Description of the application commands

Displaying Help on application commands

--help – displays Help on application commands.

Displaying application events

-W – enables the display of application events.

Statistics commands

-S is a prefix indicating that the command belongs to the statistics command group.

[-S] --app-info – displays information about the application.

[-S] --omsinfo --file <file name and path> – creates a JSON file for integration with Microsoft Operations Management Suite.

Commands for managing application tasks and settings

-T is a prefix indicating that the command belongs to the group of commands for managing application settings and tasks.

[-T] --get-app-settings --file <file name and path> – displays the general application settings.

[-T] --set-app-settings --file <file name and path> – sets the general application settings.

[-T] --set-app-settings <setting>=<setting value> – sets the value for the specified general application setting.

[-T] --export-settings --file <full path to the configuration file> – exports the application settings to the configuration file.

[-T] --import-settings --file <full path to the configuration file> – imports the application settings from the configuration file.

[-T] --update-application – updates the application.

[-T] --get-task-list – displays a list of existing application tasks.

[-T] --get-task-state <task ID>|<task name> – displays the status of the specified task.

[-T] --create-task <task name> --type <task type> --file <file name and path> – creates a task of the specified type and imports the settings from the specified configuration file into the task.

[-T] --delete-task <task ID>|<task name> – deletes the task.

[-T] --start-task <task ID>|<task name> [-W] [--progress] – starts the task.

[-T] --stop-task <task ID>|<task name> – stops the task.

[-T] --suspend-task <task ID>|<task name> – pauses the task. The Update task cannot be paused.

[-T] --resume-task <task ID>|<task name> – resumes the task. The Update task cannot be resumed.

[-T] --scan-file <path to file or directory> [--action <action>] – creates and runs a temporary Custom Scan task (Scan_File), which is assigned a new identifier. The [ScanScope.item_#] and [ExcludedFromScanScope.item_#] sections in the settings of this task are not inherited from the original task with ID=3. If the --action <action> option is not specified, the Recommended action is performed. After the scan is complete, the temporary task is automatically deleted.

[-T] --scan-container <container|image[:tag]> – creates a temporary Custom Container Scan task (Custom_Container_Scan). After the scan is complete, the temporary task is automatically deleted.

[-T] --get-settings <task ID>|<task name> --file <file name and directory> – displays the task settings.

[-T] --set-settings <task ID>|<task name> [<settings>] [--file <file name and directory>] [--add-path <path>] [--del-path <path>] [--add-exclusion <exclusion>] [--del-exclusion <exclusion>] – sets the task settings.

[-T] --set-settings [<task ID>|<task name>] --set-to-default – restores the task settings to their default values.

[-T] --set-schedule <task ID>|<task name> --file <file name and path> – sets the task schedule settings or imports them into the task from the configuration file.

[-T] --get-schedule <task ID>|<task name> --file <file name and path> – displays the task schedule settings or saves them to the configuration file.

Commands for managing Container Scan settings

-C is a prefix indicating that the command belongs to the group of commands for managing Container Scan settings.

[-C] --get-container-settings --file <file name and path> – displays the general Container Scan settings.

[-C] --set-container-settings --file <file name and path> – sets the general Container Scan settings.

Commands for managing encrypted connections scan settings

-N is a prefix indicating that the command belongs to the group of commands for managing encrypted connections scan settings.

-N --query user – displays a list of encrypted connections scan exclusions added by the user.

-N --query auto – displays a list of encrypted connections scan exclusions added by the application.

-N --query kl – displays a list of encrypted connections scan exclusions received from Kaspersky databases.

-N --clear-web-auto-excluded – clears the list of domains that the application automatically excluded from encrypted connections scan.

[-N] {--get-net-settings} [--file <file name and path>] – saves encrypted connection scan settings to an INI file.

[-N] {--set-net-settings} [--file <file name and path>] – sets encrypted connection scan settings.

[-N] --add-certificate --file <path to certificate file> – adds a certificate to the trusted certificate list.

[-N] --remove-certificate <certificate subject> – removes a certificate from the trusted certificate list.

[-N] --list-certificates – displays the trusted certificate list.

Commands for managing users and roles

-U is a prefix indicating that the command belongs to the group of commands for managing users and roles.

[-U] --get-user-list – displays a list of users and roles.

[-U] --grant-role <role> <user> – grants a role to a specified user.

[-U] --revoke-role <role> <user> – revokes a role from a specified user.

Licensing commands

-L is a prefix indicating that the command belongs to the group of commands used to manage license keys.

[-L] --add-active-key <activation code>|<key file> – adds an active key.

[-L] --add-reserve-key <activation code>|<key file> – adds a reserve key.

[-L] --remove-active-key – removes the active key.

[-L] --remove-reserve-key – removes the reserve key.

-L --query – displays information about the license key.

[-L] --load-mdr-blob <path to the BLOB configuration file> – downloads the BLOB configuration file.

[-L] --remove-mdr-blob – removes the BLOB configuration file.

The commands for adding and deleting license keys can be performed only if the application is used in standalone mode. In Light Agent mode for protecting virtual environments, these commands fail.

Commands for managing the Firewall Management task

-F is a prefix indicating that the command belongs to the group of commands for managing the Firewall Management task.

[-F] --add-rule [--name <string>] [--action <action>] [--protocol <protocol>] [--direction <directory>] [--remote <remote>] [--local <local>] [--at <index>] – adds a new rule.

[-F] --del-rule [--name <string>] [--index <index>] – deletes a rule.

[-F] --move-rule [--name <string>] [--index <index>] [--at <index>] – changes the rule priority.

[-F] --add-zone [--zone <zone>] [--address <address>] – adds an IP address to the zone.

[-F] --del-zone [--zone <zone>] [--address <address>] [--index <index>] – deletes an IP address from the zone.

-F --query – displays information about the task.

Commands used to manage blocked devices

-H is a prefix indicating that the command belongs to the group of commands for managing devices blocked by Anti-Cryptor and Network Threat Protection.

[-H] --get-blocked-hosts – displays a list of blocked devices.

[-H] --allow-hosts – unblocks blocked devices.

Commands for managing Device Control tasks

-D is a prefix indicating that the command belongs to the Device Control group of commands.

[-D] --get-device-list – displays a list of devices connected to the computer.

Commands for managing the Application Control task

-A is a prefix indicating that the command belongs to the Application Control group of commands.

[-A] --get-app-list – displays the list of applications detected on the computer while executing the Inventory Scan task.

[-A] --get-categories – displays a list of created Application Control categories.

Commands for managing the Storage

-B is a prefix indicating that the command belongs to the group of commands used to manage the Storage.

[-B] --mass-remove --query – clears the Storage completely or selectively.

-B --query <filter> -n <count> [--json] - displays information about the objects in the Storage that match the filter conditions in JSON format, where:

<number> – number of the latest objects of the selection (number of records from the end of the selection) to be displayed.

<filter> – filter conditions to limit the query results.

[-B] --restore <object ID> --file <file name and path> – restores an object from Storage.

Commands used to manage the event log

-E is a prefix indicating that the command belongs to the group of commands used to manage the event log.

-E --query <filter> --db <database file> -n <number> --file <file name and path> [--json] – outputs information about events that match filter conditions from the event log database to the specified file in JSON format, where:

<number> – number of the latest events of the selection (number of records from the end of the selection) to be displayed.

<filter> – filter conditions to limit the query results.

<file name and path> – name and path of the file where you want to save the events.

<database file> – name and path to the event log database file.

Commands for managing settings for Kaspersky Endpoint Detection and Response (KATA) Integration

-R – the prefix indicating that the command belongs to the group of commands to manage Kaspersky Endpoint Detection and Response (KATA) Integration.

[-R] --add-kataedr-server-certificate <file name and path> — Adds or replaces a previously added KATA server certificate.

[-R] --remove-kataedr-server-certificate — removes the KATA server certificate.

[-R] --query-kataedr-server-certificate — displays information about the KATA server certificate.

[-R] --add-kataedr-client-certificate <file name and path> — Adds or replaces a previously added client certificate used to secure the connection to the KATA server.

[-R] --remove-kataedr-client-certificate — removes the client certificate used to secure the connection to the KATA server.

[-R] --query-kataedr-client-certificate — displays information about the client certificate.

[-R] --isolation-stat – displays the current state of network isolation in the console: enabled or disabled.

[-R] --isolation-off – disable network isolation of the device (the command is executed synchronously, that is, control does not return until the task is completed). We recommend using this command if the connection to the KATA server is lost after network isolation is enabled.

Application commands in Light Agent mode for protecting virtual environments

The commands can be executed only if Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments.

-V – a prefix indicating that the command belongs to the group of commands of Kaspersky Endpoint Security used in Light Agent mode to protect virtual environments (as part of Kaspersky Hybrid Cloud Security for Virtualization Light Agent).

[-V] --ksvla-info – displays information about using the application in Light Agent mode to protect virtual environments:

• Light Agent mode for protecting virtual environments: enabled / disabled.

  If Light Agent mode is enabled, the application is used as a Light Agent as part of Kaspersky Hybrid Cloud Security for Virtualization Light Agent. If Light Agent mode is disabled, the application is used in standalone mode.

• VDI protection mode: enabled / disabled.

  VDI protection mode optimizes the operation of Kaspersky Endpoint Security on temporary virtual machines. If VDI protection mode is enabled, updates that require restarting the protected virtual machine are not installed on temporary virtual machines. When receiving updates that require a restart, the Light Agent installed on a temporary virtual machine sends a message to Kaspersky Security Center about the need to update the protected virtual machine template.

• The role of the virtual machine in the virtual infrastructure: server or workstation.
• The identifier (UUID) of the protected virtual machine.

[-V] --viis-info – displays information about the connection of Light Agent (the Kaspersky Endpoint Security application used as a Light Agent as part of the Kaspersky Hybrid Cloud Security for Virtualization Light Agent solution) to the Integration Server:

• Address and port of the Integration Server that the Light Agent connects to.
• Status of the connection to the Integration Server.
• Date and time of the last connection between the Light Agent and the Integration Server.

[-V] --svm-info – displays information about the connection of Light Agent (the Kaspersky Endpoint Security application used as a Light Agent as part of the Kaspersky Hybrid Cloud Security for Virtualization Light Agent solution) to the SVM:

• Address of the SVM to which the Light Agent is connected.
• Method that the Light Agent uses to detect SVMs: using the Integration Server or using a list of manually defined SVM addresses.
• List of SVM addresses, if the selected SVM discovery method is lists of SVM addresses.
• Tag for connecting Light Agent to the SVM.
• SVM selection algorithm: standard or advanced.
• Type of SVM path in the virtual infrastructure, which is taken into account when selecting SVMs for connection if the extended SVM selection algorithm is applied.
• Protection of the connection between the Light Agent and the Protection Server.

For information about the settings for connecting Light Agents to the Integration Server and SVMs, refer to the Help for Kaspersky Hybrid Cloud Security for Virtualization Light Agent.