3 Replies Latest reply on Mar 14, 2012 7:52 PM by rmetzger

    Artemis sensitivity level with command line scan using scan32.exe or scan64.exe

    Dvanmeter

      is there way to run a command line scan and control what level of artemis is used?  I would like to make a bat file that would initiate a scan that uses "Very High" rather than the default "Very Low".  Anyone know how to do this or if it is possible.

       

      on 14/03/12 7:03:30 EDT AM
        • 1. Re: Artemis sensitivity level with command line scan using scan32.exe or scan64.exe
          rmetzger

          Hi Dvanmeter

           

          I referenced:

          vse_880_product_guide_en-us.pdf

           

              Appendix

              Pages 91 - 93, Using the command line with VirusScan Enterprise

           

          On Page 92:

          ──────────────────────────────────────────────────────────────────────────────── ─────────────────────────────────

              MHEUR        Enables Artemis detection of macro threats.

           

              PHEUR        Enables Artemis detection of non-macro threats.

          ──────────────────────────────────────────────────────────────────────────────── ─────────────────────────────────

          These are the only parameters that mention Artemis.

          Based on this, I would say: No levels can be set via the command line.

           

          This makes sense to me, as I believe it is McShield that is actually running the 'scan' and requesting Artemis info. (Scanxx simply submits the files to McShield for scanning.) Since changing this parameter would change all uses of McShield, I think that it is architecturally set across the entire VSE platform. The parameters above seem to enable additional files but not a level change. Of course, without source code I cannot confirm this, but this is my belief. Maybe someone from McAfee can confirm or deny this.

           

          Have fun.

          Ron Metzger

          • 2. Re: Artemis sensitivity level with command line scan using scan32.exe or scan64.exe
            Dvanmeter

            Yes, I did see the command-line options, but that is the problem.  On/Off seems to be the only thing, but what does mean.  What default is it currently using with that switch?  Im not sure if thats true out the mcshield process.  currently you can run a ODS with high artemis while On access is a different level. What would be the difference that intiating it via command line?  Probably commandline is how EPO is initiating or the client is initiating a scan anyways.

            • 3. Re: Artemis sensitivity level with command line scan using scan32.exe or scan64.exe
              rmetzger

              Hi Dvanmeter,

              Dvanmeter wrote:

               

              On/Off seems to be the only thing, but what does mean.

              Exactly that: Use or Don't Use Artemis.

               

              Dvanmeter wrote:

               

              What default is it currently using with that switch?

              That depends on which 'Task' you are running. Search the registry key HKLM\Software\McAfee\ key for 'Artemis' and you will find 'ArtemisEnabled' and 'ArtemisLevel' for different tasks and processes. Each ODS scan has a GUID associated with it which would override the default settings found in it's parent. Not sure what key would be read for Scan32 or Scan64. Unless there is an undocumented command line option, I don't know of any way to change the ArtemisLevel.

               

              Dvanmeter wrote:

               

              What would be the difference that intiating it via command line?  Probably commandline is how EPO is initiating or the client is initiating a scan anyways.

              I think that ePO simply initiates the 'Task' where all of the parameters are defined in the registry. No need for complicated command lines this way. This way all ePO needs to know is the GUID of the task. Changing the settings can be done as registry entry changes to that task. ePO simply initiates each task with whatever registry entries define that task.

               

              I don't know of any simple answer for changing the ArtemisLevel for Scan32 or Scan64.

               

              Good luck,

              Ron Metzger