McAfee VCLCDE-AA-DA Product Guide - Page 20

Scanning processes in memory, Running an on-demand scan, Scanning options

Get McAfee VCLCDE-AA-DA - VirusScan Command Line Scanner Standard PDF manuals and user guides View all McAfee VCLCDE-AA-DA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 20 highlights

VirusScan® Command Line 5.20.0 Product Guide 3 Using the Command-Line Scanner Scanning processes in memory The cache is allocated "per file", so the scanner uses a large amount of cache if there are many nested files. A larger cache size normally improves scanning speeds unless the computer has very low memory. A range of cache sizes - 8MB to 512MB - is permitted. If you specify a value outside this range, the minimum or maximum value is assumed as appropriate. If you do not use this option, the scanner uses the default value of 12MB. Scanning processes in memory Viruses such as CodeRed do not exist as files on disk but rather as executable code in the memory space of an infected process. To protect against this threat, you can include the /WINMEM option. The process is scanned in memory together with any files or DLLs associated with it. When using the /WINMEM option, specify at least one file for scanning as well. Note Examples SCAN EXAMPLE.EXE /WINMEM Scans the file EXAMPLE.EXE and all processes running on the computer. SCAN *.EXE /WINMEM Scans all files with a ".EXE" file name extension in the current directory, and all processes running on the computer. SCAN *.* /WINMEM Scans all files in the current directory and all processes running on the computer. SCAN AA.EXE /WINMEM=1234 Scans the file, AA.EXE in the current directory and the specified process, 1234. The parameter is the process identifier or PID. If the process is not running, the scanner issues a message. Running an on-demand scan You can scan any file or directory on your file system from the command line by adding options to the basic command. When executed without options, the program simply displays a brief summary of its options. When executed with only a directory name specified, the program scans every file in that directory only, and issues a message if any infected files are found. The options fall into the following main groups: „ Scanning options - determine how and where the scanner looks for infected files. See page 25. 20

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
20
VirusScan
®
Command Line 5.20.0 Product Guide
Using the Command-Line Scanner
Scanning processes in memory
3
The cache is allocated “per file”, so the scanner uses a large amount of cache if there
are many nested files. A larger cache size normally improves scanning speeds unless
the computer has very low memory.
A range of cache sizes — 8
MB
to 512
MB
— is permitted. If you specify a value outside
this range, the minimum or maximum value is assumed as appropriate. If you do not
use this option, the scanner uses the default value of 12
MB
.
Scanning processes in memory
Viruses such as CodeRed do not exist as files on disk but rather as executable code in
the memory space of an infected process. To protect against this threat, you can
include the
/WINMEM
option. The process is scanned in memory together with any files
or DLLs associated with it.
Examples
Running an on-demand scan
You can scan any file or directory on your file system from the command line by adding
options to the basic command. When executed without options, the program simply
displays a brief summary of its options. When executed with only a directory name
specified, the program scans every file in that directory only, and issues a message if
any infected files are found. The options fall into the following main groups:
±
Scanning options —
determine how and where the scanner looks for infected
files. See
page 25
.
Note
When using the
/WINMEM
option, specify at least one file for scanning as well.
SCAN EXAMPLE.EXE /WINMEM
Scans the file
EXAMPLE.EXE
and all processes
running on the computer.
SCAN *.EXE /WINMEM
Scans all files with a “
.EXE
” file name extension
in the current directory, and all processes
running on the computer.
SCAN *.* /WINMEM
Scans all files in the current directory and all
processes running on the computer.
SCAN AA.EXE /WINMEM=1234
Scans the file,
AA.EXE
in the current directory
and the specified process, 1234. The parameter
is the process identifier or
PID
. If the process is
not running, the scanner issues a message.