Command Line

ESET NOD32 Antivirus's antivirus module can be launched via the command line – manually (with the “ecls” command) or with a batch (“bat”) file. ESET Command-line scanner usage:

ecls [OPTIONS..] FILES..

The following parameters and switches can be used while running the on-demand scanner from the command line:

Options

/base-dir=FOLDER

load modules from FOLDER

/quar-dir=FOLDER

quarantine FOLDER

/exclude=MASK

exclude files matching MASK from scanning

/subdir

scan subfolders (default)

/no-subdir

do not scan subfolders

/max-subdir-level=LEVEL

maximum sub-level of folders within folders to scan

/symlink

follow symbolic links (default)

/no-symlink

skip symbolic links

/ads

scan ADS (default)

/no-ads

do not scan ADS

/log-file=FILE

log output to FILE

/log-rewrite

overwrite output file (default – append)

/log-console

log output to console (default)

/no-log-console

do not log output to console

/log-all

also log clean files

/no-log-all

do not log clean files (default)

/aind

show activity indicator

/auto

scan and automatically clean all local disks

Scanner options

/files

scan files (default)

/no-files

do not scan files

/memory

scan memory

/boots

scan boot sectors

/no-boots

do not scan boot sectors (default)

/arch

scan archives (default)

/no-arch

do not scan archives

/max-obj-size=SIZE

only scan files smaller than SIZE megabytes (default 0 = unlimited)

/max-arch-level=LEVEL

maximum sub-level of archives within archives (nested archives) to scan

/scan-timeout=LIMIT

scan archives for LIMIT seconds at maximum

/max-arch-size=SIZE

only scan the files in an archive if they are smaller than SIZE (default 0 = unlimited)

/max-sfx-size=SIZE

only scan the files in a self-extracting archive if they are smaller than SIZE megabytes (default 0 = unlimited)

/mail

scan email files (default)

/no-mail

do not scan email files

/mailbox

scan mailboxes (default)

/no-mailbox

do not scan mailboxes

/sfx

scan self-extracting archives (default)

/no-sfx

do not scan self-extracting archives

/rtp

scan runtime packers (default)

/no-rtp

do not scan runtime packers

/unsafe

scan for potentially unsafe applications

/no-unsafe

do not scan for potentially unsafe applications (default)

/unwanted

scan for potentially unwanted applications

/no-unwanted

do not scan for potentially unwanted applications (default)

/suspicious

scan for suspicious applications (default)

/no-suspicious

do not scan for suspicious applications

/pattern

use signatures (default)

/no-pattern

do not use signatures

/heur

enable heuristics (default)

/no-heur

disable heuristics

/adv-heur

enable Advanced heuristics (default)

/no-adv-heur

disable Advanced heuristics

/ext=EXTENSIONS

scan only EXTENSIONS delimited by colon

/ext-exclude=EXTENSIONS

exclude EXTENSIONS delimited by colon from scanning

/clean-mode=MODE

use cleaning MODE for infected objects
 

The following options are available:

none – No automatic cleaning will occur.

standard (default) – ecls.exe will attempt to automatically clean or delete infected files.

strict – ecls.exe will attempt to automatically clean or delete infected files without user intervention (you will not be prompted before files are deleted).

rigorous – ecls.exe will delete files without attempting to clean regardless of what the file is.

delete – ecls.exe will delete files without attempting to clean, but will refrain from deleting sensitive files such as Windows system files.

/quarantine

copy infected files (if cleaned) to Quarantine

(supplements the action carried out while cleaning)

/no-quarantine

do not copy infected files to Quarantine

General options

/help

show help and quit

/version

show version information and quit

/preserve-time

preserve last access timestamp

Exit codes

0

no threat found

1

threat found and cleaned

10

some files could not be scanned (may be threats)

50

threat found

100

error

icon_details_hoverNOTE

Exit codes greater than 100 mean that the file was not scanned and thus can be infected.