2 Replies Latest reply on Apr 21, 2014 11:30 AM by rmetzger

    Scan only one drive, removable usb drive from a script

    araczek

      Hi,

       

      We have the need to set up a scanning station for removable drives. I am writing a powershell script to do this so I can create logs and make it easier for users to

      do this themselves. First do I need to use the command line version of VirusScan? I have both but I see no option that would let me scan one drive. What would

      be the best command line options to use?

       

      ..AR

        • 1. Re: Scan only one drive, removable usb drive from a script
          Peter M

          Moved this provisionally to VSE for better attention.

          • 2. Re: Scan only one drive, removable usb drive from a script
            rmetzger

            Hi araczek,

            araczek wrote:

             

            We have the need to set up a scanning station for removable drives. I am writing a powershell script to do this so I can create logs and make it easier for users to do this themselves.

            First do I need to use the command line version of VirusScan? I have both but I see no option that would let me scan one drive. What would be the best command line options to use?

            First, make sure all end-nodes are fully protected as a last line of defense, so that no matter what your 'users' do or not, malware is stopped.

             

            Make sure that from the Control Panel:

            On-Access Scan Properties>All Processes>Scan Items>Scan Files

            Check "When reading from disk"

            This is Critical.

             

            Make the equivalent settings change from ePO if available.

             

            This will ensure that any file on the USB drive is scanned prior to execution (autorun or otherwise).

            This setting should be in place regardless of external drives as this is an Absolute Requirement for stopping many forms of malware, for internal drives too.

             

            In addition, make sure that from the Control Panel:

            On-Access Scan Properties>All Processes>Scan Items>Scan Files

            Check "When writing to disk"

             

            to ensure that files written to the USB drives are scanned during the write process.

             

            These 2 settings should protect against spreading virus' when keeping the signature files completely up to date.

            If the AV system is scanning On Read, then scanning the entire external drive is redundent. Peter Simmons recommendations ( https://community.mcafee.com/message/270747#270747 ) (conceptually) apply to any AV system. Just be sure your AV system Scans on read (and is ON).

             

             

            Now, setting up a separate workstation for a redundent scan of external drives:

             

            Either the Command Line Scanner, or Scan32.exe will work.

             

            Scan32.exe options are defined in the vse_880_product_guide_en-us.pdf, starting on page 91:

            [quote]Using the command line with VirusScan Enterprise

             

            You can use the Command Prompt to run some basic VirusScan Enterprise processes. You can

            install, configure, and update VirusScan Enterprise from the command line. Command line

            installation options are described in the VirusScan Enterprise Installation Guide.

             

            Command line scan example

             

            To scan all files, update the log files with the results of the scan, and automatically close the

            on-demand scan dialog box when completed, enter the following command:

             

            scan32 /all /log /autoexit

            [/quote]

             

            One might try:

            scan32 e: /all /clean /continue /autoexit

             

             

            The Command Line Scanner has has similar parameters, but can run on alternate operating systems. Also, It must be manually updated.

             

             

            Either method will work, but recognize that a large, nearly full, external drives may have excessive scan times. Often, impatience leads people to simply removing the drive and taking back to their system.

            Thus the initial comments at the beginning of my reply.

             

            Good luck.

            Ron Metzger