GetThreats. Obtaining data on detected threats

Displaying a list of detected threats (Report on threats). This report contains information about threats and virus activity during the last 30 days prior to creating the report.

To run the command, go to the folder where the Kaspersky Endpoint Security executable file is located.

Command syntax

kescli --opswat GetThreats

When this command is executed, Kaspersky Endpoint Security will send a response in the following format:

<name of detected object> <type of object> <detection date and time> <path to file> <action on threat detection> <threat danger level>

unlock_kes11_cmd_getthreats

Managing the application from the command line

Object type
`0`	Not known (`Unknown`).
`1`	Viruses (`Virware`).
`2`	Trojan programs (`Trojware`).
`3`	Malicious programs (`Malware`).
`4`	Advertisement programs (`Adware`).
`5`	Auto-dialer programs (`Pornware`).
`6`	Applications that could be used by a cybercriminal to harm the user's computer or data (`Riskware`).
`7`	Packed objects whose packing method may be used to protect malicious code (`Packed`).
`20`	Unknown objects (`Xfiles`).
`21`	Known applications (`Software`).
`22`	Concealed files (`Hidden`).
`23`	Applications requiring attention (`Pupware`).
`24`	Anomalous behavior (`Anomaly`).
`30`	Not determined (`Undetect`).
`40`	Ad banners (`Banner`).
`50`	Network attack (`Attack`).
`51`	Registry access (`Registry`).
`52`	Suspicious activity (`Suspicion`).
`60`	Vulnerabilities (`Vulnerability`).
`70`	Phishing (`Phishing`).
`80`	Unwanted email attachment (`Attachment`).
`90`	Malware detected by Kaspersky Security Network (`Urgent`).
`100`	Unknown link (`Suspic URL`).
`110`	Other malware (`Behavioral`).

Action on threat detection
`0`	Not known (`unknown`).
`1`	Threat was remediated (`ok`).
`2`	Object was infected and has not been disinfected (`infected`).
`5`	Object is in an archive and has not been disinfected (`archive`).
`9`	Object has been disinfected (`disinfected`).
`10`	Object has not been disinfected (`not disinfected`).
`11`	Object was deleted (`deleted`).
`13`	A backup copy of the object was created (`backupped`).
`15`	Object was moved to Backup (`quarantined`).
`23`	Object was deleted on computer restart (`delete on reboot`).
`25`	Object was disinfected on computer restart (`disinfect on reboot`).
`29`	Object was moved to Backup by a user (`added by user`).
`30`	Object was added to exclusions (`added to exclude`).
`31`	Object was moved to Backup on computer restart (`quarantine on reboot`).
`36`	False positive (`false alarm`).
`38`	Process was terminated (`terminated`).
`40`	Object was not detected (`not found`).
`41`	Cannot resolve the threat (`untreatable`).
`42`	Object was restored (`rolled back`).
`43`	Object was created as a result of threat activity (`produced by threat`).
`44`	Object was restored on computer restart (`roll back on reboot`).
`0xffffffff`	Object was not processed (`discarded`).

Threat danger level
`0`	Unknown
`1`	High
`2`	Medium scan
`4`	Low
`8`	Info (less than Low)

Page top