Virus scan

Starting a scan of a certain area for viruses and processing malicious objects from the command prompt generally looks as follows:

avp.com SCAN [<object scanned>] [<action>] [<file types>] [<exclusions>] [<configuration file>] [<report settings>] [<advanced settings>]

To scan objects, you can also use the tasks created in the application by starting the one you need from the command line. The task will be run with the settings specified in the Kaspersky Anti-Virus interface.

Parameters description is provided in table below.

<object to scan> – this parameter gives the list of objects that are scanned for malicious code.

The parameter may include several space-separated values from the list provided.

<files>

List of paths to the files and folders to be scanned.

You can enter an absolute or relative path to the file. Items on the list are separated by a space.

Comments:

  • If the object name contains a space, it must be placed in quotation marks.
  • If reference is made to a specific folder, all files in this folder are scanned.

/MEMORY

RAM objects.

/STARTUP

Startup objects.

/MAIL

Mailboxes.

/REMDRIVES

All removable media drives.

/FIXDRIVES

All internal drives.

/NETDRIVES

All network drives.

/QUARANTINE

Quarantined objects.

/ALL

Full computer scan.

/@:<filelist.lst>

Path to a file containing a list of objects and catalogs to be scanned. You can enter an absolute or relative path to the file with the list. The path must be placed without quotation marks even if it contains a space.

File with the list of objects should be in a text format. Each scan object should be listed on a separate line.

You are advised to specify absolute paths to scan objects in the file. When specifying a relative path, you specify the path relative to the executable file of an application, not relative to the file with the list of scan objects.

<action> – this parameter determines what action will be taken with malicious objects detected during the scan. If this parameter has not been defined, the default action is the one with the value for /i8.

If you work in automatic mode, Kaspersky Anti-Virus will automatically apply the action recommended by Kaspersky Lab’s specialists when dangerous objects are detected. An action which corresponds to the <action> parameter value is ignored.

/i0

Take no action in respect of the object; record information about it in the report.

/i1

Treat infected objects and if disinfection is impossible, skip.

/i2

Treat infected objects, and if disinfection fails, delete. Do not delete infected objects from compound objects. Delete infected compound objects with executable headers (sfx archives) (this is the default setting).

/i3

Treat infected objects and if disinfection fails, delete. Delete all compound objects completely if infected parts cannot be deleted.

/i4

Delete infected objects. Delete all compound objects completely if the infected parts cannot be deleted.

/i8

Prompt the user for action if an infected object is detected.

/i9

Prompt the user for action at the end of the scan.

<file types> – this parameter defines the file types that are subject to an anti-virus scan. By default, if this parameter is not defined, only infected files by contents are scanned.

/fe

Scan only infected files by extension.

/fi

Scan only infected files by contents.

/fa

Scan all files.

<exclusions> – this parameter defines objects that are excluded from the scan.

The parameter may include several space-separated values from the list provided.

-e:a

Do not scan archives.

-e:b

Do not scan email databases.

-e:m

Do not scan plain text emails.

-e:<filemask>

Do not scan objects, which match the mask.

-e:<seconds>

Skip objects that are scanned for longer than the time specified in the <seconds> parameter.

-es:<size>

Skip objects with size (in MB) exceeding the value specified in the <size> setting.

This setting is only available for compound files (such as archives).

<configuration file> – defines the path to the configuration file that contains the application settings for the scan.

The configuration file is in text format and contains the set of command line parameters for the anti-virus scan.

You can enter an absolute or relative path to the file. If this parameter is not defined, the values set in the application interface are used.

/C:<file_name>

Use the settings’ values specified in the <file_name> configuration file.

<report settings> – this parameter determines the format of the report on scan results.

You can use an absolute or relative path to the file. If the setting is not defined, scan results are displayed on screen, and all events are shown.

/R:<report_file>

Log important events in this file only.

/RA:<report_file>

Log all events in this file.

<advanced settings> – settings that define the use of anti-virus scanning technologies.

/iChecker=<on|off>

Enable / disable the use of iChecker technology.

/iSwift=<on|off>

Enable / disable the use of iSwift technology.

Examples:

Start a scan of memory, Startup programs, mailboxes, the directories My Documents and Program Files and the file test.exe:

avp.com SCAN /MEMORY /STARTUP /MAIL “C:\Documents and Settings\All Users\My Documents” “C:\Program Files” “C:\Downloads\test.exe”

Scan the objects listed in the file object2scan.txt, using the configuration file scan_setting.txt for the job. Use the scan_setting.txt configuration file. When the scan is complete, create a report to log all events:

avp.com SCAN /MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log

A sample configuration file:

/MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log

Virus scan