You can perform a custom scan of the specified files and directories using the command kesl-control --scan-file
.
A custom scan is performed with the settings stored in the predefined task Scan_File (ID: 3). You can configure settings for a custom scan of files by editing the settings of this task (see the table below).
To start a custom scan of the specified files and directories, execute the following command:
kesl-control --scan-file <
path
> [--action <
action
>]
where:
<
path
>
is the path to the file or directory that you want to scan. You can specify multiple paths by separating them with a space.--action <
action
>
is the action to be performed by the application on the infected objects. If you do not specify the --action
key, the application performs the Recommended
action.As a result of executing the command, a temporary file scan task is created, which is automatically deleted after completion. In this case, the scan results are output to the console.
The table describes all available values and the default values of all the settings that you can specify for the Scan_File task.
The [ScanScope.item_ #]
and [ExcludedFromScanScope.item_ #]
sections defined in the Scan_File task are not taken into account when performing the custom scan.
Scan_File task settings
Setting |
Description |
Values |
|
---|---|---|---|
|
Enables file scan. |
|
|
|
Enables boot sector scans. |
|
|
|
Enables process memory and kernel memory scans. |
|
|
|
Enables startup object scans. |
|
|
|
Enables scanning of archives (including SFX self-extracting archives). The application scans the following archives: .zip; .7z*; .7-z; .rar; .iso; .cab; .jar; .bz; .bz2; .tbz; .tbz2; .gz; .tgz; .arj. The list of supported archive formats depends on the application databases being used. |
|
|
|
Enables scanning of self-extracting archives only (archives that contain an executable extraction module). |
|
|
|
Enables scanning email databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail clients. |
|
|
|
Enables scanning of plain text email messages. |
|
|
|
Maximum size of an object to be scanned (in megabytes). If the object to be scanned is larger than the specified value, the application skips this object. |
0 – 999999 0 — The application scans objects of any size. Default value: 0. |
|
|
Maximum object scan duration (in seconds). The application stops scanning the object if it takes longer than the time specified by this setting. |
0 – 9999 0 — The object scan time is unlimited. Default value: 0. |
|
|
Selection of the first action to be performed by the application on the infected objects.
|
Default value: |
|
|
Selection of the second action to be performed by the application on the infected objects. The application performs the second action if the first action fails. |
The possible values of the If Default value: |
|
|
Enables scan exclusions for the objects specified by the |
|
|
|
Excludes objects from being scanned by name or mask. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in the shell format. |
The default value is not defined.
|
|
|
Enables scan exclusions for objects containing the threats specified by the |
|
|
|
Excludes objects from scans by the name of the threats detected in them. Before specifying a value for this setting, make sure that the In order to exclude an object from scans, specify the full name of the threat detected in this object – the string containing the application's decision that the object is infected. For example, you may be using a utility to collect information about your network. To keep the application from blocking it, add the full name of the threat contained in it to the list of threats excluded from scans. You can find the full name of the threat detected in an object in the application log or on the website https://threats.kaspersky.com. |
The setting value is case-sensitive. The default value is not defined.
|
|
|
Enables global exclusions for scanning. |
|
|
|
Enables File Threat Protection exclusions for scanning. |
|
|
|
Enables logging of information about scanned objects that the application reports as not being infected. You can enable this setting, for example, to make sure that a particular object was scanned by the application. |
|
|
|
Enables logging of information about scanned objects that are part of compound objects. You can enable this setting, for example, to make sure that an object within an archive has been scanned by the application. |
|
|
|
Enables logging of information about objects that have not been processed for some reason. |
|
|
|
Enables heuristic analysis. Heuristic analysis helps the application to detect threats even before they become known to virus analysts. |
|
|
|
Specifies the heuristic analysis level. You can specify the heuristic analysis level. The heuristic analysis level sets the balance between the thoroughness of searches for threats, the load on the operating system's resources, and the scan duration. The higher the heuristic analysis level, the more resources and time are required for scanning. |
|
|
|
Enables usage of the iChecker technology. |
|
|
|
List of device names. The application will scan boot sectors of these devices. The setting value cannot be empty. At least one device name mask must be specified to run this task. |
Default value: |
|
The [ScanScope.item_#] section contains the following settings: |
|||
|
Description of the scan scope, which contains additional information about the scan scope. The maximum length of the string specified using this setting is 4096 characters. |
Default value:
|
|
|
Enables scans of the specified scope. To run the task, enable scans of at least one scope. |
|
|
|
Scan scope limitation. Within the scan scope, the application scans only the files that are specified using the masks in the shell format. If this setting is not specified, the application scans all the objects in the scan scope. You can specify several values for this setting. |
The default value is
|
|
|
Path to the directory with objects to be scanned.
|
|
|
The [ExcludedFromScanScope.item_#] section contains the following settings: |
|||
|
Description of the scan exclusion scope, which contains additional information about the exclusion scope. |
The default value is not defined. |
|
|
Excludes the specified scope from scans. |
|
|
|
Limitation of scan exclusion scope. In the exclusion scope, the application excludes only the files that are specified using masks in the shell format. If this setting is not specified, the application excludes all the objects in the exclusion scope. You can specify several values for this setting. |
Default value: |
|
|
Path to the directory with objects to be excluded. |
In order to optimize the operation of scan tasks, it is recommended to add the path with snapshots mounted by the system in the read-only mode to the exclusions for the systems with the btrfs file system and enabled active snapshots. For example, for the systems based on SUSE/OpenSUSE, you can add the following exclusion
Remote directories are excluded from scans by the application only if they were mounted before the task was started. Remote directories mounted after the task is started are not excluded from scans. |