Kaspersky Endpoint Security for Mac
[Topic kes26818]

Manage the application from the command line

You can manage Kaspersky Endpoint Security from the command line.

Note: After updates of Kaspersky Endpoint Security modules are installed, the version of the application client in the command line may differ from the installed version of the application.

Command line syntax:

kav <command> <parameters>

Use this command to view the application command line syntax:

kav -? | help

To get help on the syntax of a specific command, you can use one of the following commands:

kav <command> -?

kav help <command>

Each command has its own range of supported parameters.

Page top
[Topic kes123251]

View Help

Use this command to view the application command line syntax:

kav -? | help

To get help on the syntax of a specific command, you can use one of the following commands:

kav <command> -?

kav help <command>

Page top
[Topic kes26819]

Run virus scan

The text of the command to start a virus scan of a specific area has the following general format:

kav scan <scan scope> <action> <file types> <exclusions> <report parameters> <advanced parameters>

Note: To run a virus scan, you can also use tasks created in the application by starting one from the command line. The task is started with the parameters that are specified in the Kaspersky Endpoint Security interface.

Parameter descriptions

<scan scope> – This parameter specifies a list of objects that are to be scanned for malicious code. The parameter may include several values (separated by a space) from the following list:

  • <files> – List of paths to files and/or folders to be scanned. You can enter an absolute or relative path. Items in the list are separated by a space.

    Note: If the name of an object or the path to it includes a space or special characters (such as $, &, or @), the name should be encased in single quotes (' '), or each of the special characters should be escaped by adding a backslash (\) immediately before it.

    If reference is made to a specific folder, all files and folders in this folder are scanned.

  • -all – Full scan of your computer
  • -remdrives – All removable drives
  • -fixdrives – All internal drives
  • -netdrives – All network drives
  • -@:<filelist.lst> – Path to the file with a list of objects and folders within the scan scope. The file must be in text format and each scan object must be listed in a separate line. Only an absolute path to the file may be entered.

<action> – This parameter determines the action to take on malicious objects that are detected during the scan. If this parameter is not defined, the default action is the one corresponding to the value -i8. The following values are possible:

  • -i0 – Take no actions on the object, only save information about the object in a report.
  • -i1 – Disinfect infected objects, skip them if they cannot be disinfected.
  • -i2 – Disinfect infected objects, delete them if they cannot be disinfected; do not delete containers, except for those with executable headers (.sfx archives).
  • -i3 – Disinfect infected objects, delete them if they cannot be disinfected; delete containers completely if infected files inside them cannot be deleted.
  • -i4 – Delete infected objects; delete containers completely if infected files inside them cannot be deleted.
  • -i8 – Prompt the user for action if an infected object is detected (used by default).
  • -i9 – Prompt the user for action when the scan is completed.

<file types> – This parameter defines the file types that are subject to virus scan. By default, if this parameter is not defined, only infectable files (based on the file contents) are scanned. The following values are possible:

  • -fe – Scan only infectable files by extension.
  • -fi – Scan only infectable files by content (used by default).
  • -fa – Scan all files.

<exclusions> – This parameter defines the objects to exclude from scanning. You can include several parameters from the list below, separating them with a space:

  • -e:a – Do not scan archives.
  • -e:b – Do not scan email databases.
  • -e:m – Do not scan email messages in text format.
  • -e:<mask> – Do not scan objects by mask.
  • -e:<seconds> – Skip objects that are scanned for longer than the specified length of time (in seconds).
  • -es:<size> – Skip objects with size larger than the specified value (in megabytes).

<report parameters> – These parameters define the format of the report containing the scan results. You can use an absolute or relative path to the file for saving the report. If this parameter is not defined, scan results are displayed and all events are shown.

  • -r:<report file> – Log only important events to the specified report file.
  • -ra:<report file> – Log all events to the specified report file.

<advanced parameters> – Parameters that define the use of virus scan technologies and configuration files:

  • -iSwift=<on|off> – Enable/disable the use of iSwift.
  • -c:<configuration file> – Define the path to the configuration file that contains the application preferences for virus scan tasks. You can enter an absolute or relative path to the file. If this parameter is not specified, the values set in the application interface are used together with the values that are already specified in the command line.

Example:

Start scan of the folders ~/Documents, /Applications, and the file named my test.exe:

kav scan ~/Documents /Applications 'my test.exe'

Scan the objects listed in the file objects2scan.txt. Use the scan_settings.txt configuration file. When the scan is complete, create a report to log all events:

kav scan -@:objects2scan.txt -c:scan_settings.txt -ra:scan.log

A sample configuration file:

-netdrives -@:objects2scan.txt -ra:scan.log

Page top
[Topic kes26820]

Update the application

Command syntax:

kav update <update source> -app=<on|off> <report parameters> <advanced parameters>

Parameter descriptions

<update source> – An HTTP server or a network or local folder from which updates are downloaded. If a path is not selected, the update source will be taken from the application update preferences.

-app=<on|off> – Enable/disable updates of application modules.

<report parameters> – These parameters define the format of the report on the scan results. You can use an absolute or relative path to the file. If this parameter is not defined, update results are displayed and all events are shown. The following values are possible:

  • -r:<report file> – Log only important events to the specified report file.
  • -ra:<report file> – Log all events to the specified report file.

<advanced parameters> – A parameter that defines use of a configuration file.

-c:<configuration file> – Defines the path to a configuration file that contains the application preferences for updating the application. You can enter an absolute or relative path to the file. If this parameter is not defined, the values set in the application interface are used.

Example:

Update the application databases from the default source, logging all events in the report:

kav update -ra:avbases_upd.txt

Update the Kaspersky Endpoint Security modules using the parameters of the updateapp.ini configuration file:

kav update -app=on -c:updateapp.ini

Page top
[Topic kes26821]

Roll back the last update

Command syntax:

kav rollback <report parameters>

Important: Administrator rights are required to run this command.

Parameter descriptions

<report parameters> – This parameter defines the format of the report containing the results of the update rollback. You can use an absolute or relative path to the file. If this parameter is not defined, rollback results are displayed and all events are shown.

  • -r:<report file> – Log only important events to the specified report file.
  • -ra:<report file> – Log all events to the specified report file.

Example:

kav rollback -ra:rollback.txt

Page top
[Topic kes26828]

Start/stop a component or task

The start command syntax:

kav start <task or component name> <report parameters>

The stop command syntax:

kav stop <task or component name>

Important: Administrator rights are required to run the stop command.

Parameter descriptions

<task or component name> – Specify one of the following values:

  • fm or file_monitoring – File Anti-Virus
  • wm or web_monitoring – Web Anti-Virus
  • ids – Network Attack Blocker
  • full or scan_my_computer – Full Scan task
  • scan_objects – Custom Scan task
  • quick or scan_critical_areas – Quick Scan task
  • updater – Update task
  • rollback – Rollback task

<report parameters> – These parameters define the format of the report on the component or task results. You can use an absolute or relative path to the file. If this parameter is not defined, Kaspersky Endpoint Security displays results in accordance with parameters configured in the graphical user interface.

Note: <report parameters> is only available for scan_objects, updater, and rollback values.

The following values are possible:

  • -r:<report file> – Kaspersky Endpoint Security logs only important events to the specified report file.
  • -ra:<report file> – Kaspersky Endpoint Security logs all events to the specified report file.

Note: Components and tasks started from the command prompt are run with the parameters configured in the graphical user interface.

Example:

To enable the File Anti-Virus component, enter the following command in the command line:

kav start fm

To stop the Full Scan task from the command line, enter the following command:

kav stop scan_my_computer

Page top
[Topic kes59643]

View status and statistics of a component or task

The status command syntax:

kav status <task or component name>

The statistics command syntax:

kav statistics <task or component name>

Parameter descriptions

<task or component name> – Specify one of the following values:

  • fm or file_monitoring – File Anti-Virus
  • wm or web_monitoring – Web Anti-Virus
  • ids – Network Attack Blocker
  • full or scan_my_computer – Full Scan task
  • scan_objects – Custom Scan task
  • quick or scan_critical_areas – Quick Scan task
  • updater – Update task
  • rollback – Rollback task

Note: If the status command is run without specifying a value for the <task or component name> parameter, the current status of all tasks and components of the application is displayed. For the statistics command, a value must be specified for the <task or component name> parameter.

Page top
[Topic kes26830]

Export protection preferences

Command syntax:

kav export <task or component name> <export file>

Parameter descriptions

<task or component name> – Specify one of the following values:

  • fm or file_monitoring – File Anti-Virus
  • wm or web_monitoring – Web Anti-Virus
  • ids – Network Attack Blocker
  • full or scan_my_computer – Full Scan task
  • scan_objects – Custom Scan task
  • quick or scan_critical_areas – Quick Scan task
  • updater – Update task
  • rollback – Rollback task

<export file> – Path to the file to which the application preferences are exported. An absolute or relative path may be specified.

Example:

kav export fm fm_settings.txt

Page top
[Topic kes26831]

Activate the application

You can activate Kaspersky Endpoint Security by applying a key file.

Command syntax:

kav addkey <key file or key activation code>

Parameter descriptions

<key file> – application key file with .key extension.

<key activation code> - activation code in XXXX-XXXX-XXXX-XXXX format.

Example:

kav addkey ./1AA111A1.key

kav addkey A11A1-11111-1A1AA-1A11A

Page top
[Topic kes26822]

Return codes of the command line

The general codes may be returned by any command from the command line. The return codes include general codes as well as codes specific to a certain task.

Syntax of the command for receiving the return code:

echo $?

General return codes:

  • 0 – Operation completed successfully
  • 1 – Invalid parameter value
  • 2 – Unknown error
  • 3 – Task completion error
  • 4 – Task canceled

Virus scan task return codes:

  • 101 – All malicious objects processed
  • 102 – Malicious objects detected
Page top
[Topic kes26827]

Quit the application

Command syntax:

kav exit

Important: Administrator rights are required to run this command.

Page top
[Topic kes26824]