Actions with quarantined objects

To use the command line interface to perform actions on objects quarantined by the Kaspersky Endpoint Agent application:

On the workstation, run the command line interpreter (for example, Command Prompt cmd.exe) under the local administrator user account.
Use the cd command to change to the directory where the agent.exe file is located.
For example, you can type cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.

Do the following and press ENTER:

If you want to permanently delete quarantined objects:
agent.exe --quarantine=delete --ouid=<comma-separated IDs of quarantined objects. Mandatory option> [--pwd=<current user password>].

Objects with the specified IDs are deleted from the workstation quarantine folder that was specified during configuring Quarantine settings.
If you want to restore objects from Quarantine:
agent.exe --quarantine=restore --ouid=<comma-separated IDs of quarantined objects. Mandatory option> [--path-type=<one of the destination folder options for restoring quarantined objects: original|custom|settings. Optional option> --path=<path to the destination folder for restored objects. Mandatory option if the --path-type option is specified and the specified value is original>] [--action=<one of the actions for the object: replace|rename. Optional option>] [--pwd=<current user password>].
If you want to quarantine the object, run one of the following commands:
- agent.exe --quarantine=add [--file=<full path to the object that you want to quarantine>] [--pwd=<current user password>].
- agent.exe --quarantine=add [--hash=<hash of the object that you want to quarantine. Mandatory option if you are not specifying the full path to the object and pass the --hashalg option>]--hashalg=<one of the hash types: md5|sha256. Mandatory option if you are not specifying the full path to the object> [--file=<path to the folder that contains the object that you want to quarantine>] [--pwd=<current user password>].

Command options for performing actions on quarantined objects

Parameter	Description
`--ouid`	Mandatory option. The option is used to pass a unique numerical (int64) ID of the quarantined object. Displayed when viewing information about quarantined objects (`--quarantine=show` command).
`--path-type=<original`\|`custom`\|`settings>`	The option describes the logic of selecting the destination folder when restoring and object from Quarantine. If this option is not specified, the object is restored in its original folder, that is, the folder where the object was located before it was quarantined. If the original folder is unavailable, the object is restored in the folder specified during configuring Quarantine settings. If this option is specified with the value `<original>`, the object is restored in its original folder, that is, the folder where the object was located before it was quarantined. If the original folder is unavailable, the object is restored in the folder specified during configuring Quarantine settings. If the option is specified with the value `<settings>`, the object is restored in the folder specified during configuring Quarantine settings. If the folder is unavailable, the task completes with an error. If the option is specified with the value `<custom>`, the object is restored in the folder with the path specified in the `--path` option. If the folder is unavailable, the task completes with an error.
`--path=<`path to the destination folder for restored objects`>`	Mandatory option if the `--path-type` option is specified with the value `<custom>`. This option specifies the path where you want to create a folder for objects restored from Quarantine if you do not want to use the folder where the object was located before it was quarantined or the folder specified during configuring Quarantine settings.
`--action=<replace\|rename>`	This option specifies the action that you want to perform for the object if the destination folder for restored objects already contains a file with the same name as the file you are restoring from Quarantine. If the object is not specified, the restored object is renamed: the `_restored` suffix is appended to the original file name. If the option is specified with the `<rename>` value, the restored object is renamed: the `_restored` suffix is appended to the original file name. If the option is specified with the `<replace>` value, the original object is replaced with the restored object.
`--file=<`full path to the object that you want to quarantine`>`	Mandatory option if the `--hashalg` option is not specified. This option specifies the full path to the object that you want to quarantine.
`--hashalg=<md5\|sha256>`	Mandatory option if the `--file` option is not specified and the full path to the object that you want to quarantine is not set. This option specifies the hash algorithm that is used to compute the checksum of the object that you want to quarantine. This option can be specified with one of two values: `<md5>` or `<sha256>`.
`--hash=<target file checksum>`	Mandatory option if the `--hashalg` option is specified. This option specifies the checksum of the object that you want to quarantine.
`--file=<target file folder>`	Mandatory option if the --hashalg option is specified. This option specifies the path to the folder which contains the object that you want to quarantine and whose hash is specified in the `--hash` option.
`--pwd=<`current user password`>`	Lets you enter the password of the user account that is used to run the command.

Return codes of the --quarantine command:

-1 – command not supported.
0 – command executed successfully.
1 – mandatory argument missing.
2 – general error.
4 – syntax error.