Command line scanner

ESET Endpoint Antivirus's antivirus module can be launched via the command line – manually (with the “ecls” command) or with a batch (“bat”) file.

ESET Command-line scanner usage:

ecls [OPTIONS..] FILES..

The following parameters and switches can be used while running the on-demand scanner from the command line:

Options

/base-dir=FOLDER

load modules from FOLDER

/quar-dir=FOLDER

quarantine FOLDER

/exclude=MASK

exclude files matching MASK from scanning

/subdir

scan subfolders (default)

/no-subdir

do not scan subfolders

/max-subdir-level=LEVEL

maximum sub-level of folders within folders to scan

/symlink

follow symbolic links (default)

/no-symlink

skip symbolic links

/ads

scan ADS (default)

/no-ads

do not scan ADS

/log-file=FILE

log output to FILE

/log-rewrite

overwrite output file (default – append)

/log-console

log output to console (default)

/no-log-console

do not log output to console

/log-all

also log clean files

/no-log-all

do not log clean files (default)

/aind

show activity indicator

/auto

scan and automatically clean all local disks

Scanner options

/files

scan files (default)

/no-files

do not scan files

/memory

scan memory

/boots

scan boot sectors

/no-boots

do not scan boot sectors (default)

/arch

scan archives (default)

/no-arch

do not scan archives

/max-obj-size=SIZE

only scan files smaller than SIZE megabytes (default 0 = unlimited)

/max-arch-level=LEVEL

maximum sub-level of archives within archives (nested archives) to scan

/scan-timeout=LIMIT

scan archives for LIMIT seconds at maximum

/max-arch-size=SIZE

only scan the files in an archive if they are smaller than SIZE (default 0 = unlimited)

/max-sfx-size=SIZE

only scan the files in a self-extracting archive if they are smaller than SIZE megabytes (default 0 = unlimited)

/mail

scan email files (default)

/no-mail

do not scan email files

/mailbox

scan mailboxes (default)

/no-mailbox

do not scan mailboxes

/sfx

scan self-extracting archives (default)

/no-sfx

do not scan self-extracting archives

/rtp

scan runtime packers (default)

/no-rtp

do not scan runtime packers

/unsafe

scan for potentially unsafe applications

/no-unsafe

do not scan for potentially unsafe applications (default)

/unwanted

scan for potentially unwanted applications

/no-unwanted

do not scan for potentially unwanted applications (default)

/suspicious

scan for suspicious applications (default)

/no-suspicious

do not scan for suspicious applications

/pattern

use signatures (default)

/no-pattern

do not use signatures

/heur

enable heuristics (default)

/no-heur

disable heuristics

/adv-heur

enable Advanced heuristics (default)

/no-adv-heur

disable Advanced heuristics

/ext-exclude=EXTENSIONS

exclude file EXTENSIONS delimited by colon from scanning

/clean-mode=MODE

use cleaning MODE for infected objects
 

The following options are available:

none (default) – No automatic cleaning will occur.

standard – ecls.exe will attempt to automatically clean or delete infected files.

strict – ecls.exe will attempt to automatically clean or delete infected files without user intervention (you will not be prompted before files are deleted).

rigorous – ecls.exe will delete files without attempting to clean regardless of what the file is.

delete – ecls.exe will delete files without attempting to clean, but will refrain from deleting sensitive files such as Windows system files.

/quarantine

copy infected files (if cleaned) to Quarantine

(supplements the action carried out while cleaning)

/no-quarantine

do not copy infected files to Quarantine

General options

/help

show help and quit

/version

show version information and quit

/preserve-time

preserve last access timestamp

Exit codes

0

no threat found

1

threat found and cleaned

10

some files could not be scanned (may be threats)

50

threat found

100

error


note

Exit codes greater than 100 mean that the file was not scanned and thus can be infected.