Parameters of the command prompt in Kaspersky Internet Security 2010 ID Article: 2455 Other languages: 33 2009 Jun 24 16:54

version Concerning to Kaspersky Internet Security 2010

Printable

The command prompt is available in Kaspersky Internet Security 2010 running under MS Windows. You can execute the following operations from the command prompt: Program activation Managing program components and tasks Anti-Virus scan Program updates Rollback the latest database update Exporting settings Importing settings Starting the program Stopping the program Creating a trace file Viewing help Return codes from the command line interface Command prompt syntax is: avp.com <command>[settings] The following may be used as <commands>: ACTIVATE activates the program via the Internet using the activation code ADDKEY activates the program with the help of a license key START - starts a component/ task PAUSE - pauses a component/ task RESUME - resumes a component/ task STOP - stops a component/ task STATUS - displays the current component/ task status on the screen STATISTICS - displays statistics for the component or task on screen HELP - help with command syntax and the list of commands SCAN - scans objects for viruses UPDATE - begins program update ROLLBACK - rollbacks the latest database update EXIT - closes the program (you can only execute this command with the password assigned in the program interface) IMPORT - Import program settings EXPORT - Export program settings A number of particular settings correspond to each command. Program activation The program can be activated the following ways: via the Internet using the activation code (ACTIVATE command) using a license key file (ADDKEY command)

Prompt syntax: avp.com ACTIVATE <activation_code>/password=<your_password> avp.com ADDKEY <file_name>/password=<your_password> Parameter description: [<activation_code>] the code to activate the program, given when purchasing the program. [<file_name>] name of the license key file to the program with the *.key extension. [<your_password>] password to the product set in the product interface. Examples: avp.com ACTIVATE 11AA1-11AAA-1AA11-1A111 avp.com ADDKEY 1AA111A1.key Top of page

Managing program components and tasks You can manage program components and tasks from the command prompt with these commands: START starts a component/ task PAUSE pauses a component/ task RESUME resumes a component/ task STOP stops a component / task STATUS - displays the current component/ task status on screen STATISTICS - displays statistics for the component/ task on screen The task or component to which the command applies is determined by its parameter. STOP and PAUSE can only be executed with the program password assigned in the program interface Prompt syntax: avp.com <command><profile|taskid> avp.com STOP <profile|taskid> /password=<password> avp.com PAUSE <profile|taskid>/password=<password> One of the following values is assigned to <profile|taskid>: RTP all protection components. The command avp.com START RTP runs all the defense components, if they were disabled. if a component was disabled by the command STOP, then it will not be started by the command avp.com START RTP. in order to start the disabled component, it requires to perform the command avp.com START <profile>, where for the

<profile> parameter the value for the concrete defense component is used, for example, avp.com START FM. FW - Firewall HIPS - Application Control PDM - Proactive protection FM File Anti-Virus EM Mail Anti-Virus WB Web Anti-Virus AB Anti-Banner AS Anti-Spam PC Parental Control AP Anti-Phishing ids - Protection against network attacks Updater - Updating Rollback - Rolling back the last update Scan_My_Computer Computer scan Scan_Objects Object scan Scan_Quarantine Quarantine scan Scan_Rootkits Scanning for rootkits Scan_Startup (STARTUP) Scanning startup objects Scan_Vulnerabilities (SECURITY) Security analysis Components and tasks started from the command prompt are run with the settings configured in the program interface. Examples: To enable File Anti-Virus, type this at the command prompt: avp.com START FM To resume work of Parental control, type the following command at the command prompt avp.com RESUME ParCtl To stop a My Computer scan task from the command prompt, enter: avp.com STOP SCAN_MY_COMPUTER /password=<your_password> Top of page

Anti-virus scan Starting a scan of a certain area for viruses and processing malicious objects from the command prompt generally looks as follows: avp.com SCAN [<object scanned>] [<action>] [<action query>] [<file types>] [<exclusions>] [<configuration file>] [<report settings>] To scan objects, you can also use the tasks created in the program by start the one you need from the command prompt. The task will be run with the settings from the program interface.

Parameter description: <object scanned> - this parameter gives the list of objects that will be scanned for malicious code.The parameter can include several values from the list provided, separated by spaces. <files>- List of paths to the files and/or folders to be scanned. You can enter absolute or relative paths. Items on the list are separated by a space. Notes: If the object name contains a space, it must be placed in quotation marks; If you specify a concrete folder, all the files in it are scanned. /MEMORY RAM objects /STARTUP startup objects /MAIL mailboxes /REMDRIVES all removable media drives /FIXDRIVES all internal drives /NETDRIVES all network drives /QUARANTINE quarantined objects /ALL complete scan /@:<filelist.lst>; - Path to the file with a list of objects and catalogs included in the scan. The file should be in a text format and each scan object must start a new line. You can enter an absolute or relative path to the file. The path must be placed without quotation marks if it contains a space. <action> - this parameter determines actions on malicious objects detected during the scan. If this parameter is not defined, the default action is the one with the value for /i2.The following values can be specified: /i0 - take no actions on the object; simply record information about it in the report. /i1- Treat infected objects, and if disinfection is impossible, skip /i2 - Treat infected objects, and if disinfection fails, delete, but do not delete infected objects from compound objects, and delete compound objects with executable headers (sfx archives) (this is the default setting). /i3 - Treat infected objects, and if disinfection fails, delete and delete all compound objects completely if the infected attachments cannot be deleted. /i4 - Delete infected objects, and if disinfection fails, delete and delete all compound objects completely if the infected attachments cannot be deleted. /i8 - Prompt the user for action if an infected object is detected. /i9 - prompt the user for action at the end of the scan.

<file types> - this parameter defines the file types that will be subject to anti-virus scan. By default, if this parameter is not defined, only infected files by contents will be scanned. The following values can be specified: /fe - Scan only infected files by extension /fi - Scan only infected files by contents /fa - Scan all files

<exclusions> - this parameter defines objects that are excluded from the scan. The parameter can include several values from the list provided, separated by spaces. /e:a - do not scan archives

/e:b - do not scan mailboxes /e:m - do not scan plain text e-mails /e:<filemask> - do not scan objects by mask /es:<size> - Skip objects which size (in MB) exceeds the value specified in the <size> parameter. <configuration file> - defines the path to the configuration file that contains the program settings for the scan.You can enter an absolute or relative path to the file. If this parameter is not defined, the values set in the application interface are used. The parameter syntax is the followin : /C:<settings_file> - use the settings values assigned in the file <file_name> in the C:\ root directory. <report settings> - this parameter determines the format of the report on scan results. You can use an absolute or relative path to the file. If the parameter is not defined, the scan results are displayed on screen, and all events are displayed. The following values can be specified: /R:<report_file> - Only log important events in this file /RA:<report_file> - Log all events in this file

Examples: Example 1: Start a scan of RAM, Startup programs, mailboxes, the directories My Documents and Program Files, and the file test.exe: avp.com SCAN /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All Users\My Documents" "C:\Program Files" "C:\Downloads\test.exe" Example 2: Pause scan of selected objects and start full computer scan, at the end of which continue to scan for viruses within the selected objects: avp.com PAUSE Scan_Objects /password=<your_password> avp.com START Scan_My_Computer avp.com RESUME Scan_Objects Example 3: Scan the objects listed in the file object2scan.txt. Use the configuration file scan_setting.txt for the job. Upon the results of the scan, generate a report in which all events are recorded: avp.com SCAN /MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log Top of page

Program updates

The syntax for updating program modules and threat signatures from the command prompt is as follows: avp.com UPDATE [<update_source>] [/R[A]:<report_file>] [/C:<file_name>] [/APP=<on| off>] Parameter description: [<update_source>] - HTTP or FTP server or network folder for downloading updates. You can specify the full path to the update source or a URL as the value for this parameter. If a path is not selected, the update source will be taken from the Update settings. R:<report_file> - log important events only /RA:<report_file> - log all events in the report. You can use an absolute or relative path to the file. If the parameter is not defined, the scan results are displayed on screen, and all events are displayed. /C:<file_name> - Path configuration file that contains program updates.You can enter an absolute or relative path to file. If this parameter is not defined, values for settings in the Kaspersky Internet Security interface are used. APP<on/off> - enable / disable application module updates Examples: Example 1: Update application databases after recording all events in the report: avp.com UPDATE /RA:avbases_upd.txt Example 2: Update the application modules by using the parameters of the configuration file updateapp.ini: avp.com UPDATE /APP=on /C:updateapp.ini Top of page

Rollback the latest database update Prompt syntax: ROLLBACK [/R[A]:<report_file>] /R:<report_file> - only log important events in the report /R[A]:<report_file> - log all events in the report You can use an absolute or relative path to the file. If the parameter is not defined, the scan results are displayed on screen, and all events are displayed. Example: avp.com ROLLBACK /RA:rollback.txt Top of page

Exporting settings Command syntax: avp.com EXPORT <profile> <file_name> Parameter description: <profile>- Component or task with the settings being exported. One of the following values may be used: RTP all protection components. The command avp.com START RTP runs all the defense components, if they were disabled. if a component was disabled by the command STOP, then it will not be started by the command avp.com START RTP. in order to start the disabled component, it requires to perform the command avp.com START <profile>, where for the <profile> parameter the value for the concrete defense component is used, for example, avp.com START FM. FW - Firewall HIPS - Application Control PDM - Proactive protection FM File Anti-Virus EM Mail Anti-Virus WB Web Anti-Virus AB Anti-Banner AS Anti-Spam PC Parental Control AP Anti-Phishing ids - Protection against network attacks Updater - Updating Rollback - Rolling back the last update Scan_My_Computer Computer scan Scan_Objects Object scan Scan_Quarantine Quarantine scan Scan_Rootkits Scanning for rootkits Scan_Startup (STARTUP) Scanning startup objects Scan_Vulnerabilities (SECURITY) Security analysis <file_name> - Path to the file to which the Kaspersky Internet Security settings are being exported. You can use an absolute or relative path. You can only use binary files (cfg). Example: avp.com EXPORT c:\kis2010settings.cfg Top of page

Importing settings

Command syntax: avp.com IMPORT <file_name> [ password=<"your_password">], where <file_name> is a path to the file from which the program settings are being imported. You can use an absolute or relative path. You can only use binary files (cfg). Example: avp.com IMPORT c:\kis2010settings.cfg Top of page

Starting the program Command syntax: avp.com Top of page

Stopping the program Command syntax: EXIT /password=<pasword>, where <password> is the program password assigned in the program interface. Note that you cannot execute this command without entering the password. Top of page

Creating a trace file Command syntax: avp.com TRACE [file] [on|off] [<trace_level>] Parameter description: [on|off] - Enable/disable trace creation. [file] - Output trace to file. <trace_level>- This value can be an integer from 0 (minimum level, only critical messages) to 700 (maximum level, all messages).A Technical Support will tell you what trace level you

need when you contact Technical Support. If it is not specified, we recommend setting the level to 500. Example 1: To disable trace file creation: avp.com TRACE file off Example 2: To create a trace file to send to Technical Support with a maximum trace level of 500: avp.com TRACE file on 500 Top of page

Viewing Help This command is available for viewing Help on command prompt syntax: avp.com [ /? | HELP ] To get help on the syntax of a specific command, you can use one of the following commands: avp.com <command>/? avp.com HELP <command> Top of page

Return codes from the command line interface This section describes return codes of the command prompt. General codes can be returned by any command of the prompt line. General codes and codes specific for some definite task belong to return codes. General return codes: 0 Task is successfully executed 1 Not correct value of the parameter 2 Unknown error 3 Error when executing the task 4 Task execution is canceled Return codes of the anti-virus scan tasks: 101 All dangerous objects are processed 102 Dangerous objects detected