Kaspersky Embedded Systems Security 3.4 for Windows

Managing the Baseline File Integrity Monitor task: KAVSHELL FIM /BASELINE

You can use the KAVSHELL FIM /BASELINE command to configure the mode in which the Baseline File Integrity Monitor task runs and monitors the loading of DLL modules.

A password might be required to execute the command. To enter the current password, use [/pwd:<password>].

KAVSHELL FIM /BASELINE command syntax

KAVSHELL FIM /BASELINE [/CREATE: [<monitoring scope> | /L:<path to TXT file containing the list of monitoring scopes>] [/MD5 | /SHA256] [/SF]] | [/CLEAR [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/EXPORT:<path to TXT file> [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/SHOW [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/SCAN [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/PWD:<password>]

KAVSHELL FIM /BASELINE command examples

To delete a baseline, run the following command:

KAVSHELL FIM /BASELINE /CLEAR /BL:<baseline id>

You can configure Baseline File Integrity Monitor task settings using the command-line options (see the table below).

KAVSHELL FIM /BASELINE command-line parameters/options

Parameter/option

Description

/CREATE

Create a new Baseline File Integrity Monitor task.

Kaspersky Embedded Systems Security for Windows will start the new Baseline File Integrity Monitor task in order to create a baseline.

/L

Specify the path to the TXT file containing the list of monitoring scopes.

/MD5

Specify the MD5 algorithm for calculating a checksum (optional parameter).

/MD5 parameter can not be used together with /SHA256.

MD5 algorithm is used by default.

/SHA256

Specify the SHA256 algorithm for calculating a checksum (optional parameter).

/SHA256 parameter can not be used together with /MD5.

MD5 algorithm is used by default.

/SF

Includes all subfolders in the Baseline File Integrity Monitor task scope (optional parameter).

By default all subfolders are excluded from the Baseline File Integrity Monitor task scope.

/CLEAR

Delete the baseline with specified <baseline id> or the baseline for the task with specified <existing alias>.

Delete all baselines if neither <baseline id> nor <existing alias> was specified.

Optional parameter.

/BL

Specify the unique ID of a baseline (optional parameter).

/EXPORT

Export the data about all baselines in a TXT file.

/SHOW

Show data about all baselines.

/SCAN

Start the new Baseline File Integrity Monitor task with specified <baseline id> or specified <existing alias>.

/ALIAS

Specify the name of an existing task or the name for a new task.

<monitoring scope>

Specify the file or folder that you want to include in the Baseline File Integrity Monitor task scope.

This parameter allows to specify only one area.

<path to TXT file containing the list of monitoring scopes>

Specify the path to the TXT file containing the list of monitoring scopes.

The file must be UTF-8 encoded, and each path to a monitoring scope must be specified in a separate row.

<path to TXT file>

Specify the path to the file to which you want to export the data about all baselines.

<baseline id>

Specify the unique ID of a baseline.

You can use the /SHOW parameter to learn the ID of a baseline.

<existing alias>

Specify the name of an existing task.

<new alias>

Specify the name of a new task.