Anti-virus scans

The syntax for starting a virus scan of a certain area, and processing malicious objects, from the command prompt generally looks as follows:

avp.com SCAN [<object scanned>] [<action>] [<file types>] [<exclusions>] [<configuration file>]

[<report settings>] [<advanced settings>]

To scan objects, you can also start one of the tasks created in Kaspersky Anti-Virus for Windows Servers from the command prompt (see 12.2 on pg. 138). The task will be run with the settings specified in the program interface.

Parameter description:

<object scanned> - this parameter gives the list of objects that will be scanned for malicious code.

It can include several values from the following list, separated by spaces.

<files> List of paths to the files and/or folders to be scanned.

You can enter absolute or relative paths. Items in the list are separated by a space.

Notes:

If the object name contains a space, it must be placed in quotation marks

If you select a specific folder, all the files in it are scanned.

/MEMORY System memory objects

/STARTUP Startup objects

/MAIL Email databases

/REMDRIVES All removable media drives /FIXDRIVES All internal drives

/NETDRIVES All network drives

/QUARANTINE Quarantined objects

/ALL Complete scan

/@:<filelist.lst> Path to a file containing a list of objects and folders to be included in the scan. The file should be in a text format and each scan object must start a new line.

You can enter an absolute or relative path to the file.

The path must be placed in quotation marks if it contains a space.

<action> - this parameter sets responses to malicious objects detected during the scan. If this parameter is not defined, the default value is /i8.

/i0 take no action on the object; simply record

information about it in the report.

/i1 Treat infected objects, and if disinfection fails, skip /i2 Treat infected objects, and if disinfection fails, delete.

Exceptions: do not delete infected objects from compound objects; delete compound objects with executable headers, i.e. sfx archives (default ).

/i3 Treat infected objects, and if disinfection fails, delete.

Also delete all compound objects completely if infected contents cannot be deleted.

/i4 Delete infected objects, and if disinfection fails, delete. Also delete all compound objects completely if infected contents cannot be deleted.

/i8 Prompt the user for action if an infected object is detected.

/i9 Prompt the user for action at the end of the scan.

<file types> - this parameter defines the file types that will be subject to the anti-virus scan. If this parameter is not defined, the default value is /fi.

/fe Scan only potentially infected files by extension

/fi Scan only potentially infected files by contents (default)

/fa Scan all files

<exclusions> - this parameter defines objects that are excluded from the scan.

It can include several values from the list provided, separated by spaces.

-e:a Do not scan archives

-e:b Do not scan email databases

-e: m Do not scan plain text emails -e:<filemask> Do not scan objects by mask

-e:<seconds> Skip objects that are scanned for longer that the time specified in the <seconds> parameter.

-es:<size> Skip files larger (in MB) than the value assigned by

<size>.

<configuration file> - defines the path to the configuration file that contains the program settings for the scan.

The configuration file is saved in binary format (.dat), unless another format is specified or if the format is not assigned, and it can be used later to import application settings on other computers.

You can enter an absolute or relative path to the file. If this parameter is not defined, the values set in the Kaspersky Anti-Virus for Windows Servers interface are used.

/C:<file_name> Use the settings values assigned in the configuration file <file_name>

<report settings> - this parameter determines the format of the report on scan results.

You can use an absolute or relative path to the file. If the parameter is not defined, the scan results are displayed on screen, and all events are displayed.

/R:<report_file> Only log important events in this file /RA:<report_file> Log all events in this file

<advanced settings> – settings that define use of anti-virus scanning technologies.

/iChecker=<on|off> Enable/ disable iChecker.

/iSwift=<on|off> Enable/ disable iSwift.

Examples:

Start a scan of RAM, Startup programs, email databases, the directories My Documents and Program Files, and the file test.exe:

avp.com SCAN /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All Users\My Documents" "C:\Program Files"

"C:\Downloads\test.exe"

Pause scan of selected objects and start full computer scan, then continue to scan for viruses within the selected objects:

avp.com PAUSE SCAN_OBJECTS /password=<your_password>

avp.com START SCAN_MY_COMPUTER avp.com RESUME SCAN_OBJECTS

Scan RAM and the objects listed in the file object2scan.txt. Use the configuration file scan_setting.txt. After the scan, generate a report in which all events are recorded:

avp.com SCAN /MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log

Sample configuration file:

/MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log