Kaspersky Endpoint Security commands

You can modify the values of Kaspersky Endpoint Security settings from the command line.

The following are the rules for using Kaspersky Endpoint Security commands:

• Commands are case-sensitive.
• Keys must be separated by a space character.
• When using the full name of a command or key, the value must be entered after an equal (=) character.

  Example: Specify the URL setting value for the custom update source of the update task (ID=6) from the command line: kesl-control --set-settings 6 SourceType=Custom CustomSources.item_0000.URL=http://site.domain/path CustomSources.item_0000.Enabled=Yes

Displaying Kaspersky Endpoint Security command Help

--help

Displays Help for Kaspersky Endpoint Security commands.

Display Kaspersky Endpoint Security events

-W

Enables the display of Kaspersky Endpoint Security events.

Commands for managing Kaspersky Endpoint Security settings and tasks

-T

Prefix indicating that the command belongs to the group of commands used for managing Kaspersky Endpoint Security settings / managing tasks (optional).

[-S] --app-info

Displays general information about Kaspersky Endpoint Security.

[-T] --get-app-settings --file <file name and directory>

Returns the general settings of Kaspersky Endpoint Security.

[-T] --set-app-settings --file <file name and directory>

Sets the general settings of Kaspersky Endpoint Security.

[-T] --get-task-list

Returns the list of existing Kaspersky Endpoint Security tasks.

[-T] --get-task-state <task ID>|<task name>

Displays the status of the specified task.

[-T] --create-task <task name> --type <task type> --file <file name and directory>

Creates a task of the specified type; imports the settings from the specified configuration file into the task.

[-T] --delete-task <task ID>|<task name>

Deletes the task.

[-T] --start-task <task ID>|<task name> [-W] [--progress] [--file <file name and directory>]

Starts the task.

[-T] --stop-task <task ID>|<task name>

Stops the task.

[-T] --suspend-task <task ID>|<task name>

Suspends the task. The Update task cannot be suspended.

[-T] --resume-task <task ID>|<task name>

Resumes the task. The Update task cannot be resumed.

[-T] --get-settings <task ID>|<task name> --file <file name and directory>

Returns task settings.

[-T] --set-settings <task ID>|<task name> [<parameters>] [--file <file name and directory>] [--add-path <path>] [--del-path <path>] [--add-exclusion <exclusion>] [--del-exclusion <exclusion>] --set-to-default

Sets task settings.

[-T] --scan-file <path> [--action <action>]

Creates and starts a temporary Scan_File task.

[-T] --import-settings --file <full path to configuration file>

Imports the application setting to the configuration file.

[-T] --update-application

Updates the application.

[-T] --set-settings [<task ID>|<task name>] set-to-default

Sets the task settings to default values.

[-S] --omsinfo --file <path>

Creates a file in JSON format for integration with Microsoft Operations Management Suite.

Key management commands

-L

Prefix indicating that the command belongs to the group of commands used to manage keys.

[-L] --install-active-key <activation code>|<key file>

Adds the active key.

[-L] --install-additional-key <activation code>|<key file>

Adds the additional key.

[-L] --revoke-active-key

Removes the active key.

[-L] --revoke-additional-key

Removes the additional key.

[-L] --query

Displays information about the key.

Commands for Firewall Management task

[-F] --add-rule [--name <string>] [--action <action>] [--protocol <protocol>] [--direction <directory>] [--remote <remote>] [--local <local>] [--at <index>]

Adds a new rule.

[-F] --del-rule [--name <string>] [--index <index>]

Deletes a rule.

[-F] --move-rule [--name <string>] [--index <index>] [--at <index>]

Changes the rule priority.

[-F] --add-zone [--zone <zone>] [--address <address>]

Adds an IP address to the zone.

[-F] --del-zone [--zone <zone>] [--address <address>] [--index <index>]

Deletes an IP address from the zone.

-F --query

Displays information.

Commands for Anti-Cryptor task

[-H] --get-blocked-hosts

Displays a list of blocked computers.

[-H] --allow-hosts

Unblocks untrusted computers.

Command for Docker containers and images scan

[-T] --scan-container <container|image[:tag]>

Creates a temporary Docker container scan task with settings from the custom container scan task (task name: Custom_Container_Scan, task ID: 19). After scan completion, the temporary task is deleted automatically. You can specify container and image names or name masks. Also you can specify ID of a container or image.

User management commands

[-U] --get-user-list

Obtains a list of users and roles.

[-U] --grant-role <role> <user>

Grants a role to the specified user.

[-U] --revoke-role <role> <user>

Revokes a role from the specified user.

Commands for managing Storage

-B

Prefix indicating that the command belongs to the group of commands used to manage Storage.

[-B] --mass-remove --query

Clears the Storage, fully or selectively.

[-B] --restore <object ID> --file <file name and directory>

Restores an object from Storage.

Commands used to manage the event log

-E

Prefix indicating that the command belongs to the group of commands used to manage the event log.

[-E] --query --limit --offset --file <file name and directory> --db <db file>

Maximum number of events for which information is displayed.

--query

Returns information about the filtered events from the event log or the specified log rotation file.

--offset

Number of records by which to offset from the start of the sample.

--db

Database file name.

Task schedule management commands

[-T] --set-schedule <task ID>|<task name> --file <file name and directory>

Sets the task schedule settings or imports them from the configuration file into the task.

[-T] --get-schedule <task ID>|<task name> --file <file name and directory>

Returns the task schedule settings.

RuleType=Once|Monthly|Weekly|Daily|Hourly|Minutely|Manual|PS|BR

Task launch schedule.

PS—Start the task after starting Kaspersky Endpoint Security.

BR—Start the task after anti-virus databases are updated.

StartTime=[year/month/month_day] [hh]:[mm]:[ss]; [<month_day>|<week_day>]; [<period>]

Task start time.

RandomInterval=<min.>

Task run interval, if several tasks are running at the same time (in minutes).

RunMissedStartRules

Enables or disables the start of a skipped task after Kaspersky Endpoint Security is started.

Examples: To schedule the task to start every ten hours, specify the following parameters: RuleType=Hourly RunMissedStartRules=No StartTime=2019/May/30 23:05:00;10 RandomInterval=0   To schedule the task to start every ten minutes, specify the following parameters: RuleType=Minutely RunMissedStartRules=No StartTime=23:10:00;10 RandomInterval=0   To schedule the task to start on the 15th of every month, specify the following parameters: RuleType=Monthly RunMissedStartRules=No StartTime=23:25:00;15 RandomInterval=0   To schedule the task to start on every Tuesday, specify the following parameters: RuleType=Weekly StartTime=18:01:30;Tue RandomInterval=99 RunMissedStartRules=No   To schedule the task to start every 11 days, specify the following parameters: RuleType=Daily RunMissedStartRules=No StartTime=23:15:00;11 RandomInterval=0

Page top