Kaspersky Endpoint Security 11 for Mac

Run malware scan

23 May 2023

ID 26820

Command syntax:

kav scan <scan scope> <action> <file types> <exclusions> <report parameters> <advanced parameters>

Note: To run a malware scan, you can also use tasks created in the application by starting one from the command line. The task is started with the parameters that are specified in the Kaspersky Endpoint Security interface.

Parameter descriptions

<scan scope> – This parameter specifies a list of objects that are to be scanned for malicious code. You can include several parameters separating them with a space.

The following values are possible:

  • <files> – List of paths to files and/or folders to be scanned. You can specify absolute or relative paths to the files. Items in the list are separated by a space.

    Note: If the name of an object or the path to it includes a space or special characters (such as $, &, or @), the name should be encased in single quotes (' '), or each of the special characters should be escaped by adding a backslash (\) immediately before it. If reference is made to a specific folder, all files and folders in this folder are scanned.

  • -all – Full scan of your computer.
  • -remdrives – All removable drives.
  • -fixdrives – All internal drives.
  • -netdrives – All network drives.
  • -@:<filelist.lst> – Path to the file with a list of objects and folders within the scan scope. The file must be in text format and each scan object must be listed in a separate line. Only an absolute path to the file may be entered.

<action> – This parameter determines the action to take on malicious objects that are detected during the scan. If this parameter is not defined, the default action is the one corresponding to the value -i8.

The following values are possible:

  • -i0 – Take no actions on the object, only save information about the object in a report.
  • -i1 – Disinfect infected objects, skip them if they cannot be disinfected.
  • -i2 – Disinfect infected objects, delete them if they cannot be disinfected; do not delete containers, except for those with executable headers (.sfx archives).
  • -i3 – Disinfect infected objects, delete them if they cannot be disinfected; delete containers completely if infected files inside them cannot be deleted.
  • -i4 – Delete infected objects; delete containers completely if infected files inside them cannot be deleted.
  • -i8 – Prompt the user for action if an infected object is detected (used by default).
  • -i9 – Prompt the user for action when the scan is completed.

<file types> – This parameter defines the file types that are subject to malware scan. By default, if this parameter is not defined, only files that may be potentially infected (based on the file contents) are scanned.

The following values are possible:

  • -fe – Scan only files that may be potentially infected (based on the file extension).
  • -fi – Scan only files that may be potentially infected (based on the file content). This parameter is used by default.
  • -fa – Scan all files.

<exclusions> – This parameter defines the objects to exclude from scanning. You can include several parameters separating them with a space.

The following values are possible:

  • -e:a – Do not scan archives.
  • -e:b – Do not scan email databases.
  • -e:m – Do not scan email messages in text format.
  • -e:<mask> – Do not scan objects by mask.
  • -e:<seconds> – Skip objects that are scanned for longer than the specified length of time (in seconds).
  • -es:<size> – Skip objects with size larger than the specified value (in megabytes).

<report parameters> – These parameters define the format of the report containing the scan results. You can specify an absolute or relative path to the report file. If this parameter is not defined, scan results are displayed and all events are shown.

The following values are possible:

  • -r:<report file> – Log only important events to the specified report file.
  • -ra:<report file> – Log all events to the specified report file.

<advanced parameters> – Parameters that define the use of malware scan technologies and configuration files:

  • -iSwift=<on|off> – Enable/disable the use of iSwift.
  • -c:<configuration file> – Define the path to the configuration file that contains the application settings for malware scan tasks. You can specify an absolute or relative path to the file. If this parameter is not specified, the values set in the application interface are used together with the values that are already specified in the command line.

Example:

Start scan of the folders ~/Documents, /Applications, and the file named my test.exe:

kav scan ~/Documents /Applications 'my test.exe'

Scan the objects listed in the file objects2scan.txt. Use the scan_settings.txt configuration file. When the scan is complete, create a report to log all events:

kav scan -@:objects2scan.txt -c:scan_settings.txt -ra:scan.log

A sample configuration file:

-netdrives -@:objects2scan.txt -ra:scan.log

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.