Managing the Baseline File Integrity Monitor task: KAVSHELL FIM /BASELINE
You can use the KAVSHELL FIM /BASELINE
command to configure the mode in which the Baseline File Integrity Monitor task runs and monitors the loading of DLL modules.
A password might be required to execute the command. To enter the current password, use [/pwd:<password>]
.
KAVSHELL FIM /BASELINE command syntax
KAVSHELL FIM /BASELINE [/CREATE: [<monitoring scope> | /L:<path to TXT file containing the list of monitoring scopes>] [/MD5 | /SHA256] [/SF]] | [/CLEAR [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/EXPORT:<path to TXT file> [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/SHOW [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/SCAN [/BL:<baseline id> | /ALIAS:<existing alias>]] | [/PWD:<password>]
KAVSHELL FIM /BASELINE command examples
To delete a baseline, run the following command:
KAVSHELL FIM /BASELINE /CLEAR /BL:<baseline id>
You can configure Baseline File Integrity Monitor task settings using the command-line options (see the table below).
KAVSHELL FIM /BASELINE
command-line parameters/options