SCAN. Malware Scan

Running the Malware Scan task.

To run the command, go to the folder where the Kaspersky Endpoint Security executable file is located. You can also add the executable file path to the %PATH% system variable and run the command without navigating to the application folder.

Command syntax

avp.com SCAN [<scan scope>] [<action on threat detection>] [<file types>] [<scan exclusions>] [/R[A]:<report file>] [<scan technologies>] [/C:<file with scan settings>]

Scan scope

 

<files to scan>

A space-separated list of files and folders. Long paths must be enclosed in quotation marks. Short paths (MS-DOS format) do not need to be enclosed in quotation marks. For example:

  • "C:\Program Files (x86)\Example Folder" – long path.
  • C:\PROGRA~2\EXAMPL~1 – short path.

/ALL

Run the Malware Scan task. Kaspersky Endpoint Security scans the following objects:

  • Kernel memory
  • Objects that are loaded at startup of the operating system
  • Boot sectors
  • Operating system backup
  • All hard and removable drives

/MEMORY

Scan the Kernel memory

/STARTUP

Scan the Objects that are loaded at startup of the operating system

/MAIL

Scan Outlook mailbox

/REMDRIVES

Scan removable drives.

/FIXDRIVES

Scan hard drives.

/NETDRIVES

Scan network drives.

/QUARANTINE

Scan the files in the Kaspersky Endpoint Security Backup.

/@:<file list.lst>

Scan the files and folders from a list. Each file in the list must be on a new row. Long paths must be enclosed in quotation marks. Short paths (MS-DOS format) do not need to be enclosed in quotation marks. For example:

  • "C:\Program Files (x86)\Example Folder" – long path.
  • C:\PROGRA~2\EXAMPL~1 – short path.

Action on threat detection

 

/i0

Inform. If this option is selected, Kaspersky Endpoint Security adds the information about infected files to the list of active threats on detection of these files.

/i1

Disinfect, block if disinfection fails. If this option is selected, Kaspersky Endpoint Security automatically attempts to disinfect all infected files that are detected. If disinfection is not possible, Kaspersky Endpoint Security adds the information about the infected files that are detected to the list of active threats.

/i2

Disinfect, delete if disinfection fails. If this option is selected, the application automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application deletes the files.

This action is selected by default.

/i3

Disinfect the infected files that are detected. If disinfection fails, delete the infected files. Also delete compound files (for example, archives) if the infected file cannot be disinfected or deleted.

/i4

Delete infected files. Also delete compound files (for example, archives) if the infected file cannot be deleted.

File types

 

/fe

Files scanned by extension. If this setting is enabled, the application scans infectable files only. The file format is then determined based on the file's extension.

/fi

Files scanned by format. If this setting is enabled, the application scans infectable files only. Before scanning a file for malicious code, the internal header of the file is analyzed to determine the format of the file (for example, .txt, .doc, or .exe). The scan also looks for files with particular file extensions.

/fa

All files. If this setting is enabled, the application checks all files without exception (all formats and extensions).

This is the default setting.

Scan exclusions

 

-e:a

RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE archives are excluded from the scan scope.

-e:b

Mail databases, incoming and outgoing e-mails are excluded from the scan scope.

-e:<file mask>

Files that match the file mask are excluded from the scan scope. For example:

  • The mask *.exe will include all paths to files that have the exe extension.
  • The mask example* will include all paths to files named EXAMPLE.

-e:<seconds>

Files that take longer to scan than the specified time limit (in seconds) are excluded from the scan scope.

-es:<megabytes>

Files that are larger than the specified size limit (in megabytes) are excluded from the scan scope.

Saving events to a report file mode (for Scan, Updater and Rollback profiles only)

 

/R:<report file>

Save only critical events to the report file.

/RA:<report file>

Save all events to a report file.

Scan technologies

 

/iChecker=on|off

This technology allows increasing scan speed by excluding certain files from scanning. Files are excluded from scans by using a special algorithm that takes into account the release date of Kaspersky Endpoint Security databases, the date when the file was last scanned, and any modifications to the scan settings. There are limitations to iChecker Technology: it does not work with large files and applies only to files with a structure that the application recognizes (for example, EXE, DLL, LNK, TTF, INF, SYS, COM, CHM, ZIP, and RAR).

/iSwift=on|off

This technology allows increasing scan speed by excluding certain files from scanning. Files are excluded from scans by using a special algorithm that takes into account the release date of Kaspersky Endpoint Security databases, the date when the file was last scanned, and any modifications to the scan settings. The iSwift technology is an advancement of the iChecker technology for the NTFS file system.

Advanced settings

 

/C:<file with scan settings>

File with the Malware Scan task settings. The file must be created manually and saved in TXT format. The file can have the following contents: [<scan scope>] [<action on threat detection>] [<file types>] [<scan exclusions>] [/R[A]:<report file>] [<scan technologies>].

Example:

avp.com SCAN /R:log.txt /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All Users\My Documents" "C:\Program Files"

See also:

Scanning the computer

Editing the scan scope

Scan. Malware Scan

Working with active threats

Page top