Jump to content

BrentNewland

Members
  • Content Count

    2
  • Joined

  • Last visited

About BrentNewland

  • Rank
    Newbie
  1. I'm considering purchasing the Portable Technician version of SAS (or the professional one if it will do the same task) to use with other malware and virus scanners via scripts. I've read several posts about SAS getting command line switches (parameters) for scripted scanning, but have not found any documentation that this has been put in effect, and haven't found any switches for SAS. I'm curious, specifically, if SAS has (or is planned to have in the near future) the following command line options: Online Update (e.g. "sas.exe /onlineupdate") to tell SAS to do an update from the website before scanning Offline Update (e.g. "sas.exe /offlineupdate=c:\path\to\sasdefinitions.exe") to tell SAS to use the updates from the specified sasdefinitions.exe (to run SAS on a system with no internet access without having to redownload SAS portable, because it may be on a CD, with the sasdefinitions.exe being loaded off a flash drive) Scan type (e.g. "sas.exe /scan=quick" or "sas.exe /scan=complete") so I don't have to choose the scanning type each time I run it Option to disable cookie scanning (e.g. "sas.exe /nocookies") because I'm concerned about malware only, not cookies Log file path (e.g. "sas.exe /logfile=c:\path\to\logfile.txt") so that my scripts can retrieve and process the result logs What to do with infected files (e.g. "sas.exe /removeinfected", "sas.exe /promptinfected", "sas.exe /loginfected") because I may want to have it remove whatever it finds, I may want it to ask me what to remove, or I may just want it to put them in the log file so my script can handle removing the file Quarantine (e.g. "sas.exe /quarantine=c:\path\to\quarantine\folder\") to automatically move any files that get deleted to the specified folder Path to scan (e.g. "sas.exe /scan=c:\path\to\folder\to\scan;c:\path\to\file\to\scan.exe;c:\path\to\another\folder" or "sas.exe /scan=c:\path\to\text\file\with\list\of\items\to\scan.txt") in case I want it to scan one or more specific items
  2. I have also run into this on a heavily infected machine (antivirus 2009 and more). It seems to be a new attack method, and I noticed it targeted at sas and the windows installer repair tools. I followed directions on the web and deleted all the policy registry keys and even the windows installer guid keys, and was still unable to install those. It would help if someone could make a VM and compare states before and after this problem comes up and get a fix out for it.
×
×
  • Create New...