KSC Open API
Kaspersky Security Center API description
SrvView List of execution files

View contains a list of execution files from AppControl.

View name: "ACExeFilesSrvViewName"

List of view attributes is presented below.

NameTypeDescriptionRemarks
"FILE_ID"paramIntFile ID from the database.

Unique for one Administration Server.

"FILE_NAME"paramStringFile name.Get from file VersionInfo.
"FILE_NONEMPTY_NAME"paramStringNon-empty file name.

Usually it is equal to "FILE_NAME". If it is empty, a file name from a file instance is used.

"FILE_HASH_MD5"paramBinaryMD5 hash of a file. 
"FILE_HASH_SHA256"paramBinarySHA256 hash of a file.

 

"FILE_TYPE"paramInt"File type". Uses one of the following constants:
  • 0 - Exe
  • 1 - Dll
  • 2 - Sys
  • 3 - Cmd
  • 4 - Script
  • 5 - Reg
  • 6 - Msi
  • 7 - Cpl
  • 8 - WWAhost
  • 9 - MSHta

 

"FILE_HIPS_ID"paramIntHIPS file ID.

 

"FILE_VERSION"paramIntFile version.Get from the VersionInfo file.
"FILE_VERSIONRAW"paramStringFile version in raw form.Get from the VersionInfo file.
"PRODUCT_NAME"paramStringProduct name.Get from the VersionInfo file.
"PRODUCT_VERSION"paramIntProduct version.Get from the VersionInfo file.
"PRODUCT_VERSIONRAW"paramStringProduct version in raw form.Get from the VersionInfo file.
"ORGANIZATION_NAME"paramStringOrganization name.

Get from the VersionInfo file.

"FIRST_APPEAR"paramDateTimeTime of the first detection of the file. 
"FIRST_START_TIME"paramDateTimeTime of the file first start.

 

"TRUSTED_GROUP"paramInt"Trusted group". Uses one of the following constants:
  • -1 - Undefined
  • 0 - Trusted
  • 1 - Restricted Low
  • 2 - Restricted Hi
  • 3 - Untrusted

The maximal value is used for all the file instances.

"KL_CATEGORY_DN"paramStringDisplay name of the file's Kaspersky category. 
"KL_CATEGORY_ID"paramBinaryGUID of the file's Kaspersky category.

If the file has multiple Kaspersky categories, the special value L"0000000000000000A3BDDED20FBE7F76 is used.

"CATEGORY_DN"paramStringDisplay name of the file category. Category can be KL or custom.Search-only.
"CATEGORY_ID"paramBinaryGUID of the file category. Category can be KL or custom.

Search-only.

"KL_CATEGORIZED"paramBool

This field should be used only in query filters.

  • If ("KL_CATEGORIZED" = 1) is used, then files that have at least one Kaspersky category will be searched.
  • If ("KL_CATEGORIZED" <> 1) is used, then files that do not have Kaspersky categories will be searched.

Search-only.

"CUSTOM_CATEGORIZED"paramBool

This field should be used only in query filters.

  • If ("CUSTOM_CATEGORIZED" = 1) is used, then files that have at least one custom category will be searched.
  • If ("CUSTOM_CATEGORIZED" <> 1) is used, then files that have no custom categories will be searched.

Search-only.

"CERT_ID"paramBinaryID of the certificate. 
"CERT_SERIAL"paramBinarySerial number of the certificate. 
"CERT_THUMBPRINT"paramBinaryThumbprint of the certificate. 
"CERT_PUBLICKEY"paramBinaryPublic key of the certificate. 
"CERT_ISSUER"paramStringIssuer of the certificate. 
"CERT_SUBJECT"paramStringSubject of the certificate. 
"CERT_VALIDFROM"paramDateTimeIndicates when the certificate becomes valid. 
"CERT_VALIDTO"paramDateTimeIndicates when the certificate expires. 


See also:
List of supported srvviews