KAVSHELL START

KAVSHELL STOP

KAVSHELL SCAN <check_areas> [/MEMORY | /SHARED | /STARTUP | /REMDRIVES | /FIXDRIVES | /MYCOMP]
[/L:<full_path_to_file_with_list_of_objects_for_checking>] [/F<A|E|C>] [/AI:<DISINFECT | DISINFDEL | DELETE | REPORT | AUTO>]
[/AS:<QUARANTINE | DELETE | REPORT | AUTO>] [/E:<ABMSPO>] [/EM:<"masks">] [/ES:<size>] [/ET:<number_of_seconds>]
[/NOICHECKER] [/NOISWIFT][/W:<report_file>] [/ALIAS:<alternative_name_ task>]

check_areas (mandatory key) — scan objects. Files, folders, network paths and predefined areas can be specified. Specify network paths in UNC format. The use of masks and environment variables is allowed. Predefined areas:

• /MEMORY: scan objects in RAM.
• /SHARED: check shared folders on the server.
• /STARTUP: scan startup objects.
• /REMDRIVES: scan removable drives.
• /FIXDRIVES: scan hard disk drives.
• /MYCOMP: check all areas of the protected server.
  

L:<full_path_to_file_with_list_of_objects_for_check> — the name of a file containing the list of objects to be scanned (it is possible to use preset keys). One object per line is allowed. Separate the scan areas with an empty space;

Notes:
– If the name of the file/folder contains a space, it should be enclosed in quotation marks.
– You can use masks for defining scan objects.
– If a scan object is a directory, all the files in that folder will be scanned.

/F<A|E|C> — specifies file types to scan (by default, Anti-Virus scans files by format):

• /FA: scan all files.
• /FC: scan objects by format (Anti-Virus analyzes the internal format of files and checks only infectable ones).
• /FE: scan objects by extension (Anti-Virus scans only files with "infectable" extensions).

/AI:<DISINFECT | DISINFDEL | DELETE | REPORT | AUTO> — actions applies to infected objects (by default, Anti-Virus skips infected files):

• DISINFECT: disinfect, skip if disinfection fails.
• DISINFECT: disinfect, skip if disinfection fails.
• DELETE: delete infected objects.
• REPORT: skip infected objects.
• AUTO: apply the action recommended for the given threat type.

/AS:<QUARANTINE | DELETE | REPORT | AUTO> — actions applies to suspicious (possibly infected) objects (by default, Anti-Virus skips suspicious files):

• QUARANTINE: quarantine the objects.
• DELETE: delete suspicious objects.
• REPORT: skip suspicious objects.
• AUTO: apply the action recommended for the given threat type.

/E:<ABMSPO> — exclusion of compound objects:

• A: archives.
• B: e-mail databases.
• M: mail format files.
• S: self-extracting archives.
• P: packed objects.
• O: embedded OLE-objects.

/EM:<"masks"> — exclude files by mask. If there are several masks, separate them with the symbol of semicolon (;) without spaces;

/ES:<size> — exclude from scan the compound objects larger than specified. By default, Anti-Virus scans objects of any size.

[/ET:<number_of_seconds>] — stop processing an object, if it takes longer than pecified (in seconds). By default, there is no limit.

/NOICHECKER — disable the iChecker technology.

/NOISWIFT — disable the iSwift technology.

/ALIAS:<alternative_task_name> — assign the task a temporary name under which it can be addressed with the TASK command. By default, the task is named scan_<kavshell_pid>. For example, scan_1256. The task is assigned with the name Scan objects (<time_and_date>) in the Anti-Virus Console. For example, Scan objects 13_10_50_20_09_2007.

/W:<log_file> — start logging the task execution into a file. Without full path, the file will be created in the directory from which the command KAVSHELL is run. Restarting the task with the same logging settings will overwrite the existing file. When it is impossible to create a log file, Anti-Virus does not stop the scanning process and reports no error.

Examples:

Start scanning the following folders and files:

• Folder4 — subfolder of the folder containing the command line utility KAVSHELL;
• D:\Folder1\Folder2\Folder3\;
• C:\Folder5\;
• \\server1\Shared Folder\;
• F:\123\*.fgb — all files with extension fgb in the F:\123\ folder;
• /SHARED — all shared folders on the server
  

with the following parameters:

• Action applied to infected objects — disinfect, delete if disinfection fails.
• Action applied to suspicious objects — quarantine.
• Scan all files.
• Exclusions — archives, mail databases, mail format files, files by masks *.xtx; *.ff?; *.ggg; *.bbb; *.info.
• Do not use iChecker and iSwift technologies.
• Write reports to file report.log, in the directory from which the command KAVSHELL is launched:
  

KAVSHELL SCAN Folder4 D:\Folder1\Folder2\Folder3\ C:\Folder5\ C:\Folder6\3.exe F:\123\*.fgb
"\\server1\Shared Folder\" /SHARED /AI:DISINFDEL /AS:QUARANTINE /FA /E:ABM
/EM:"*.xtx;*.ff?;*.ggg;*.bbb;*.info" /NOICHECKER /NOISWIFT /W:report.log

Start scanning objects listed in the file scan_objects.lst (file located in the same directory with the command-line utility KAVSHELL), record the results of scanning in the file report.log.

KAVSHELL SCAN /L:scan_objects.lst /W:report.log

Scanning Critical Areas — running the system task Scan Critical Areas

KAVSHELL SCANCRITICAL [/W:<report_file>] /W:<report_file> — start recording a report on the implementation of tasks in the file. Without specifying the full path, the file will be created in the directory from which the command KAVSHELL is run. Restarting the task with the same write option in the report will overwrite the existing file. When it is impossible to create a report file, the Anti-Virus does not stop the scanning and does not show an error.

KAVSHELL TASK [<alternative_name_of_the_task> {/START | /STOP | /PAUSE | /RESUME | /STATE | /STATISTICS} ]

If launched without parameters, the lists of all available tasks with the following parameters are shown: an alternative name for the task, task type (system, user or group) and the current state of the task.

<alternative_name_of_the_task> — instead of a task in the TASK command, use its alternative name (Task alias) — the additional, short name, which Anti-Virus assigns to tasks. To view the aliases of Anti-Virus tasks, type KAVSHELL TASK without keys.

/START: launches the specified task.

/STOP: stops the specified task.

/PAUSE: pauses the specified task.

/RESUME: restores the specified task.

/STATE: gets the current state of the specified tasks (running, stopped, paused).

/STATISTICS: the statistics of the task, information on the number of objects processed since the beginning of the task until the current moment.

Examples:

KAVSHELL TASK

KAVSHELL TASK on-access /START

KAVSHELL TASK user-task_1 /STOP

KAVSHELL TASK scan-computer /STATE

KAVSHELL RTP { /START | /STOP} — running/stopping of both real-time protection tasks.

/START: runs both real-time protection tasks.

/STOP: stops both real-time protection tasks.

Examples:

KAVSHELL RTP /STOP

Update Anti-Virus databases and application modules — running of the temporary update task.

KAVSHELL UPDATE <update_source | /AK | /KL> [/NOUSEKL] [/PROXY:<address>:<port>] [/AUTHTYPE:<0-2>] [/PROXYUSER:<user_name>] [/PROXYPWD:<password>] [/NOPROXYFORKL] [/USEPROXYFORCUSTOM] [/USEPROXYFORLOCAL] [/NOFTPPASSIVE] [/TIMEOUT:<number_of_seconds>] [/REG:<code_iso3166>] [/W:<name_of_the_report_file>] [/ALIAS:<alternative_name_of_task>]

update_source — a required parameter. If multiple sources are indicated, the task will refer to them in the listed order. Separate sources with spaces. The source can be specified by:

• <path_to_network_folder_in_UNC_format>
• <any_URL>
• <local_directory>
• /AK — Administration Server connected to the Administration Agent installed on the protected server.
• /KL — Kaspersky Lab update servers.
  
  

/NOUSEKL — do not use Kaspersky Lab’s update servers if other sources are unavailable (or when you update them with an error). Are used by default.

/PROXY:<address>:<port> — the network name or IP-address of the proxy and its port. If you do not specify this key, the Anti-Virus will automatically detect the proxy server, which is used in a LAN.

/NOPROXYFORKL — do not use proxy settings when connecting to the update servers of Kaspersky Lab (used by default).

/USEPROXYFORCUSTOM — the key is used only when an update source is specified as <path_to_network_folder_in_UNC_format>, <any_URL> and <local_directory>. Parameter specifies the use of proxy settings when connecting to these sources. If no address is listed as an update source, then it is not necessary to use this key.
If such sources are used, but the key /USEPROXYFORCUSTOM is not specified, the proxy server settings are not used!

/USEPROXYFORLOCAL — use the proxy settings when connecting to update sources located on the LAN. If you have specified as an update source an address on the LAN, but you have not specified the key in the task /USEPROXYFORLOCAL, then when you connect to this source, the proxy server settings will not be used!

/AUTHTYPE:<0-2> — when accessing the proxy server use the authentication methods:

• 0 — Integrated Authentication Microsoft Windows (NTLM-authentication); Anti-Virus will contact the proxy server under the Local system account (SYSTEM).
• 1 — Integrated Authentication Microsoft Windows (NTLM-authentication); Anti-Virus will contact the proxy server under the account data which are defined by the keys /PROXYUSER and /PROXYPWD.
• 2 — Authentication by user’s name and password specified by the keys /PROXYUSER and /PROXYPWD (Basic authentication).
  
  

/PROXYUSER:<username> — the user name that will be used to access the proxy server. If you specify the key value /AUTHTYPE:0, the key /PROXYUSER is ignored.

/PROXYPWD:<password> — user’s password, which will be used to access the proxy server. If you specify the key value /AUTHTYPE:0, the key /PROXYUSER is ignored. If you specify the key /PROXYUSER, and the key /PROXYPWD is omitted, it is considered that the password is blank.

/NOFTPPASSIVE — use the active mode of FTP-server. If the key is not specified, the passive mode will be used (if possible).

/TIMEOUT:<number_of_seconds> — timeout when connecting to the FTP or HTTP servers. If you do not specify this key, the Anti-Virus will use by default: 10 sec. As a key value you can enter only whole numbers.

/REG:<code_iso3166> — Anti-Virus optimizes download updates to the protected server by selecting the nearest server for updates (only if /KL is selected as the source of update — Kaspersky Lab’s server).
As a key value, specify the letter code of the country of location of the protected server in accordance with standard ISO 3166-1, for example, /REG:gr or /REG:RU.
If you miss this option or specify an invalid country code, then the Anti-Virus will detect the location of the protected server in accordance with the regional settings of the protected server (for Microsoft Windows 2003 Server and above — according the value of a variable Location).

/ALIAS:<alternative_name_of_task> — assign the task a temporary name by which it can be referenced using the TASK command. By default, the task is named scan_<kavshell_pid>. For example, update_2756. In the Anti-Virus Console, the task is given the name of Anti-virus bases update (<time_and_date>). For example, Anti-virus bases update 13_10_50_20_09_2007.

/W:<report_file> — start recording a report on the implementation of tasks in the file. Without specifying the full path, the file will be created in the directory from which the command KAVSHELL is run. Restarting the task with the same write option in the report will overwrite the existing file. When it is impossible to create a report file, the Anti-Virus does not stop the scanning and does not show an error.

KAVSHELL ROLLBACK

KAVSHELL LICENSE [/ADD: <key_file_name> [/R] | /DEL: <serial_number>]

Without keys — returns information about the installed keys — serial number, type (for beta testing/commercial/trial), the validity of the installed keys, information on whether the key is a backup (backup key corresponds to the symbol *).

/ADD — installs the key file. Specify the full path for the installed key.

/R — parameter, showing that the key will be installed as a backup. /ADD does not work without the parameter.

/DEL <serial_number> — delete the key with the specified serial number.

KAVSHELL TRACE </ON /F:<tracing_files_storage_folder> [/S:<maximum_size_of_log_file_in_megabytes>] [/LVL:<DEBUG | INFO | WARNING | ERROR | CRITICAL] | /OFF>

Through the command line you can enable tracing for all subsystems of the application simultaneously. Componentwise tracing is enabled only through the Anti-Virus Console.

/ON — enable tracing applications.

/F:<tracing_files_storage_folder> — the key indicates the folder where the trace files are saved. Please, note that this directory must exist! For each subsystem create a separate file. Parameter is required.

/S:<maximum_size_of_log_file_in_megabytes> — limit of trace log. When the maximum size is achieved, the Anti-Virus will write the data into a new file. By default, the maximum size of an individual file is 50 Mb.

/LVL:<DEBUG | INFO | WARNING | ERROR | CRITICAL> — level of detail trace: DEBUG — the most complete (debug information), CRITICAL — minimum information (critical events). By default, the trace is written with the level of DEBUG.

/OFF — disable tracing applications.

If the trace applications are already enabled, to change the settings for maintaining a record of log traces use the command KAVSHELL TRACE with the /ON key and set the trace parameters with keys /S and /LVL.

Examples:

Enable maintaining a record of log traces with the Debug information level of detail (DEBUG) and the maximum log file size 200 MB, save the trace in the folder C:\Trace Folder.

KAVSHELL TRACE /ON /F:"C:\Trace Folder" /S:200

Enable maintaining a record of log traces with the Informational level of detail (INFO); to save the traces in the folder C:\Trace Folder.

KAVSHELL TRACE /ON /F:"C:\Trace Folder" /S:200

To enable tracing of remote Console, you must add to the registry of the computer a new key and restart the Console:

• Microsoft Windows 32-bit (download this reg-file for 32-bit OS):
  
  [HKEY_LOCAL_MACHINE\Software\KasperskyLab\KAVFSEE\8.0\Trace\]
  Configuration=sub-system=gui;level=info;sink=folder(<full_path_to_folder_for_trace_files>);roll=50000;layout=basic;logging=on
  
  
• Microsoft Windows 64-bit (download this reg-file for 64-bit OS):
  
  [HKEY_LOCAL_MACHINE\Software\KasperskyLab\KAVFSEE\8.0\Trace\]
  Configuration=sub-system=gui;level=info;sink=folder(<full_path_to_folder_for_trace_files>);roll=50000;layout=basic;logging=on
  

When you enable tracing with the help of the reg-files that are ready, log trace records will be made to the directory C:\Temp.

KAVSHELL DUMP < < /ON /F:<folder_dump_storage> <folder>| /OFF> | </SNAPSHOT /F:<folder_dump_storage> file dumps from F:<папка>/P:<pid> > >

/ON — enable the creation of process memory dumping, when it terminates abnormally. Dump is saved in the directory specified by the key /F.

/SNAPSHOT — takes a memory image of the running Anti-Virus process.

/F:<tracing_files_storage_folder> — the key indicates the folder where the trace files are saved. Please, note that this directory must exist! Parameter is required.

/P:<pid> — The PID process ID, whose image must be removed; it is displayed in the Microsoft Windows Task Manager.

/ON — enable the creation of process memory dumping, when it terminates abnormally.

Examples:

Enable the creation of dumping; save dump files in the folder C:\Dump Folder.

KAVSHELL DUMP /ON /F:"C:\Dump Folder"

Remove the memory dump process with ID 1234 into folder C:/Dumps.

KAVSHELL DUMP /SNAPSHOT /F:C:\Dumps /P:1234

KAVSHELL IMPORT <full_path_and_name_of_configuration_file>

Examples:

KAVSHELL IMPORT Server.xml

KAVSHELL EXPORT <full_path_and_name_of_configuration_file>

You can assign any extension to the configuration file.

Examples:

KAVSHELL IMPORT Server.xml