KSC Open API
Kaspersky Security Center API description
SrvView List of execution file instances

View contains a list of execution file instances from AppControl on the hosts.

View name: "ACHostExeFilesSrvViewName"

List of view attributes is presented below.

NameTypeDescriptionRemarks
"FILE_ID"paramIntFile ID from database.

unique inside one Administration Server

"FILE_NAME"paramStringFile name.Get from file VersionInfo.
"FILE_NONEMPTY_NAME"paramStringNon-empty file name.

Usually it is equal to "FILE_NAME". If it is empty, a file name from a file instance is used.

"FILE_HASH_MD5"paramBinaryMD5 hash of a file. 
"FILE_HASH_SHA256"paramBinarySHA256 hash of a file.

 

"FILE_TYPE"paramInt"File type". Uses one of the following constants:
  • 0 - Exe
  • 1 - Dll
  • 2 - Sys
  • 3 - Cmd
  • 4 - Script
  • 5 - Reg
  • 6 - Msi
  • 7 - Cpl
  • 8 - WWAhost
  • 9 - MSHta

 

"FILE_HIPS_ID"paramIntHIPS file ID.

 

"FILE_VERSION"paramIntFile version.Get from the VersionInfo file.
"FILE_VERSIONRAW"paramStringFile version in a raw form.Get from the VersionInfo file.
"PRODUCT_NAME"paramStringProduct name.Get from the VersionInfo file.
"PRODUCT_VERSION"paramIntProduct version.Get from the VersionInfo file.
"PRODUCT_VERSIONRAW"paramStringProduct version in a raw form.Get from the VersionInfo file.
"ORGANIZATION_NAME"paramStringOrganization name.

Get from the VersionInfo file.

"TRUSTED_GROUP"paramInt"Trusted group". Uses one of the following constants:
  • -1 - Undefined
  • 0 - Trusted
  • 1 - Restricted Low
  • 2 - Restricted Hi
  • 3 - Untrusted

The minimal value is used for all the file instances.

"KL_CATEGORY_DN"paramStringDisplay name of the file's Kaspersky category. 
"KL_CATEGORY_ID"paramBinaryGUID of the file's Kaspersky category.

If the file has multiple Kaspersky categories, then the special value L"0000000000000000A3BDDED20FBE7F76 is used.

"CATEGORY_DN"paramStringDisplay name of the file category. Category can be KL or custom.search-only attribute
"CATEGORY_ID"paramBinaryGUID of the file category. Category can be KL or custom.

search-only attribute.

"KL_CATEGORIZED"paramBool

This field should be used only in query filters.

  • If it is used ("KL_CATEGORIZED" = 1 ) is used, then files that have at least one Kaspersky category will be searched.
  • If it is used ("KL_CATEGORIZED" <> 1 ) is used, then files that have no Kaspersky categories will be searched.

Search-only.

"CUSTOM_CATEGORIZED"paramBool

This field should be used only in query filters.

  • If it is used ("CUSTOM_CATEGORIZED" = 1 ) is used, then files that have at least one custom category will be searched.
  • If it is used ("CUSTOM_CATEGORIZED" <> 1 ) is used, then files that have no custom categories will be searched.

Search-only.

"HOST_ID"paramIntHost ID from database.Unique for one Administration Server.
"HOST_NAME"paramStringHost name, a unique server-generated string (see KLHST_WKS_HOSTNAME attribute). Empty string if no Network Agent is installed.Read-only.
"HOST_DISPLAY_NAME"paramStringHost display name. 
"HST_FILE_ID"paramStringFile instance ID on the host. 
"HST_FILE_BIN_ID"paramBinaryFile instance ID on the host.Binary presentation of the "HST_FILE_ID".
"FILE_PATH"paramStringFull path for the instance of the file on host. 
"HST_FIRST_APPEAR"paramDateTimeTime when instance of the file has been added into database, in UTC. 
"FIRST_START_TIME"paramDateTimeTime of the file first start on the host. 
"LAST_START_TIME"paramDateTimeTime of the file last start on the host. 
"LAUNCH_COUNT"paramIntThe file launch count on the host.

 

"strListProductName"paramStringInternal name of the product that collected network list.Supported from KSC 13.
"strListProductVersion"paramStringInternal version of the product that collected network list.

Supported from KSC 13.

"CERT_ID"paramBinaryID of the certificate. 
"CERT_SERIAL"paramBinarySerial number of the certificate. 
"CERT_THUMBPRINT"paramBinaryThumbprint of the certificate. 
"CERT_PUBLICKEY"paramBinaryPublic key of the certificate. 
"CERT_ISSUER"paramStringIssue of the certificate. 
"CERT_SUBJECT"paramStringSubject of the certificate. 
"CERT_VALIDFROM"paramDateTimeIndicates when the certificate becomes valid. 
"CERT_VALIDTO"paramDateTimeIndicates when the certificate expires. 


See also:
List of supported srvviews