Contents
- Manage the application from the command line
- View command line help
- Run virus scan
- Update the application
- Roll back the last update
- Start/stop a component or task
- View status and statistics of a component or task
- Export protection preferences
- Activate the application
- Install the system extension
- Configure network connections
- Remove license keys
- Return codes of the command line
- Quit the application
- Uninstall the application
Manage the application from the command line
You can manage Kaspersky Endpoint Security from the command line.
Note: After updates of Kaspersky Endpoint Security modules are installed, the version of the application client in the command line may differ from the installed version of the application.
Command line syntax:
kav <command> <parameters>
Each command has its own range of supported parameters.
View command line help
Use the following command to view information about the application command line syntax:
kav -? | help
Run virus scan
Command syntax:
kav scan <scan scope> <action> <file types> <exclusions> <report parameters> <advanced parameters>
Note: To run a virus scan, you can also use tasks created in the application by starting one from the command line. The task is started with the parameters that are specified in the Kaspersky Endpoint Security interface.
Parameter descriptions
<scan scope>
– This parameter specifies a list of objects that are to be scanned for malicious code. You can include several parameters separating them with a space.
The following values are possible:
<files>
– List of paths to files and/or folders to be scanned. You can specify absolute or relative paths to the files. Items in the list are separated by a space.Note: If the name of an object or the path to it includes a space or special characters (such as $, &, or @), the name should be encased in single quotes (' '), or each of the special characters should be escaped by adding a backslash (\) immediately before it. If reference is made to a specific folder, all files and folders in this folder are scanned.
-all
– Full scan of your computer.-remdrives
– All removable drives.-fixdrives
– All internal drives.-netdrives
– All network drives.-@:<filelist.lst>
– Path to the file with a list of objects and folders within the scan scope. The file must be in text format and each scan object must be listed in a separate line. Only an absolute path to the file may be entered.
<action>
– This parameter determines the action to take on malicious objects that are detected during the scan. If this parameter is not defined, the default action is the one corresponding to the value -i8
.
The following values are possible:
-i0
– Take no actions on the object, only save information about the object in a report.-i1
– Disinfect infected objects, skip them if they cannot be disinfected.-i2
– Disinfect infected objects, delete them if they cannot be disinfected; do not delete containers, except for those with executable headers (.sfx archives).-i3
– Disinfect infected objects, delete them if they cannot be disinfected; delete containers completely if infected files inside them cannot be deleted.-i4
– Delete infected objects; delete containers completely if infected files inside them cannot be deleted.-i8
– Prompt the user for action if an infected object is detected (used by default).-i9
– Prompt the user for action when the scan is completed.
<file types>
– This parameter defines the file types that are subject to virus scan. By default, if this parameter is not defined, only files that may be potentially infected (based on the file contents) are scanned.
The following values are possible:
-fe
– Scan only files that may be potentially infected (based on the file extension).-fi
– Scan only files that may be potentially infected (based on the file content). This parameter is used by default.-fa
– Scan all files.
<exclusions>
– This parameter defines the objects to exclude from scanning. You can include several parameters separating them with a space.
The following values are possible:
-e:a
– Do not scan archives.-e:b
– Do not scan email databases.-e:m
– Do not scan email messages in text format.-e:<mask>
– Do not scan objects by mask.-e:<seconds>
– Skip objects that are scanned for longer than the specified length of time (in seconds).-es:<size>
– Skip objects with size larger than the specified value (in megabytes).
<report parameters>
– These parameters define the format of the report containing the scan results. You can specify an absolute or relative path to the report file. If this parameter is not defined, scan results are displayed and all events are shown.
The following values are possible:
-r:<report file>
– Log only important events to the specified report file.-ra:<report file>
– Log all events to the specified report file.
<advanced parameters>
– Parameters that define the use of virus scan technologies and configuration files:
-iSwift=<on|off>
– Enable/disable the use of iSwift.-c:<configuration file>
– Define the path to the configuration file that contains the application preferences for virus scan tasks. You can specify an absolute or relative path to the file. If this parameter is not specified, the values set in the application interface are used together with the values that are already specified in the command line.
Example: Start scan of the folders ~/Documents, /Applications, and the file named my test.exe:
Scan the objects listed in the file objects2scan.txt. Use the scan_settings.txt configuration file. When the scan is complete, create a report to log all events:
A sample configuration file:
|
Update the application
Command syntax:
kav update <update source> <report parameters> <advanced parameters>
Parameter descriptions
<update source>
– An HTTP server or a network or local folder from which updates are downloaded. If a path is not selected, the update source will be taken from the application update preferences.
<report parameters>
– These parameters define the format of the report on the scan results. You can specify an absolute or relative path to the report file. If this parameter is not defined, update results are displayed and all events are shown.
The following values are possible:
-r:<report file>
– Log only important events to the specified report file.-ra:<report file>
– Log all events to the specified report file.
<advanced parameters>
– A parameter that defines use of a configuration file.
-c:<configuration file>
– Defines the path to a configuration file that contains the application preferences for updating the application. You can specify an absolute or relative path to the file. If this parameter is not defined, the values set in the application interface are used.
Example: Update the application databases from the default source, logging all events in the report:
Update the Kaspersky Endpoint Security modules using the parameters of the updateapp.ini configuration file:
|
Roll back the last update
Command syntax:
kav rollback <report parameters>
Important: Administrator rights are required to run this command.
Parameter descriptions
<report parameters>
– This parameter defines the format of the report containing the results of the update rollback. You can specify an absolute or relative path to the report file. If this parameter is not defined, rollback results are displayed and all events are shown.
The following values are possible:
-r:<report file>
– Log only important events to the specified report file.-ra:<report file>
– Log all events to the specified report file.
Example:
|
Start/stop a component or task
The start command syntax:
kav start <task or component name> <report parameters>
The stop command syntax:
kav stop <task or component name>
Important: Administrator rights are required to run the stop command.
Parameter descriptions
<task or component name>
– Specify one of the following values:
fm
orfile_monitoring
– File Threat Protectionwm
orweb_monitoring
– Web Threat Protectionids
– Network Threat Protectionfull
orscan_my_computer
– Full Scan taskscan_objects
– Custom Scan taskquick
orscan_critical_areas
– Quick Scan taskupdater
– Update taskrollback
– Rollback task
<report parameters>
– These parameters define the format of the report on the component or task results. You can specify an absolute or relative path to the report file. If this parameter is not defined, Kaspersky Endpoint Security displays results in accordance with parameters configured in the graphical user interface.
Note: <report parameters>
is only available for scan_objects
, updater
, and rollback
values.
The following values are possible:
-r:<report file>
– Kaspersky Endpoint Security logs only important events to the specified report file.-ra:<report file>
– Kaspersky Endpoint Security logs all events to the specified report file.
Note: Components and tasks started from the command prompt are run with the parameters configured in the graphical user interface.
Example: To enable the File Threat Protection component, enter the following command in the command line:
To stop the Full Scan task from the command line, enter the following command:
|
View status and statistics of a component or task
The status command syntax:
kav status <task or component name>
The statistics command syntax:
kav statistics <task or component name>
Parameter descriptions
<task or component name>
– Specify one of the following values:
fm
orfile_monitoring
– File Threat Protectionwm
orweb_monitoring
– Web Threat Protectionids
– Network Threat Protectionfull
orscan_my_computer
– Full Scan taskscan_objects
– Custom Scan taskquick
orscan_critical_areas
– Quick Scan taskupdater
– Update taskrollback
– Rollback task
Note: If the status command is run without specifying a value for the <task or component name>
parameter, the status of all tasks and components of the application is displayed. For the statistics command, a value must be specified for the <task or component name>
parameter.
Export protection preferences
Command syntax:
kav export <task or component name> <export file>
Parameter descriptions
<task or component name>
– Specify one of the following values:
fm
orfile_monitoring
– File Threat Protectionwm
orweb_monitoring
– Web Threat Protectionids
– Network Threat Protectionfull
orscan_my_computer
– Full Scan taskscan_objects
– Custom Scan taskquick
orscan_critical_areas
– Quick Scan taskupdater
– Update taskrollback
– Rollback task
<export file>
– Path to the file to which the application preferences are exported. You can specify an absolute or relative path to the file.
Example:
|
Activate the application
You can activate Kaspersky Endpoint Security by applying a key file.
Command syntax:
kav license /add <key file or key activation code>
Parameter descriptions
<key file>
– Application key file with .key extension.
<key activation code>
– Activation code in XXXX-XXXX-XXXX-XXXX format.
Example: kav license /add ./1AA111A1.key kav license /add A11A1-11111-1A1AA-1A11A |
Install the system extension
Command syntax:
kav activatesystemextension /sysext
Note: You need to grant Kaspersky Endpoint Security permissions in Security & Privacy settings to finish installing the extension.
Page topConfigure network connections
You can configure network connections for Web Threat Protection and Network Threat Protection components.
Command syntax:
kav activatesystemextension /webav
Note: You need to grant Kaspersky Endpoint Security permissions for network content filtering to finish the configuration.
Page topRemove license keys
You can remove all license keys that are currently added to the application.
Command syntax:
kav license /del
Important: Administrator rights are required to run this command.
Page topReturn codes of the command line
The general codes may be returned by any command from the command line. The return codes include general codes as well as codes specific to a certain task.
Syntax of the command for receiving the return code:
echo $?
General return codes:
0
– Operation completed successfully1
– Invalid parameter value2
– Unknown error3
– Task completion error4
– Task canceled
Virus scan task return codes:
101
– All malicious objects processed102
– Malicious objects detected
Quit the application
Command syntax:
kav exit
Important: Administrator rights are required to run this command.
Page topUninstall the application
Use the following sequence of commands to uninstall Kaspersky Endpoint Security from the command line:
sudo /Library/Application\ Support/Kaspersky\ Lab/klnagent/Binaries/UninstallScript
sudo /Library/Application\ Support/Kaspersky\ Lab/KAV/Binaries/UninstallScript
sudo rm -rf /Library/Application\ Support/Kaspersky\ Lab/ /Applications/Kaspersky
Important: Administrator rights are required to uninstall the application.
Page top