exit code (0xC) after executing scheduled scan

As we already established F-secure scheduled scan can realy cause problems on Win7 which are configured to save energy/environemnt (by entering into sleep/hibernation state).

By problems, I meant executing "mised" scheduled scan when user login in the morning.

I came up with an alternative solution of assigning schduled task which includes also a wake up option as well as the task is hidden

"C:\Program Files (x86)\F-Secure\Anti-Virus\fsav.exe" /ALL /HARD /POLICY /SCHED /NOBREAK /QUAR /REPORT="C:\Program Files (x86)\F-Secure\Anti-Virus\REPORT.TXT"

Task was extracted to xml file, then installed through command prompt with Administrative privileges using command

C:\windows\system32\schtasks.exe /RU "NT Authority\System" /create /xml "C:\temp\F-S.xml" /tn "F-SecureScan"

Taks gets executed, reports are generated (both formats txt and html), however Last Run Test result shows value (0xC)

Ii expected to see (0x0) as presented in all the other successfully completed tasks.

Can anyone tell me what exit code (0xC) realy represents in this case?

My tests are conducted on Win7Enterprise 64bit, F-Secure Client Security 11.50 build 309

Btw, I wish I could display scan results to the user. Is such option available for fsav?

TIA

Andrzej

Find more posts tagged with

Comments

Vad

Andrzej,

I will try.

Best regards,

Vad

andrzej

Vad,

Option of clicking on flyer history is not good enough. User should be informed that the workstation is potentially infected.

I have close to 1500 workstations and only others in my seats can imagine my pain of daily analysing all the alerts in the PMC.

May you ask on my behalf for such enhancement in the future releases ?

I fought hard with my managment to stay with F-Secure instead of switching to cheaper, but comparable competitor product, hence I hope I deserve such reward

In the past I exchanged few emails with Markku looking for an option to generate daily and email a summary of all submitted alerts, but this was never finalized.

Andrzej

Vad

Andrzej,

I forget, that Scheduled Scan Start and Finish events are visible in Flyer History. The user may find it in F-Icon menu.

If you select finish event and press "Details", you can see brief Scheduled scan results.

We do not have any other features (except flyers and flyer history) to provide scheduled scan results to local user in current versions.

You may also specify email alerting address of local user for every host in "Alert Forwarding" table. But i don't think it's a good solution, if you have more then 10-20 hosts to tune.

Note that all alerts (if the host was found infected) and full Scheduled Scan reports are available to administrator in Policy Manager Console.

Best regards,

Vad

andrzej

Vad,

Popup at the start of the scan is displayed, I do not recall seeing one at the end of the scan, but honestly I was never looking for it.

Popup window, showing brief scan results, was never present when a scheduled scan was executed (this applies to manually scheduled scans or those scheduled through Policy Management Console). This was one of my frequent complains I was bringing to F-Secure support since we started with ver 5.40 if I am not mistaken.

Manually executed scans always show scan results.

Regarding files/folders to be excluded,

Excluding HIBERFIL.SYS and PAGEFILE.SYS is most likely fine, but I am convinced that I should not be ever ever excluding especially C:\USERS\username\APPDATA\LOCAL\TEMP or C:\Windows\Temp\, unfortunately files in those folders are frequently locked during full system scan.

Cheers

Andrzej

Vad

Hello Andrzej,

If you are sure that the files you mentioned are safe, you can add them to excluded objects for manual scanning.

We have popup window, which indicates start and finish of Scheduled scan. It also shows a brief scan result. This popup window is available with default settings.

Do you have it in your scenario?

Best regards,

Vad

andrzej

@Vad wrote:
This exit code means that the scanner failed to open some objects during the scan, and this objects may still be infected. You can find the list of this objects in the scanning report.

There is no doubt that some files will be always locked. The minimum list would include
HIBERFIL.SYS
PAGEFILE.SYS

> Btw, I wish I could display scan results to the user. Is such option available for fsav?

Sorry, it's a bit unclear for me, what do you mean. You have a scan report, and scan result is reported in alert (informational for clean, and security for infected). You may tune alerting table so, that informational alerts will be visible on the client side.

Absolutely, the report has all the details; however I am looking for a consise summary at the end of the scan showing information in format "Workstation was scan and is clean", or "An infection was found...."

Such message is displayed when the scan is completed (or terminated) when the scan is initiallized manually.

Nothing is presented to the end user when scan is run through scheduler.

My current settings for CS 11.51 are
F-Secure Management Agent->Settings->Alerting->Local user interface->Show alert Dialog If No User = Enabled
F-Secure Management Agent->Settings->Alerting->F-Secure Policy manager-Alert Forwarding->Local User Interface -> Fatal error and Security Alert are checked
F-Secure Antivirus->Settings for Manual Scanning->Scanning Options-File Scanning->Action on Infection = Ask After Scan

Have I missed some additional alerting settings?
Andrzej

Vad

Hello Andrzej,

This exit code means that the scanner failed to open some objects during the scan, and this objects may still be infected. You can find the list of this objects in the scanning report.

> Btw, I wish I could display scan results to the user. Is such option available for fsav?

Sorry, it's a bit unclear for me, what do you mean. You have a scan report, and scan result is reported in alert (informational for clean, and security for infected). You may tune alerting table so, that informational alerts will be visible on the client side.

Best regards,

Vad