-Q is a prefix indicating that the command belongs to the group of commands used to manage the Quarantine.
kesl-control -Q --mass-remove
The command deletes some or all files from Quarantine.
Command syntax
Delete all files:
kesl-control -Q --mass-remove
Delete files that match the filter conditions:
kesl-control -Q --mass-remove --query "<filter conditions>"
Arguments and options
<filter conditions>: one or several logical expressions in the format <field> <comparison operator> '<value >', combined with the help of the logical operator and to limit the results.
kesl-control --put
This command is available only when Kaspersky Endpoint Security is integrated with Kaspersky Endpoint Detection and Response Optimum.
The command allows to quarantine a file.
Command syntax
kesl-control [-Q] --put <file path> [--md5] [--sha256] [--save-original-file]
Arguments and keys
<file path> is the path to the file that you want to quarantine.
--md5 is the MD5 hash of the file that you want to quarantine.
--sha256 is the SHA256 hash of the file that you want to quarantine.
--save-original-file keeps the original file. If you do not specify this option, the original file is deleted.
kesl-control -Q --query
This command outputs information about quarantined files.
Command syntax
Output information about all quarantined files:
kesl-control -Q --query [-n <number>] [--json]
Display information about quarantined files that match filter conditions:
kesl-control -Q --query ["<filter conditions>"] [-n <number>]
Arguments and options
<filter conditions>: one or several logical expressions in the format <field> <comparison operator> '<value >', combined with the help of the logical operator and to limit the results. If you do not specify any filter conditions, the application will display the details of all quarantined files.
<number> is the number of the most recent quarantined files that you want to display. If you do not specify the -n option, the last 30 files are displayed. To display all files, specify 0.
--json: output data in JSON format.
kesl-control -Q --restore
The command lets you restore a file from quarantine.
Command syntax
kesl-control -Q --restore <file ID> [--file <file path>]
Arguments and keys
<file ID>: the ID of the quarantined file.
--file <file path>: the new name of the file and the path to the directory to save it to. If you do not specify the --file option, the fille will be restored with its original name and to its original location. If the directory is deleted or the user does not have access rights to it, the application places the file in the /var/opt/kaspersky/kesl/common/restored/ directory. You can manually move the file from this directory to the directory of your choice.