1 2 Previous Next 10 Replies Latest reply on Jul 8, 2013 3:50 AM by rmetzger

    need help with mcafee command line AV scanner

    orel86

      hi all

      We are facing problems running the TRAIL version of the Mcafee antivirus from command line on Windows XP.

      The exact actions we are doing were:

      [1] We downloaded the version from : https://secure.mcafee.com/apps/downloads/free-evaluations/thankyou.aspx?eval=90B CB5DB-1A0A-4D6E-9D5C-FB1E57C1F9DF
      [2] we installed the Mcafee antivirus inside folder c:\Mcafee
      [3] We downloaded the dat file from :  ftp://ftp.nai.com/pub/antivirus/datfiles/4.x
      [4] we expanded the zip file into the folder c:/mcafee
      [5] we copied a test virus (recognized by other several antiviruses) into  the folder c:/mcafee
      [6] we keyed the following command :
          scan d:\virus name
      we try also with the /all parameter
       

      Result: Mcafee was unable to recognize the virus.

      Can please tell us what are we doing wrong ?
      We thank you very much in advance .

         orel

       

      this is a screenshot of the problem

       

      C:\Mcafee>scan.exe /all d:/
      McAfee VirusScan Command Line for Win32 Version: 6.0.4.564
      Copyright (C) 2013 McAfee, Inc.
      (408) 988-3832 EVALUATION COPY - ?T?? ?T 27 2013

      AV Engine version: 5400.1158 for Win32.
      Dat set version: 7122 created Jun 30 2013
      Scanning for 668525 viruses, trojans and variants.

       

      Summary Report on d:\
      File(s)
              Total files:...................     3
              Clean:.........................     3
              Not Scanned:...................     0
              Possibly Infected:.............     0

      Master Boot Record(s):.................     1
              Possibly Infected:.............     0
      Boot Sector(s):........................     0
              Possibly Infected:.............     0

        • 1. Re: need help with mcafee command line AV scanner
          rmetzger

          Orel

           

          Try this simplified version, from the command line:

           

          Scan.exe D:\ /ANALYZE /ALL /CLEAN /DAM /NC /NOEXPIRE /PLAD /PROGRAM /SUB /UNZIP /WINMEM

           

          Ron Metzger

           

          Message was edited by: rmetzger on 7/1/13 10:12:12 PM EDT
          • 2. Re: need help with mcafee command line AV scanner
            orel86

            thanks for the answare,

             

            work exept .TMP files ,  what can i do?

            • 4. Re: need help with mcafee command line AV scanner
              rmetzger

              OK, Orel,

               

              Not sure why or if .tmp files were Not scanned. Actually, I am not sure why you think that they should have been Flagged as infected. Not sure if they are infected.

               

              So, to see what is going on, add these parameters to the command line:

               

              /RPTALL /APPENDC:\McAfee\Log.log

               

              to you existing command line options. Make sure C:\McAfee directory already exists prior to issueing the command.

               

              So, your command from before becomes:

                   Scan.exe D:\ /ANALYZE /ALL /CLEAN /DAM /NC /NOEXPIRE /PLAD /PROGRAM /SUB /UNZIP /WINMEM /RPTALL /APPENDC:\McAfee\Log.log

               

              Once the scan has completed, you should now have a file in C:\McAfee called Log.log. This is a plain text file that should report what was scanned, detected, cleaned, deleted, etc. Read Log.log to determine what is going on.

               

              Ron Metzger

               

              on 7/4/13 8:22:34 AM EDT
              • 5. Re: need help with mcafee command line AV scanner
                orel86

                after litle bit of investigation ive seen that the problem continue to another files and for deep checking in other forums i see that all the files that i scan is with high ARTMIS and in the Mcafee i didnt fond the artmis switch and how i increase the level of the ARTMIS

                when i upload the file to virustotal in the mcafee antivirus was writing in the virus type --ARIMIS+ARTMIS Number

                 

                can you help? how can i enable the ARTMIS and how can i increase the ARTMIS to the highest level ??

                • 6. Re: need help with mcafee command line AV scanner
                  rmetzger

                  orel86 wrote:

                   

                  after litle bit of investigation ive seen that the problem continue to another files and for deep checking in other forums i see that all the files that i scan is with high ARTMIS and in the Mcafee i didnt fond the artmis switch and how i increase the level of the ARTMIS

                  when i upload the file to virustotal in the mcafee antivirus was writing in the virus type --ARIMIS+ARTMIS Number

                   

                  can you help? how can i enable the ARTMIS and how can i increase the ARTMIS to the highest level ??

                  Artemis is a technology that is on-line only and triggered whenever a Behavior is seen during the scan without a Signature identifying the file in question. It is now called "McAfee® Global Threat Intelligence® (McAfee GTI™) File Reputation." See this document: http://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/2 4000/PD24043/en_US/48302wp_gti-best-practices_0812_fnl.pdf

                   

                  Artemis or GTI is intended to see New infections that have yet to be identified and added to the Signature database. This is typically a 24-72 hour window of time. After this time frame, GTI (Artemis) technology value decreases with time, as the ability to identify and add threats to the Signature database improves.

                   

                  There are several Levels of GTI which can be set in some McAfee software. Though Medium is the default level for VirusScan Enterprise, raising the level to a higher sensitivity greatly increases the likelyhood of False Positives. I Highly Discourage setting GTI to higher than Medium unless you are Actively trying to stop a massive attack of some type with infections that are shown to be brand new (3 days or less). At the higher levels of sensitivity, it is possible to have Legitimate operating system files flagged as infected, and if removed, make the OS unbootable. So, use higher sensitivity with extreme caution.

                   

                  Stinger supports GTI (Artemis), but the Command Line Scanner does not.

                   

                  Ron Metzger

                  • 7. Re: need help with mcafee command line AV scanner
                    orel86

                    so you seed actually that the Artmis not exist on the Command line scanner of mcafee ?

                    or ther is any way to enable it?

                     

                    thanks

                    • 8. Re: need help with mcafee command line AV scanner
                      rmetzger

                      Orel,

                       

                      The Command Line Scanner does Not have Artemis (or the official name GTI). You Cannot Enable it. As long as this thread was started, Artemis would no longer be involved with detecting files (on your CD that is). The signature database would have been updated. Try downloading today's DAT files and expand them into the current location of the Command Line Scanner. Then run the scan again as you did before.

                       

                      What did your log.log file say?

                       

                      Ron Metzger

                       

                      Message was edited by: rmetzger on 7/7/13 5:29:39 PM EDT
                      • 9. Re: need help with mcafee command line AV scanner
                        orel86

                        hi ron thanx for the answaring

                        where can i download from the new DAT files ?(the DAT  files is the signature files?)

                        i create the log files by myself with the >>Logfile Location+Logfilename.txt

                         

                        ther is a switch that i need to type to enable the new feature "McAfee® Global Threat Intelligence® (McAfee GTI™) File Reputation?

                         

                        beast regards

                         

                        orel

                        1 2 Previous Next