Commands for managing the Quarantine

-Q is a prefix indicating that the command belongs to the group of commands used to manage the Quarantine.

kesl-control -Q --mass-remove

The command deletes some or all files from Quarantine.

Command syntax

Delete all files:

kesl-control -Q --mass-remove

Delete files that match the filter conditions:

kesl-control -Q --mass-remove --query "<filter conditions>"

Arguments and options

<filter conditions>: one or several logical expressions in the format <field> <comparison operator> '<value >', combined with the help of the logical operator and to limit the results.

kesl-control --put

This command is available only when Kaspersky Endpoint Security is integrated with Kaspersky Endpoint Detection and Response Optimum.

The command allows to quarantine a file.

Command syntax

kesl-control [-Q] --put <file path> [--md5] [--sha256] [--save-original-file]

Arguments and keys

<file path> is the path to the file that you want to quarantine.

--md5 is the MD5 hash of the file that you want to quarantine.

--sha256 is the SHA256 hash of the file that you want to quarantine.

--save-original-file keeps the original file. If you do not specify this option, the original file is deleted.

kesl-control -Q --query

This command outputs information about quarantined files.

Command syntax

Output information about all quarantined files:

kesl-control -Q --query [-n <number>] [--json]

Display information about quarantined files that match filter conditions:

kesl-control -Q --query ["<filter conditions>"] [-n <number>]

Arguments and options

<filter conditions>: one or several logical expressions in the format <field> <comparison operator> '<value >', combined with the help of the logical operator and to limit the results. If you do not specify any filter conditions, the application will display the details of all quarantined files.

<number> is the number of the most recent quarantined files that you want to display. If you do not specify the -n option, the last 30 files are displayed. To display all files, specify 0.

--json: output data in JSON format.

kesl-control -Q --restore

The command lets you restore a file from quarantine.

Command syntax

kesl-control -Q --restore <file ID> [--file <file path>]

Arguments and keys

<file ID>: the ID of the quarantined file.

--file <file path>: the new name of the file and the path to the directory to save it to. If you do not specify the --file option, the fille will be restored with its original name and to its original location. If the directory is deleted or the user does not have access rights to it, the application places the file in the /var/opt/kaspersky/kesl/common/restored/ directory. You can manually move the file from this directory to the directory of your choice.

Page top