This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
The task can be run only if you have an active Kaspersky Industrial CyberSecurity for Node license key with an ICS Audit licensed object.
For the following rule sources, you can configure and launch a Security Audit task using the command line interface:
To configure and launch a Security Audit task using the command line interface:
cd
command, navigate to the folder where the Agent.exe file is located.For example: cd C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent
agent.exe --scan-oval [--source={kl|kl-compl|file}] [--repository=show] [--path={<
full path to folder
>}] [--external-vars=<
full path and name of ZIP archive with external variables
>] [--mode={all|exclude|include}] [--definitions=<
vulnerability type_01
;
vulnerability type_02
;
vulnerability type_N
>] [--log={none|critical|warning|information|debug}] --result-path=<
path to the file with the report
>
Command parameters for configuring and launching a Security Audit task
Parameters |
Description |
|
Required parameter. Starts a Security Audit task on the device. |
|
Determines the source of rules required by the Security Audit. Available values:
|
|
This parameter is available if the selected rule source is security configurations and standards compliance for operating systems ( If the parameter is specified, then instead of executing the Security Audit task, Kaspersky Endpoint Agent saves an XML file that lists the names of the existing security configurations to the folder specified by the |
|
This parameter determines the path to the folder with OVAL and XCCDF rules for the Custom rule database from file source ( |
|
This parameter specifies the full path and name of the ZIP archive with the XML file with external variables for OVAL rules. |
|
This parameter defines the vulnerability scan mode. Possible parameter values:
|
|
Semicolon-separated list of vulnerability types that must be scanned or must be excluded from being scanned. For example: < > .Used together with the |
|
This parameter determines the logging mode for recording task events. Available values:
|
|
Required parameter. Specifies the path to the folder where the scan report in XML format is stored. The file name contains the node name, as well as the date and time when the task was run. A log file in LOG format with task events is saved in the same folder. If the parameter is not specified, the task's execution will fail. |
Return codes of the --scan-oval
command:
0
– command successfully executed;1
– general error.If the command completes successfully (code 0
), a report in XML format is saved in the folder specified by the --result-path
parameter. If the --log
parameter was specified, a log file in LOG format with task events is saved there as well.