Scanning a selected area: KAVSHELL SCAN
To start a task to scan specific areas of the protected device, use KAVSHELL SCAN. The command-line options specify the scan scope and security settings of the selected node.
An On-Demand Scan task started using the KAVSHELL SCAN command is a temporary task. It is displayed in the Application Console only while being executed (you cannot view its task settings in the Application Console). However, a task performance log is generated and displayed under the Task logs node in the Application Console.
When specifying paths in scan tasks for specific areas, you can use environment variables. If you use a user environment variable, execute the KAVSHELL SCAN command as the corresponding user.
The KAVSHELL SCAN command is executed in synchronous mode.
To start an existing On-Demand Scan task from the command line, use the KAVSHELL TASK command.
KAVSHELL SCAN command syntax
KAVSHELL SCAN <scan scope> [/MEMORY|/SHARED|/STARTUP|/REMDRIVES|/FIXDRIVES|/MYCOMP] [/L:< path to file with the list of scan scopes >] [/F<A|C|E>] [/NEWONLY] [/AI:<DISINFECT|DISINFDEL|DELETE|REPORT|AUTO>] [/AS:<QUARANTINE|DELETE|REPORT|AUTO>] [/DISINFECT|/DELETE] [/E:<ABMSPO>] [/EM:<"masks">] [/ES:<size>] [/ET:<number of seconds>] [/TZOFF] [/OF:<SKIP|RESIDENT|SCAN[=<days>] [NORECALL]>] [/NOICHECKER][/NOISWIFT][/ANALYZERLEVEL][/NOCHECKMSSIGN][/W:<path to task log file>] [/ANSI] [/ALIAS:<task alias>]
The KAVSHELL SCAN command has both mandatory and optional parameters/options (see the table below).
KAVSHELL SCAN command examples
KAVSHELL SCAN Folder56 D:\Folder1\Folder2\Folder3\ C:\Folder1\ C:\Folder2\3.exe "\\another server\Shared\" F:\123\*.fgb /SHARED /AI:DISINFDEL /AS:QUARANTINE /FA /E:ABM /EM:"*.xtx;*.fff;*.ggg;*.bbb;*.info" /NOICHECKER /ANALYZERLEVEL:1 /NOISWIFT /W:log.log
KAVSHELL SCAN /L:scan_objects.lst /W:c:\log.log
KAVSHELL SCAN command-line parameters/options
Parameter/option | Description |
|---|---|
Scan scope. Mandatory parameter. | |
<files> | Specifies the scan scope - list of files, folders, network paths and predefined areas. Specify network paths in Universal Naming Convention (UNC) format. In the following example, the Folder4 folder is specified without a path, which implies that it is located in the folder from which the KAVSHELL command is run: KAVSHELL SCAN Folder4 If the name of the object to be scanned has spaces, it must be wrapped in quotation marks. If a folder is specified, Kaspersky Security for Windows Server will also scan all its subfolders. The symbols * or ? can be used to scan a group of files. |
<folders> | |
<network path> | |
/MEMORY | Scan objects in RAM |
/SHARED | Scan shared folders on the protected device |
/STARTUP | Scan autorun objects |
/REMDRIVES | Scan removable drives |
/FIXDRIVES | Scan hard drives |
/MYCOMP | Scan all areas of the protected device |
/L:<path to file with a list of scan scopes> | Full path to file with a list of scan scopes. Use line breaks to separate the scan scopes in the file. You can specify predefined scan areas as shown in the following example of the content of a file with a list of scan scopes: C:\ D:\Docs\*.doc E:\My Documents /STARTUP /SHARED |
Scan objects (File types). If you do not specify this option, Kaspersky Security for Windows Server will scan objects by their format. | |
/FA | Scan all objects |
/FC | Scan objects by format (default). Kaspersky Security for Windows Server scans only objects whose formats are included in the list of formats of infectable objects. |
/FE | Scan objects by extension. Kaspersky Security for Windows Server scans only objects with extensions included into the list of extensions of infectable objects. |
/NEWONLY | Scan only new and modified files. If you do not specify this option, Kaspersky Security for Windows Server will scan all objects. |
Action to perform on infected and other objects. If you do not specify values for this modifier, Kaspersky Security for Windows Server will perform the Skip action. | |
DISINFECT | Disinfect, skip if disinfection is not possible The DISINFECT and DELETE options are preserved in the current version Kaspersky Security for Windows Server in order to ensure compatibility with previous versions. These options can be used instead of the /AI and /AS options. In this case, Kaspersky Security for Windows Server will not process probably infected objects. |
DISINFDEL | Disinfect, delete if disinfection is not possible |
DELETE | Delete The DISINFECT and DELETE options are saved in the current version of Kaspersky Security for Windows Server in order to ensure compatibility with previous versions. These options can be used instead of the /AI and /AS options. In this case, Kaspersky Security for Windows Server will not process probably infected objects. |
REPORT | Send report (default) |
AUTO | Perform recommended action |
/AS: Action to perform on probably infected objects. If you do not specify this option, Kaspersky Security for Windows Server will perform the Skip action. | |
QUARANTINE | Quarantine |
DELETE | Delete |
REPORT | Send report (default) |
AUTO | Perform recommended action |
Exclusions | |
/E:ABMSPO | Exclude the following types of compound objects: A – archives (scan SFX archives only) B – email databases M – plain mail S – archives and SFX-archives P – packed objects O – embedded OLE objects |
/EM:<" | Exclude files by mask You can specify several masks, for example: |
/ET:<number of seconds> | Stop processing an object if it takes longer than the number of seconds specified by <number of seconds>. By default, there is no time restriction. |
/ES:<size> | Do not scan compound objects larger than the size (in MB) specified by the value <size>. By default, Kaspersky Security for Windows Server scans objects of all sizes. |
/TZOFF | Disable Trusted Zone exclusions |
Advanced settings (Options) | |
/NOICHECKER | Disable the use of iChecker (enabled by default) |
/NOISWIFT | Disable the use of iSwift (enabled by default) |
/ANALYZERLEVEL:<heuristic analysis level> | Enable Heuristic Analyzer, configure analysis level. The following heuristic analysis levels are available: 1 – light 2 – medium 3 – deep If you omit this option, Kaspersky Security for Windows Server will not use Heuristic Analyzer. |
/ALIAS:<task alias> | Assigns a temporary name to an On-Demand Scan task, allowing you to reference it while it runs, for example, in order to view its statistics using the TASK command. The task alias must be unique among the task aliases of all Kaspersky Security for Windows Server components. If this option is not specified, a temporary name in the form of scan_<kavshell_pid> is assigned, for example, scan_1234. In the Application Console, the task is assigned the name "Scan objects <date and time>", for example, Scan objects 8/16/2007 5:13:14 PM. |
Task log settings (Report settings) | |
/W:<path to task log file> | If this parameter is specified, Kaspersky Security for Windows Server will save the task log file using the name specified by the parameter value. The log file contains task execution statistics, the time when the task was started and completed (stopped), and information about events that occurred during the task. The log is used to register events defined by the task log settings and the Kaspersky Security for Windows Server event log settings in Event Viewer. You can specify either the absolute or relative path to the log file. If you specify only a filename without a path, the log file will be created in the current folder. Restarting the command with the same log settings will overwrite the existing log file. The log file can be viewed while a task is running. The log appears in the Task logs node of the Application Console. If Kaspersky Security for Windows Server fails to create the log file, it will display an error message but will still execute the command. |
/ANSI | This option uses ANSI encoding to record events to the task log. The ANSI option will not be applied if the W parameter is not specified. If the ANSI option is not specified, UNICODE is used to generate the task log. |
