Scanning a specified scope: KAVSHELL SCAN

Working with Kaspersky Embedded Systems Security for Windows from the command line > Commands > Scanning a specified scope: KAVSHELL SCAN

Scanning a specified scope: KAVSHELL SCAN

To start a task to scan specific areas of the protected device, use KAVSHELL SCAN. The command-line options specify the scan scope and security settings of the selected node.

An On-Demand Scan task started using the KAVSHELL SCAN command is a temporary task. It is displayed in the Application Console only while being executed (you cannot view its task settings in the Application Console). However, a task log is generated and displayed in the Task logs in the Application Console.

When specifying paths in scan tasks for specific areas, you can use environment variables. If you use a user environment variable, execute the KAVSHELL SCAN command as the corresponding user.

The KAVSHELL SCAN command is executed in synchronous mode.

To start an existing On-Demand Scan task from the command line, use the KAVSHELL TASK command.

KAVSHELL SCAN command syntax

The KAVSHELL SCAN command has both mandatory and optional parameters/options (see the table below).

KAVSHELL SCAN command example

KAVSHELL SCAN Folder56 D:\Folder1\Folder2\Folder3\ C:\Folder1\ C:\Folder2\3.exe "\\another server\Shared\" F:\123\*.fgb /SHARED /AI:DISINFDEL /AS:QUARANTINE /FA /E:ABM /EM:"*.xtx;*.fff;*.ggg;*.bbb;*.info" /NOICHECKER /ANALYZERLEVEL:1 /NOISWIFT /W:log.log

KAVSHELL SCAN /L:scan_objects.lst /W:c:\log.log

KAVSHELL SCAN command-line parameters/options

Parameter/option	Description

Scan scope. The setting is mandatory.
<files>	Specifies the scan scope - list of files, folders, network paths and predefined areas. Specify network paths in Universal Naming Convention (UNC) format. In the following example, Folder4 is specified without the path to it. This means that it is located in the folder from which you run the KAVSHELL command. KAVSHELL SCAN Folder4 If the name of the object to be scanned has spaces, it must be wrapped in quotation marks. If a folder is specified, Kaspersky Embedded Systems Security for Windows will also scan all its subfolders. The symbols * or ? can be used to scan a group of files.
<folders>
<network path>
/MEMORY	Scan objects in RAM
/SHARED	Scan shared folders on the protected device
/STARTUP	Scan autorun objects
/REMDRIVES	Scan removable drives
/FIXDRIVES	Scan hard drives
/MYCOMP	Scan all areas of the protected device
/L:<path to file with a list of scan scopes>	Full path to file with a list of scan scopes. Use line breaks to separate the scan scopes in the file. You can specify predefined scan areas as shown in the following example of the content of a file with a list of scan scopes: C:\ D:\Docs\*.doc E:\My Documents /STARTUP /SHARED
Scan objects (File types). If you do not specify this option, Kaspersky Embedded Systems Security for Windows will scan objects by their format.
/FA	Scan all objects
/FC	Scan objects by format (default). Kaspersky Embedded Systems Security for Windows scans only objects whose formats are included in the list of formats of infectable objects.
/FE	Scan objects by extension. Kaspersky Embedded Systems Security for Windows scans only objects with extensions included into the list of extensions of infectable objects.
/NEWONLY	Scan only new and modified files. If you do not specify this option, Kaspersky Embedded Systems Security for Windows will scan all objects.
Action to perform on infected and other objects. If you do not specify values for this modifier, Kaspersky Embedded Systems Security for Windows will perform the Skip action.
DISINFECT	Disinfect, skip if disinfection is not possible The DISINFECT and DELETE options are preserved in the current version Kaspersky Embedded Systems Security for Windows in order to ensure compatibility with previous versions. These options can be used instead of the /AI and /AS options. In this case, Kaspersky Embedded Systems Security for Windows will not process probably infected objects.
DISINFDEL	Disinfect, delete if disinfection is not possible
DELETE	Delete The DISINFECT and DELETE options are preserved in the current version Kaspersky Embedded Systems Security for Windows in order to ensure compatibility with previous versions. These options can be used instead of the /AI and /AS options. In this case, Kaspersky Embedded Systems Security for Windows will not process probably infected objects.
REPORT	Send report (default)
AUTO	Perform recommended action
Action to perform on probably infected objects. If you do not specify this option, Kaspersky Embedded Systems Security for Windows will perform the Skip action.
QUARANTINE	Quarantine
DELETE	Delete
REPORT	Send report (default)
AUTO	Perform recommended action
Exclusions
/E:ABMSPO	Exclude the following types of compound objects: A – archives (scan SFX archives only) B – email databases M – plain mail S – archives and SFX-archives P – packed objects O – embedded OLE objects
/EM:<"`masks"`>	Exclude files by mask You can specify several masks, for example: `EM:".txt; .png; C\Videos\*.avi"`.
/ET:<number of seconds>	Stop processing an object if it takes longer than the number of seconds specified by <number of seconds>. By default, there is no time restriction.
/ES:<size>	Do not scan compound objects larger than the size (in MB) specified by the value <size>. By default, Kaspersky Embedded Systems Security for Windows scans objects of all sizes.
/TZOFF	Disable Trusted Zone exclusions
Advanced settings (Options)
/NOICHECKER	Disable the use of iChecker (enabled by default)
/NOISWIFT	Disable the use of iSwift (enabled by default)
/ANALYZERLEVEL:<heuristic analysis level>	Enable Heuristic Analyzer, configure analysis level. The following heuristic analysis levels are available: 1 – light 2 – medium 3 – deep If you omit this option, Kaspersky Embedded Systems Security for Windows will not use Heuristic Analyzer.
/ALIAS:<task alias>	Assigns a temporary name to an On-Demand Scan task, allowing you to reference it while it runs, for example, in order to view its statistics using the TASK command. The task alias must be unique among the task aliases of all Kaspersky Embedded Systems Security for Windows components. If this option is not specified, a temporary name in the form of scan_<kavshell_pid> is assigned, for example, scan_1234. In the Application Console, the task is assigned the name "Scan objects <date and time>", for example, Scan objects 8/16/2007 5:13:14 PM.
Task log settings (Report settings)
/W:<path to task log file>	If this parameter is specified, Kaspersky Embedded Systems Security for Windows will save the task log file using the name specified by the parameter value. The log file contains task execution statistics, the time when the task was started and completed (stopped), and information about events that occurred during the task. The log is used to register events defined by the task log settings and the Kaspersky Embedded Systems Security for Windows event log settings in Event Viewer. You can specify either the absolute or relative path to the log file. If you specify only a filename without a path, the log file will be created in the current folder. Restarting the command with the same log settings will overwrite the existing log file. The log file can be viewed while a task is running. The log appears in the Task logs node of the Application Console. If Kaspersky Embedded Systems Security for Windows fails to create the log file, it will display an error message but will still execute the command.
/ANSI	This option uses ANSI encoding to record events to the task log. The ANSI option will not be applied if the W parameter is not specified. If the ANSI option is not specified, UNICODE is used to generate the task log.

Article ID: 146707, Last review: Oct 4, 2024

Page top