This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
To perform actions on quarantined objects in Kaspersky Endpoint Agent using the command line interface:
cd command, navigate to the folder where the Agent.exe file is located.For example, enter the command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.
agent.exe --quarantine=delete --ouid=<comma-separated quarantined object identifiers. Required parameter> [--pwd=<current user password>].
Objects with the specified identifiers will be deleted from the Quarantine folder specified when quarantine settings are configured.
agent.exe --quarantine=restore --ouid=<comma-separated quarantined object identifiers. Required parameter> [--path-type=<one of the destination folder options to restore the objects from quarantine: original|custom|settings. Optional parameter> --path=<path to the destination folder for restored objects. Required parameter if the --path-type parameter is passed and the original>] value is specified [--action=<one of the actions on the object: replace|rename. Optional parameter>] [--pwd=<current user password>].
agent.exe --quarantine=add [--file=<full path to the object you want to quarantine>] [--pwd=<current user password>].agent.exe --quarantine=add [--hash=<hash of the object you want to quarantine. Required parameter. If you do not specify the full path to the object and pass the --hashalg parameter>]--hashalg=<one of the hash types: md5|sha256. Required parameter. If you do not specify the full path to the object> [--file=<path to the folder with the object that you want to quarantine>] [--pwd=<current user password>].Command parameters when performing actions on quarantined objects
Parameter |
Description |
|
Required parameter. The parameter passes a unique numeric (int64) identifier of the quarantined object. Displayed when viewing information about quarantined objects (command |
|
The parameter describes the logic for destination folder selection when restoring objects from quarantine.
|
|
Required parameter if the This parameter defines the path to a folder for objects restored from quarantine if you do not want to use the folder where the object was located before being quarantined or the folder specified when quarantine settings were configured. |
|
This parameter defines the action that you want to perform on the object if the destination folder for restored objects already contains a file with the same name as the file you are restoring from quarantine.
|
|
A required parameter if the This parameter defines the full path to the object that you want to quarantine. |
|
A required parameter if the The parameter defines the hashing algorithm to calculate the checksum of the object you want to quarantine. The parameter can be passed with one of the following values: |
|
Required parameter if the The parameter defines the checksum of the object you want to quarantine. |
|
Required parameter if the This parameter specifies the path to the folder that contains the object that you want to quarantine and whose hash is specified as the value of the |
|
Allows you to specify the password of the user whose account is used to execute the command. |
Return codes of the --quarantine command: