Starting a Portable Scanner

You can run only the same Portable Scanner that was written to the removable drive specified in the settings before creating the Portable Scanner. If you copy the Portable Scanner to a different USB drive, you will not be able to run it.

To run a Portable Scanner:

  1. Connect the removable drive containing the Portable Scanner to the device you want to scan.
  2. Start a command-line interpreter with local administrator permissions on the device.
  3. Using the cd command, navigate to the folder where the kavscan.exe file is located.

    For example, you can type the following command cd "[drive]:\Kavscan" and press Enter.

  4. Do one of the following:
    • If you want to start the Portable Scanner with the settings specified before recording the Portable Scanner,

      run kavscan.exe scan

    • If you want to start the Portable Scanner with settings different from those specified before writing the Portable Scanner,

      run kavscan.exe scan [/av] [/traffic=<duration in seconds>] [/oval=<full path to ZIP archive with security audit rules>] [/mycomputer] [/fixed] [/removable] [/remote] [/shared] [/memory] [/startup] [/drive=<disk>] [/folder=<full path to folder to scan>] [/file=<full path to file including name>] [/cure={yes|no}] [/trace] [/dump] [/report=<type>] [/settings=<full path to file with custom settings>]

      To view the help documentation on the Portable Scanner run command, run kavscan.exe help

    All kavscan.exe scan switches, except for /cure, /trace, /dump, and /report, override any original Portable Scanner settings. For example, if the kavscan.exe scan switches /av, /traffic, and /oval are specified in any combination or on their own, the Portable Scanner performs only those actions defined by the specified keys, even if the original Portable Scanner settings include all actions.

  5. If you are starting the Portable Scanner from a secure removable drive, enter the administrator password that you set up when you first configured the scanner.

    Command parameters for starting a Portable Scanner

    Setting

    Description

    /av

    Starts scanning for viruses and other threats.

    /traffic=<duration in seconds>

    Logs inbound and outbound traffic from a device being scanned during the specified time.

    Accepts values from 1 to 1800.

    If no logging duration is set in the command, the Portable Scanner uses its default duration. If no value is specified in the Portable Scanner settings, the default value of 300 seconds is used.

    /oval=<the full path to the ZIP archive containing security audit rules>

    Initiates a security audit task according to the rules inside the specified ZIP archive.

    The ZIP archive must contain an XML file with rules written in OVAL or a set of XML files with rules written in XCCDF.

    You need to provide the complete path to the ZIP file, including its name.

    If the full path to the ZIP archive containing the rules is not specified, the Portable Scanner runs the security audit according to its original settings.

    /mycomputer

    Starts scanning the entire computer.

    /fixed

    Starts scanning all fixed drives.

    /removable

    Starts scanning all removable drives.

    /remote

    Starts scanning all remote drives.

    /shared

    Starts scanning the shared folders.

    /memory

    Starts scanning all memory processes.

    /startup

    Starts scanning the startup objects.

    /drive=<drive>

    Starts scanning all boot sectors and files on the specified drive.

    /folder=<the full path to the folder to be scanned>

    Starts scanning the specified folder.

    You cannot use a folder label template as a value for the parameter.

    /file=<the full path to the file including its name>

    Starts scanning the specified file.

    You need to specify the complete path to the file, including its name.

    /cure={yes|no}

    Defines the scanning mode. The following values are available:

    • yes: scan and disinfect. If the parameter is not set, the mode configured in settings is applied.
    • no: scan in detection mode. If the parameter is not set, the mode configured in settings is applied.

    /trace

    Enables tracing.

    /dump

    Enables dump recording.

    /report=<type>

    Defines the type of report created in Kavscan\Report\report.txt after the scan completes. The following values are available:

    • full: a full scan report containing all event types
    • critical: a scan report containing only critical events
    • short: a scan report containing only general statistics but no events.

    By default, the short type is applied.

    /settings=<the full path to the file containing custom settings>

    Applies custom settings from the file located at the full path that includes the file name.

    If no value is specified, the Portable Scanner applies its original settings. These settings are located in Kavscan\settings.dat.

Return codes of the kavscan.exe scan command:

See also

Viewing Portable Scanner results
Page top