --custom scan?
Note that a --full scan is too long because it includes F:\ which is my original C:\ before it was cloned to the SSD.
I have been in contact with Lavasoft.
A custom scan does the same checks as a full scan when everything have been selected.
Another possibility is that you add F: to the exception list and then start a full scan.
0 -
I now think that my result was only for "C:\\" and did not include "D:\\" so thefollowing questions arrise because the help files are not clear:
1.
Can two --custom scan locations be specified in one command?
2.
If yes, is the proper configuration:
A. All inside one set of quotes ?
B. Each in its own set of quotes ?
C. What separators are permitted ?
Maybe the "another possibility" in my previous answer is the best choice for you.
0 -
Sometimes one gets too close to a project and does not see the obvious.
Of course excluding F:\ and using --full is the answer.
Thank you,
I will post back with the results.
0 -
I'll forward the "thank you" to my contact person
Good luck!
0 -
--updatedefs was run at 3:07 PM using the Task Scheduler on Saturday
--full scan with F:\ excluded was 2:40
Next Sundays run will be:
START "" /WAIT "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareCommandLine.exe" --updatedefs
START "" /WAIT "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareCommandLine.exe" --full
START "" "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDesktop.exe"The third line opens the GUI so I can look at the results and decide what I do with the "Objects Detected".
0 -
Just to update for my current overnight batch which runs AdAware on Sundays
1. Added AdAwareVer to make it easier to edit when versions are changed.
2. Added wait for an operation to complete before proceeding.
AdAware operates using AdAwareService.exe run from either the GUI or ACL.
WMIC used to watch for AdAwareService CPU usage to drop to 0.
3. ECHOs give screen report of actvity while batch is running.
4. TIMEOUTs (seconds) before upCheck and fullCheck reduce impact of completion checks.
5. START ... AdAwareDesktop opens GUI so I can review scan result and act on it.
6. RPT is the log of the entire batch activity and is saved in ShowReport.
7. ShowReport section displays RPT and does house keeping.
Batch section following has indent for new lines.
---------------------------------------------------------------
ECHO. & ECHO %Time: =0% Start Sunday
:: ||||||||||||||||| <=== Change when new version installed
SET AdAwareVer=11.3.6321.0
SET ACL="C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\%AdAwareVer%\AdAwareCommandLine.exe"
ECHO %SPC%%Time: =0% Ad-Aware Update Definitions
START "" %ACL% --updatedefs
TIMEOUT 40 > Nul
:upCheck
TIMEOUT 15 > Nul
"C:\Windows\System32\wbem\WMIC.exe" path Win32_PerfFormattedData_PerfProc_Process get Name,PercentProcessorTime | findstr /i AdAwareService > D:\Temp.txt
SET /P AA=<D:\Temp.txt
SET /A "AA=%AA:~-24%"
IF "%AA%" GTR "00" GOTO upCheck
SET Linex=%Time: =0% Ad-Aware Full Scan C+D
ECHO %SPC%%Linex%
START "" %ACL% --full
TIMEOUT 7200 > Nul
:fullCheck
TIMEOUT 600 > Nul
"C:\Windows\System32\wbem\WMIC.exe" path Win32_PerfFormattedData_PerfProc_Process get Name,PercentProcessorTime | findstr /i AdAwareService > D:\Temp.txt
SET /P AA=<D:\Temp.txt
SET /A "AA=%AA:~-24%"
IF "%AA%" GTR "00" GOTO fullCheck
ECHO. & ECHO %Linex% %Time: =0% >>%RPT% 2>&1
DEL D:\Temp.txt
START "" "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\%AdAwareVer%\AdAwareDesktop.exe"
GOTO ShowReport
0 -
Great!
0 -
Thanks, ebloch, for keeping us updated
0 -
When my full scan ran overnight it stalled for many hours on the following file so I had to manually stop the scan.
Path: "C:\Windows\{784C6EFC-C8EA-11E0-A964-0024E82A7222}"
File Type: File
Size: 506 KB
Created: 8/30/211It was generated just after thefollowing 90 KB file.
"C:\Windows\{784C6EFA-C8EA-11E0-A964-0024E82A7222}"
The Event Logs do not go back to 2011 so I cannot check them.
I am tempted to delete these files but will not unless I can determine what they are.
Any suggestions?
0
Please sign in to leave a comment.
Comments
88 comments