收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 国外杀毒软件 Microsoft Defender(MSE) MSE的命令行好像不能扫描指定目录并生成本地日志
返回列表 发新帖
查看: 3387|回复: 2
收起左侧

[技术探讨] MSE的命令行好像不能扫描指定目录并生成本地日志

[复制链接]
iceelee
发表于 2013-3-14 11:54:56 | 显示全部楼层 |阅读模式
刚刚下载的最新版。
命令行扫描程序是MpCmdRun.exe
参数列表中,好像没有哪个可以指定保存本地扫描日志的。


请熟悉MSE命令行使用的朋友指导一下,如何使用MSE命令行扫描指定目录,并生成本地日志。
回复

举报

ELOHIM
发表于 2013-3-14 14:53:31 | 显示全部楼层
下面是MSE4.2  "mpcmdrun.exe" 命令行的用户可用参数,日志文件可以参照windows日志文件,也可以搜索系统隐藏目录下的mpcmdrun.log ,这个文件有多个位置存在。
  1. Microsoft Antimalware Service Command Line Utility (c)2006-2012 Microsoft Corp

  3. Use this tool to automate and troubleshoot Microsoft Antimalware Service



  7. Usage:

  9. MpCmdRun.exe [command] [-options]



  13. Command Description

  15.    -? / -h                                    Displays all available options

  17.                                               for this tool

  19.    -Scan [-ScanType #] [-File <path> [-DisableRemediation]]  Scans for malicious

  21.                                                             software

  23.    -Trace [-Grouping #] [-Level #]            Starts diagnostic tracing

  25.    -GetFiles                                  Collects support information

  27.    -RemoveDefinitions [-All]                  Restores the installed

  29.                                               signature definitions

  31.                                               to a previous backup copy or to

  33.                                               the original default set of

  35.                                               signatures

  37.                       [-DynamicSignatures]    Removes only the dynamically

  39.                                               downloaded signatures

  41.    -SignatureUpdate [-UNC | -MMPC]            Checks for new definition updates

  43.    -Restore  [-ListAll | [-Name <name>] [-All] [-Path <path>]]  Restore or list

  45.                                                                quarantined item(s)

  47.    -AddDynamicSignature [-Path]               Loads a dynamic signature

  49.    -ListAllDynamicSignatures                  List the loaded dynamic signatures

  51.    -RemoveDynamicSignature [-SignatureSetID]  Removes a dynamic signature

  53.    -EnableIntegrityServices                   Enables integrity services



  57. Additional Information:



  61. Support information will be in the following directory:

  63. C:\ProgramData\Microsoft\Microsoft Antimalware\Support



  67.    -Scan [-ScanType value]

  69.         0  Default, according to your configuration

  71.         1  Quick scan

  73.         2  Full system scan

  75.         3  File and directory custom scan



  79.            [-File <path>]

  81.                 Indicates the file or directory  to be scanned, only valid for custom scan.



  85.            [-DisableRemediation]

  87.                 This option is valid only for custom scan.

  89.                 When specified:

  91.                   - File exclusions are ignored.

  93.                   - Archive files are scanned.

  95.                   - Actions are not applied after detection.

  97.                   - Event log entries are not written after detection.

  99.                   - Detections from the custom scan are not displayed in the user

  101.                     interface.



  105.       Return code is

  107.       0    if no malware is found or malware is successfully remediated and no additional user action is required

  109.       2    if malware is found and not remediated or additional user action is required to complete remediation or there is error in scanning.  Please check History for more information.



  113.    -Trace [-Grouping value] [-Level value]

  115.         Begins tracing Microsoft Antimalware Service's actions.

  117.         You can specify the components for which tracing is enabled and

  119.         how much information is recorded.

  121.         If no component is specified, all the components will be logged.

  123.         If no level is specified, the Error, Warning and Informational levels

  125.         will be logged. The data will be stored in the support directory

  127.         as a file having the current timestamp in its name and bearing

  129.         the extension BIN.



  133.         [-Grouping]

  135.         0x1    Service

  137.         0x2    Malware Protection Engine

  139.         0x4    User Interface

  141.         0x8    Real-Time Protection

  143.         0x10   Scheduled actions

  145.         0x20   NIS/GAPA



  149.         [-Level]

  151.         0x1    Errors

  153.         0x2    Warnings

  155.         0x4    Informational messages

  157.         0x8    Function calls

  159.         0x10   Verbose

  161.         0x20   Performance



  165.    -GetFiles [-Scan]

  167.         Gathers the following log files and packages them together in a

  169.         compressed file in the support directory



  173.         - Any trace files from Microsoft Antimalware Service

  175.         - The Windows Update history log

  177.         - All Microsoft Antimalware Service events from the System event log

  179.         - All relevant Microsoft Antimalware Service registry locations

  181.         - The log file of this tool

  183.         - The log file of the signature update helper tool



  187.         [-Scan]

  189.         Scans for unusual files.  The files and results of the scan

  191.         will be packaged in the compressed file.



  195.    -RemoveDefinitions

  197.         Restores the last set of signature definitions



  201.         [-All]

  203.         Removes any installed signature and engine files. Use this

  205.         option if you have difficulties trying to update signatures.



  209.         [-DynamicSignatures]

  211.         Removes all Dynamic Signatures.



  215.    -SignatureUpdate

  217.         Checks for new definition updates



  221.         [-UNC [-Path <path>]]

  223.         Performs update directly from UNC file share specified in <path>

  225.         If -Path is not specified, update will be performed directly from the

  227.              preconfigured UNC location



  231.         [-MMPC]

  233.         Performs update directly from Microsoft Malware Protection Center



  237.    -Restore

  239.         [-ListAll]

  241.         List all items that were quarantined



  245.         [-Name <name>]

  247.         Restores the most recently quarantined item based on threat name

  249.         One Threat can map to more than one file



  253.         [-All]

  255.         Restores all the quarantined items based on name



  259.         [-Path]

  261.         Specify the path where the quarantined items will be restored.

  263.         If not specified, the item will be restored to the original path.

  265.    -AddDynamicSignature -Path <path>

  267.         Adds a Dynamic Signature specified by <path>



  271.    -ListAllDynamicSignatures

  273.         Lists SignatureSet ID's of all Dynamic Signatures added to the client

  275.         via MAPS and MPCMDRUN -AddDynamicSignature



  279.    -RemoveDynamicSignature -SignatureSetID <SignatureSetID>

  281.         Removes a Dynamic Signature specified by <SignatureSetID>
复制代码

评分

参与人数 1经验 +10 收起 理由
飞霜流华 + 10 感谢解答: )

查看全部评分

回复

举报

iceelee
 楼主| 发表于 2013-3-14 17:16:49 | 显示全部楼层
ELOHIM 发表于 2013-3-14 14:53
下面是MSE4.2  "mpcmdrun.exe" 命令行的用户可用参数,日志文件可以参照windows日志文件,也可以搜索系统隐 ...

感谢回答,,看来MSE的这点做的还是不够啊,可订制性不够完善。
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-24 15:51 , Processed in 0.121792 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表