Kaspersky Embedded Systems Security 3.x

Managing the Baseline File Integrity Monitor task: KAVSHELL FIM /BASELINE

October 25, 2023

ID 190154

You can use the KAVSHELL FIM /BASELINE command to configure the mode in which the Baseline File Integrity Monitor task runs and monitors the loading of DLL modules.

A password might be required to execute the command. To enter the current password, use [/pwd:<password>].

KAVSHELL FIM /BASELINE command syntax

KAVSHELL FIM /BASELINE [/CREATE: [<monitoring scope> | /L:<path to TXT file containing the list of monitoring scopes>] [/MD5 | /SHA256] [/SF]] | [/CLEAR [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/EXPORT:<path to TXT file> [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/SHOW [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/SCAN [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/PWD:<password>]

KAVSHELL FIM /BASELINE command examples

To delete a baseline, run the following command:

KAVSHELL FIM /BASELINE /CLEAR /BL:<baseline id>

You can configure Baseline File Integrity Monitor task settings using the command-line options (see the table below).

KAVSHELL FIM/ BASELINE command-line parameters/options

Parameter/option

Description

/CREATE

Create a new Baseline File Integrity Monitor task.

Kaspersky Embedded Systems Security for Windows will start the new Baseline File Integrity Monitor task in order to create a baseline.

/L

Specify the path to the TXT file containing the list of monitoring scopes.

/MD5

Specify the MD5 algorithm for calculating a checksum (optional parameter).

/MD5 parameter can not be used together with /SHA256.

MD5 algorithm is used by default.

/SHA256

Specify the SHA256 algorithm for calculating a checksum (optional parameter).

/SHA256 parameter can not be used together with /MD5.

MD5 algorithm is used by default.

/SF

Includes all subfolders in the Baseline File Integrity Monitor task scope (optional parameter).

By default all subfolders are excluded from the Baseline File Integrity Monitor task scope.

/CLEAR

Delete the baseline with specified <baseline id> or the baseline for the task with specified <existing alias>.

Delete all baselines if neither <baseline id> nor <existing alias> was specified.

Optional parameter.

/BL

Specify the unique ID of a baseline (optional parameter).

/EXPORT

Export the data about all baselines in a TXT file.

/SHOW

Show data about all baselines.

/SCAN

Start the new Baseline File Integrity Monitor task with specified <baseline id> or specified <existing alias>.

/ALIAS

Specify the name of an existing task or the name for a new task.

<monitoring scope>

Specify the file or folder that you want to include in the Baseline File Integrity Monitor task scope.

This parameter allows to specify only one area.

<path to TXT file containing the list of monitoring scopes>

Specify the path to the TXT file containing the list of monitoring scopes.

The file must be UTF-8 encoded, and each path to a monitoring scope must be specified in a separate row.

<path to TXT file>

Specify the path to the file to which you want to export the data about all baselines.

<baseline id>

Specify the unique ID of a baseline.

You can use the /SHOW parameter to learn the ID of a baseline.

<existing alias>

Specify the name of an existing task.

<new alias>

Specify the name of a new task.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.