GetThreats. Obtaining data on detected threats

Support

Support for business applications

Kaspersky Endpoint Security 12 for Windows

Managing the application from the command line

KESCLI commands

GetThreats. Obtaining data on detected threats

October 11, 2024

ID 213725

Get as PDF

Receive a list of detected threats (Threats report). This report contains information about threats and virus activity during the last 30 days prior to creating the report.

Command syntax

kescli --opswat GetThreats

When this command is executed, Kaspersky Endpoint Security will send a response in the following format:

<name of detected object> <type of object> <detection date and time> <path to file> <action on threat detection> <threat danger level>

unlock_kes11_cmd_getthreats

Managing the application from the command line

Object type
`0`	Not known (`Unknown`).
`1`	Viruses (`Virware`).
`2`	Trojan programs (`Trojware`).
`3`	Malicious programs (`Malware`).
`4`	Advertisement programs (`Adware`).
`5`	Auto-dialer programs (`Pornware`).
`6`	Applications that could be used by a cybercriminal to harm the user's computer or data (`Riskware`).
`7`	Packed objects whose packing method may be used to protect malicious code (`Packed`).
`20`	Unknown objects (`Xfiles`).
`21`	Known applications (`Software`).
`22`	Concealed files (`Hidden`).
`23`	Applications requiring attention (`Pupware`).
`24`	Anomalous behavior (`Anomaly`).
`30`	Not determined (`Undetect`).
`40`	Ad banners (`Banner`).
`50`	Network attack (`Attack`).
`51`	Registry access (`Registry`).
`52`	Suspicious activity (`Suspicion`).
`60`	Vulnerabilities (`Vulnerability`).
`70`	`Phishing`.
`80`	Unwanted email attachment (`Attachment`).
`90`	Malware detected by Kaspersky Security Network (`Urgent`).
`100`	Unknown link (`Suspic URL`).
`110`	Other malware (`Behavioral`).

Action on threat detection
`0`	Not known (`unknown`).
`1`	Threat was remediated (`ok`).
`2`	Object was infected and has not been disinfected (`infected`).
`5`	Object is in an archive and has not been disinfected (`archive`).
`9`	Object has been disinfected (`disinfected`).
`10`	Object has not been disinfected (`not disinfected`).
`11`	Object was deleted (`deleted`).
`13`	A backup copy of the object was created (`backupped`).
`15`	Object was moved to Backup (`quarantined`).
`23`	Object was deleted on computer restart (`delete on reboot`).
`25`	Object was disinfected on computer restart (`disinfect on reboot`).
`29`	Object was moved to Backup by a user (`added by user`).
`30`	Object was added to exclusions (`added to exclude`).
`31`	Object was moved to Backup on computer restart (`quarantine on reboot`).
`36`	False positive (`false alarm`).
`38`	Process was terminated (`terminated`).
`40`	Object was not detected (`not found`).
`41`	Cannot resolve the threat (`untreatable`).
`42`	Object was restored (`rolled back`).
`43`	Object was created as a result of threat activity (`produced by threat`).
`44`	Object was restored on computer restart (`roll back on reboot`).
`0xffffffff`	Object was not processed (`discarded`).

Threat danger level
`0`	Unknown
`1`	High
`2`	Medium scan
`4`	Low
`8`	Info (less than Low)

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.