Run malware scan

Command syntax:

kav scan <scan scope> <action> <file types> <exclusions> <report parameters> <advanced parameters>

Note: To run a malware scan, you can also use tasks created in the application by starting one from the command line. The task is started with the parameters that are specified in the Kaspersky Endpoint Security interface.

Parameter descriptions

<scan scope> – This parameter specifies a list of objects that are to be scanned for malicious code. You can include several parameters separating them with a space.

The following values are possible:

• <files> – List of paths to files and/or folders to be scanned. You can specify absolute or relative paths to the files. Items in the list are separated by a space.

  Note: If the name of an object or the path to it includes a space or special characters (such as $, &, or @), the name should be encased in single quotes (' '), or each of the special characters should be escaped by adding a backslash (\) immediately before it. If reference is made to a specific folder, all files and folders in this folder are scanned.

• -all – Full scan of your computer.
• -remdrives – All removable drives.
• -fixdrives – All internal drives.
• -netdrives – All network drives.
• -@:<filelist.lst> – Path to the file with a list of objects and folders within the scan scope. The file must be in text format and each scan object must be listed in a separate line. Only an absolute path to the file may be entered.

<action> – This parameter determines the action to take on malicious objects that are detected during the scan. If this parameter is not defined, the default action is the one corresponding to the value -i8.

The following values are possible:

• -i0 – Take no actions on the object, only save information about the object in a report.
• -i1 – Disinfect infected objects, skip them if they cannot be disinfected.
• -i2 – Disinfect infected objects, delete them if they cannot be disinfected; do not delete containers, except for those with executable headers (.sfx archives).
• -i3 – Disinfect infected objects, delete them if they cannot be disinfected; delete containers completely if infected files inside them cannot be deleted.
• -i4 – Delete infected objects; delete containers completely if infected files inside them cannot be deleted.
• -i8 – Prompt the user for action if an infected object is detected (used by default).
• -i9 – Prompt the user for action when the scan is completed.

<file types> – This parameter defines the file types that are subject to malware scan. By default, if this parameter is not defined, only files that may be potentially infected (based on the file contents) are scanned.

The following values are possible:

• -fe – Scan only files that may be potentially infected (based on the file extension).
• -fi – Scan only files that may be potentially infected (based on the file content). This parameter is used by default.
• -fa – Scan all files.

<exclusions> – This parameter defines the objects to exclude from scanning. You can include several parameters separating them with a space.

The following values are possible:

• -e:a – Do not scan archives.
• -e:b – Do not scan email databases.
• -e:m – Do not scan email messages in text format.
• -e:<mask> – Do not scan objects by mask.
• -e:<seconds> – Skip objects that are scanned for longer than the specified length of time (in seconds).
• -es:<size> – Skip objects with size larger than the specified value (in megabytes).

<report parameters> – These parameters define the format of the report containing the scan results. You can specify an absolute or relative path to the report file. If this parameter is not defined, scan results are displayed and all events are shown.

The following values are possible:

• -r:<report file> – Log only important events to the specified report file.
• -ra:<report file> – Log all events to the specified report file.

<advanced parameters> – Parameters that define the use of malware scan technologies and configuration files:

• -iSwift=<on|off> – Enable/disable the use of iSwift.
• -c:<configuration file> – Define the path to the configuration file that contains the application settings for malware scan tasks. You can specify an absolute or relative path to the file. If this parameter is not specified, the values set in the application interface are used together with the values that are already specified in the command line.