Managing the application from the command line

Kaspersky Virus Removal Tool supports the following management commands:

Command line options

Command

Description

-h

Display command line syntax help.

./kvrt.run -- -h

-trace

Enable trace collection.

./kvrt.run -- -trace

-tracelevel <level>

Set trace level.

  • ERR — only events with errors.
  • WRN — events with warnings and errors.
  • INF — information events, warning events, and error events (default).
  • DBG — all events.

./kvrt.run -- -trace -tracelevel ERR

-d <directory_path>

Specify the directory for saving application files (reports, traces, quarantine, etc).

./kvrt.run -- -d "/tmp/KVRT2024_Data"

By default, the application saves files in the following directory:

  • /var/opt/KVRT2024_Data if the application was run by the superuser (root).
  • /home/<user_name>/KVRT2024_Data if the application was run by an ordinary user.

-accepteula

Automatically accept the End User License Agreement, the Privacy Policy, and the KSN Statement.

./kvrt.run -- -accepteula

-silent

Scan the computer without GUI (silent mode). To run the scan in silent mode, you must accept the terms and conditions of the End User License Agreement, the Privacy Policy, and the KSN Statement (-accepteula).

By default, the application only detects infected or probably infected objects and logs the corresponding events. The application does not apply any actions to objects. To neutralize detected objects, you must specify the threat level of the objects (-processlevel <level>).

By default, the application scans system memory, startup objects, and boot sectors of the computer. You can design a custom scan scope (for example, -customonly -custom <directory_path>).

The application outputs the scan results to the command line and writes information to a report file.

./kvrt.run -- -accepteula -silent

-adinsilent

Automatically disinfect active infection with a computer restart, perform the scan in silent mode. The application does not display a notification if an active threat is detected, and does not start a countdown to let you make a decision. The application attempts to disinfect the active threat immediately and restarts the computer after the disinfection.

If this option is not specified, the application attempts to disinfect the active threat in silent mode without a restart.

For disinfecting an active threat, we recommend selecting disinfection with a computer restart. After restarting the computer, we recommend running the scan again.

./kvrt.run -- -accepteula -silent -adinsilent

-processlevel <threat level>

Neutralize detected objects when scanning in silent mode and specify the threat level of objects to be neutralized. The application supports the following threat levels:

  • 1 to neutralize high threat level objects
  • 2 to neutralize high and medium threat level objects
  • 3 to neutralize high, medium, and low threat level objects

     

    Kaspersky Virus Removal Tool classifies detected objects by their threat level in accordance to the Kaspersky classification. The application attributes threat level as follows:

  • High. For example, a virus.
  • Medium. For example, adware.
  • Low. For example, a legitimate application that might be used by a hacker to cause harm to the computer or user data.

Neutralization involves applying actions in the following order:

  1. Disinfection.
  2. If the object cannot be disinfected, the application attempts to restore the object from backup.
  3. If the object cannot be restored, the application deletes the object.

    If the threat level of objects to be neutralized is not configured, the application does not perform any actions on an infected or probably infected object.

./kvrt.run -- -accepteula -silent -processlevel 1

-dontencrypt

Disable the encryption of traces, dumps, and reports.

./kvrt.run -- -dontencrypt

-allvolumes

Add all mount points except service and network mount points to the scan scope. By default, the application scans system memory, startup objects, and boot sectors of the computer.

./kvrt.run -- -allvolumes

-customonly

Run a scan of only the defined scope (custom folder scan). With this option, the application excludes the system memory, startup objects, and boot sectors of the computer from scanning. To run a custom folder scan, define a scan scope using the -custom, -customlist commands.

./kvrt.run -- -customonly -customlist /tmp/folder/scan_scope.txt

-custom <directory_path>

Add a directory to the scan scope. You can add multiple directories. The application supports full paths. By default, the application scans system memory, startup objects, and boot sectors of the computer.

./kvrt.run -- -custom /tmp/folder/ -custom /home/

-customlist <file_path>

Add multiple directories, listed in a text file, to the scan scope. Do not enclose paths in the file in quotation marks. Each path must start on a new line. The encoding of the file must be ANSI or UTF8 with BOM. By default, the application scans system memory, startup objects, and boot sectors of the computer.

./kvrt.run -- -customlist /tmp/folder/scan_scope.txt

-exclude <directory_or_file_path>

Exclude a directory or file from the scan scope. You can exclude multiple objects. The application supports full paths. By default, the application scans system memory, startup objects, and boot sectors of the computer.

./kvrt.run -- -exclude /mnt/ -exclude /home/

-excludelist <file_path>

Exclude multiple directories or files, listed in a text file, from scanning. Do not enclose paths in the file in quotation marks. Each path must start on a new line. The encoding of the file must be ANSI or UTF8 with BOM. By default, the application scans system memory, startup objects, and boot sectors of the computer.

./kvrt.run -- -excludelist /tmp/folder/exclusions.txt

-details

Enable the generation of detailed reports. The detailed report reflects all application events. By default, the application generates standard reports. A standard report includes warning and error events.

./kvrt.run -- -details

-proxyconfig <file_path>

Connect to a proxy server with a configuration file. The application only supports absolute paths.

./kvrt.run -- -proxyconfig /tmp/folder/proxy.dat

Page top