using mpcmdrun.exe for remote scan.
-
Saturday, October 06, 2012 3:44 AM
Howdy,
I'm trying to do a custom scan on a folder on a remote server.
Server has an exclusion for C:\drop
I put an eicar test file in there that is live malware.
Locally, any scan of that folder obviously skips it.So, I'm trying to scan from a desktop using mpcmdrun, and its not working !!!!
I also tried browsing to that folder remotely and rt click the drop folder and scan with fep, it says 0 items scanned.Syntax i'm using.
MpCmdRun.exe –Scan –ScanType 1 -\\ server\c$\drop
it updates defs
scan starting...
Scan finished.event log shows it completed, doesnt appear to have scanned anything in that folder... What am I missing?
desktop does not have that exclusion.
All Replies
-
Monday, October 08, 2012 5:05 AMModerator
Hi,
Thank you for the post.
1. On-demanded scan could only scan file/folder on local disk. So you cannot run custom scan for remote server via right click menu. It will show "scan completed on 0 items".
2. MpCmdRun.exe command support to scan perform a custom scan of an entire folder with "-scantype 3" after you installed FEP update Rollup 1.
http://support.microsoft.com/kb/2551095
3. If you want to scan remote server, you need to use psexec command (at local) with MpCmdRun.exe (on remote server).
http://technet.microsoft.com/en-us/sysinternals/bb897553If there are more inquiries on this issue, please feel free to let us know.
Regards
Rick Tan
TechNet Community Support
- Marked As Answer by Rick TanModerator Friday, October 12, 2012 1:51 AM
-
Monday, October 08, 2012 3:51 PM
Thanks Rick.
I do have Update 1. You are implying mpcmdrun ran locally will bypass exclusions listed in the fep policy? I don't get the syntax perhaps, here are two things I ran on a local folder which has some eicar malware in them... and the result and log entry regarding that syntax...
= Scan type 1 seemed to complete but didnt find anything, type 3 wouldnt start due to error.C:\Program Files\Microsoft Security Client\Antimalware|MpCmdRun.exe -Scan -ScanType 1 -C:\Temp\##MalwareT
est
Signature update started . . .
Signature update finished. No updates needed
Scan starting...
Scan finished.
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: MpCmdRun.exe -Scan -ScanType 1 -C:\Temp\##MalwareTest
Start Time: Mon Oct 08 2012 09:22:59Start: MpScan(MP_FEATURE_SUPPORTED, dwOptions=1)
Start: MpSignatureUpdate()
Update started
Search Started (WSUS update) (Path: http://SCCMR.DOMAIN.NAME.COM:8530)...
Search Completed
Update completed succesfully . no updates needed (hr:0x00000001)
Finish: MpSignatureUpdate()
Scanning path as file: (null).
MpScan() started
Time Info - Mon Oct 08 2012 09:23:54 MpScan() was completed
Finish: MpScanStart(MP_FEATURE_SUPPORTED, dwOptions=16385)
Finish: MpScan(MP_FEATURE_SUPPORTED, dwOptions=16385)
MpScan() has detected 0 threats.
MpCmdRun: End Time: Mon Oct 08 2012 09:23:54
-------------------------------------------------------------------------------------
C:\Program Files\Microsoft Security Client\Antimalware|MpCmdRun.exe -Scan -ScanType 3 -C:\Temp\##MalwareT
est
CmdTool: Failed with hr = 0x80070667. Check C:\Users\jon54730\AppData\Local\Temp\MpCmdRun.log for more in
formation
CmdTool: Invalid command line argument
Microsoft Antimalware Service Command Line Utility (c)2006-2008 Microsoft Corp
Use this tool to automate and troubleshoot Microsoft Antimalware Service-------------------------------------------------------------------------------------
MpCmdRun: Command Line: MpCmdRun.exe -Scan -ScanType 3 -C:\Temp\##MalwareTest
Start Time: Mon Oct 08 2012 09:59:02MpCmdRun: End Time: Mon Oct 08 2012 09:59:02
------------------------------------------------------------------------------------- -
Tuesday, October 09, 2012 3:18 AMModerator
Hi,
Please use disableremediation to ignore file exclusion
MpCmdRun.exe -Scan -ScanType 3 -file C:\Temp -disableremediationRegards
Rick Tan
TechNet Community Support
.png)
