Kaspersky Embedded Systems Security 3.x

Starting the Database Update task: KAVSHELL UPDATE

October 25, 2023

ID 146715

The KAVSHELL UPDATE command can be used to start the Kaspersky Embedded Systems Security for Windows Database Update task in synchronous mode.

A Database Update task started using the KAVSHELL UPDATE command is a temporary task. It is only displayed in the Application Console while being executed. However, a task log is generated and displayed in the Task logs in the Application Console. Kaspersky Security Center policies may apply to update tasks created and started using the KAVSHELL UPDATE command and update tasks created in the Application Console. For information about using Kaspersky Security Center to manage Kaspersky Embedded Systems Security for Windows on protected devices, see Section "Managing Kaspersky Embedded Systems Security for Windows using Kaspersky Security Center".

Environment variables can be used when specifying the path to an update source in this task. If a user environment variable is used, run the KAVSHELL UPDATE command as the corresponding user.

KAVSHELL UPDATE command syntax

KAVSHELL UPDATE < Path to update source | /AK | /KL> [/NOUSEKL] [/PROXY:<address>:<port>] [/AUTHTYPE:<0-2>] [/PROXYUSER:<user name>] [/PROXYPWD:<password>] [/NOPROXYFORKL] [/USEPROXYFORCUSTOM] [/NOFTPPASSIVE] [/REG:<iso3166 code>] [/W:<path to task log file>] [/ALIAS:<task alias>]

The KAVSHELL UPDATE command has both mandatory and optional parameters/options (see the following table).

KAVSHELL UPDATE command examples

To start a custom Database Update task, execute the following command:

KAVSHELL UPDATE

To run the Database Update task using update files in the \\server\databases network folder, run the following command:

KAVSHELL UPDATE \\server\databases

To start a Database Update from the FTP server ftp://dnl-ru1.kaspersky-labs.com/ and write all task events to a file named c:\update_report.log, execute the following command:

KAVSHELL UPDATE ftp://dnl-ru1.kaspersky-labs.com /W:c:\update_report.log

To download Kaspersky Embedded Systems Security for Windows database updates from Kaspersky's update server, connect to the updates source through a proxy server (proxy server address: proxy.company.com, port: 8080). To access the protected device using the in-built Microsoft Windows NTLM authentication with user name "inetuser" and password "123456" execute the following command:

KAVSHELL UPDATE /KL /PROXY:proxy.company.com:8080 /AUTHTYPE:1 /PROXYUSER:inetuser /PROXYPWD:123456

KAVSHELL UPDATE command-line parameters/options

Parameter/option

Description

Update source (mandatory parameter). Specify one or more sources. Kaspersky Embedded Systems Security for Windows will access the sources in the order in which they are listed. Separate sources with a space.

<path in UNC format>

User-defined update source. Path to network update folder in the UNC format.

<URL>

User-defined update source. HTTP or FTP server address where the update folder is located.

<Local folder>

User-defined update source. Folder on the protected device.

/AK

Use the Kaspersky Security Center Administration server as the updates source.

/KL

Use the Kaspersky's update Servers as the update source.

/NOUSEKL

Do not use Kaspersky's update servers if other update sources are not available (used by default).

Proxy server settings

/PROXY:<address>:<port>

Network name or IP address of the proxy server and its port. If this parameter is not specified, Kaspersky Embedded Systems Security for Windows will automatically detect the proxy server settings used in the local area network.

/AUTHTYPE:<0-2>

This parameter specifies the authentication method used to access the proxy server. It can have the following values:

0 – Microsoft Windows NTLM authentication; Kaspersky Embedded Systems Security will contact the proxy server using the Local system (SYSTEM) account

1 – Microsoft Windows NTLM authentication; Kaspersky Embedded Systems Security will contact the proxy server using the user name and password specified by the /PROXYUSER and /PROXYPWD parameters

2 – Authentication using the user name and password specified by the /PROXYUSER and /PROXYPWD parameters (basic authentication)

If the proxy server does not require authentication, there is no need to specify this parameter.

/PROXYUSER:<user name>

User name that will be used to access the proxy server. If /AUTHTYPE:0 is specified, then the /PROXYUSER:<user name> and /PROXYPWD:<password> parameters will be ignored.

/PROXYPWD:<password>

User password that will be used to access the proxy server. If /AUTHTYPE:0 is specified, then the /PROXYUSER:<user name> and /PROXYPWD:<password> parameters will be ignored. If the /PROXYUSER parameter is specified and the /PROXYPWD parameter is omitted, the password will be considered an empty string.

/NOPROXYFORKL

Do not use proxy server settings to connect to Kaspersky's update servers (used by default).

/USEPROXYFORCUSTOM

Use proxy server settings to connect to user-defined update sources (not used by default).

/USEPROXYFORLOCAL

Use proxy server settings to connect to local update sources. If not specified, the Do not use proxy server for local addresses setting will apply.

General FTP and HTTP server settings

/NOFTPPASSIVE

If this key is specified, Kaspersky Embedded Systems Security for Windows will use active FTP server mode to connect to the protected device. If this key is not specified, Kaspersky Embedded Systems Security for Windows will use the passive FTP server mode, if possible.

/TIMEOUT:<number of seconds>

FTP or HTTP server connection timeout. If you do not specify this parameter, Kaspersky Embedded Systems Security for Windows will use the default value of 10 seconds. The parameter value must be a whole number.

/REG:<iso3166 code>

Regional settings. This parameter is used when receiving updates from Kaspersky's update servers. Kaspersky Embedded Systems Security for Windows minimizes the load on the protected device by selecting the closest update server.

The value of this parameter should be the ISO 3166-1 alpha-2 code of the country where the protected device is located, for example /REG: gr or /REG:US. If this option is omitted or an invalid country code is specified, Kaspersky Embedded Systems Security for Windows will detect the location of the protected device based on the regional settings of the protected device where the Application Console is installed.

/ALIAS:<task alias>

This parameter lets you assign a temporary name to the task, allowing you to reference the task while it runs. For example, task statistics can be viewed using the TASK command. The task alias must be unique among the task aliases of all Kaspersky Embedded Systems Security for Windows components.

If this key is not specified, a temporary name in the form update_<kavshell_pid> is used; for example, update_1234. In the Application Console, the task is assigned the name "Update-databases <date time>"; for example, Update-databases 8/16/2007 5:41:02 PM.

/W:<path to task log file>

If this parameter is specified, Kaspersky Embedded Systems Security for Windows will save the task log file using the name specified by the parameter value.

The log file contains task execution statistics, the time when the task was started and completed (stopped), and information about events that occurred during the task.

The log is used to register events defined by the task log settings and the Kaspersky Embedded Systems Security for Windows event log settings in Event Viewer.

You can specify either the absolute or relative path to the log file. If you specify only a filename without a path, the log file will be created in the current folder.

Restarting the command with the same log settings will overwrite the existing log file.

The log file can be viewed while a task is running.

The log appears in the Task logs node of the Application Console.

If Kaspersky Embedded Systems Security for Windows fails to create the log file, it will display an error message but will still execute the command.

Return codes for the KAVSHELL UPDATE command.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.