This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
To perform actions on quarantined objects in Kaspersky Endpoint Agent using the command line interface:
cd
command, navigate to the folder where the Agent.exe file is located.For example, you can type the following command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\"
and press ENTER.
agent.exe --quarantine=delete --ouid=<
comma-separated quarantined object identifiers. Required parameter>
[--pwd=<
current user password>]
.
Objects with the specified identifiers will be deleted from the Quarantine folder on the devices. The Quarantine folder is specified when quarantine settings are configured.
agent.exe --quarantine=restore --ouid=<
comma-separated quarantined object identifiers. Required parameter> [--path-type=<
one of the destination folder options to restore the objects from the quarantine: original
|custom
|settings
. Optional parameter> --path=<
path to the destination folder for restored objects. Required parameter if the --path-type
parameter is passed and the original>] value is specified [--action=<
one of the actions on the object: replace|rename
. Optional parameter>] [--pwd=<
current user password>]
.
agent.exe --quarantine=add [--file=<
full path to the object you want to quarantine>] [--pwd=<
current user password>]
.agent.exe --quarantine=add [--hash=<
hash of the object you want to quarantine. Required parameter. If you do not specify the full path to the object and pass the --hashalg
parameter>]--hashalg=<
one of the hash types: md5|sha256
. Required parameter. If you do not specify the full path to the object> [--file=<
path to the folder with the object that you want to quarantine>] [--pwd=<
current user password>]
.Command parameters when performing actions on quarantined objects
Parameter |
Description |
|
Required parameter. The parameter passes a unique numeric (int64) identifier of the quarantined object. Displayed when viewing information about quarantined objects (command |
|
The parameter describes the logic for the destination folder selection when restoring objects from quarantine.
|
|
Required parameter if the This parameter defines the path where you want to create a folder for objects restored from the quarantine, if you do not want to use the folder where the object was located before being quarantined and the folder specified when configuring quarantine settings. |
|
This parameter defines the action that you want to perform on the object if the destination folder for restored objects already contains a file with name same to the name of the file you are restoring from quarantine.
|
|
Required parameter if the The parameter defines the full path to the object that you want to quarantine. |
|
Required parameter if the The parameter defines the hashing algorithm to calculate the checksum of the object you want to quarantine. The parameter can be passed with one of the following values: |
|
Required parameter if the The parameter defines the checksum of the object you want to quarantine. |
|
Required parameter if the This parameter specifies the path to the folder which contains the object that you want to quarantine and whose hash is specified as the value of the |
|
Allows you to specify the password of the user whose account is used to execute the command. |
Return codes of the --quarantine
command: