Command line scanner
ESET Endpoint Antivirus's antivirus module can be launched via the command line – manually (with the “ecls” command) or with a batch (“bat”) file.
ESET Command-line scanner usage:
ecls [OPTIONS..] FILES..
The following parameters and switches can be used while running the on-demand scanner from the command line:
Options
/base-dir=FOLDER |
load modules from FOLDER |
/quar-dir=FOLDER |
quarantine FOLDER |
/exclude=MASK |
exclude files matching MASK from scanning |
/subdir |
scan subfolders (default) |
/no-subdir |
do not scan subfolders |
/max-subdir-level=LEVEL |
maximum sub-level of folders within folders to scan |
/symlink |
follow symbolic links (default) |
/no-symlink |
skip symbolic links |
/ads |
scan ADS (default) |
/no-ads |
do not scan ADS |
/log-file=FILE |
log output to FILE |
/log-rewrite |
overwrite output file (default – append) |
/log-console |
log output to console (default) |
/no-log-console |
do not log output to console |
/log-all |
also log clean files |
/no-log-all |
do not log clean files (default) |
/aind |
show activity indicator |
/auto |
scan and automatically clean all local disks |
Scanner options
/files |
scan files (default) |
/no-files |
do not scan files |
/memory |
scan memory |
/boots |
scan boot sectors |
/no-boots |
do not scan boot sectors (default) |
/arch |
scan archives (default) |
/no-arch |
do not scan archives |
/max-obj-size=SIZE |
only scan files smaller than SIZE megabytes (default 0 = unlimited) |
/max-arch-level=LEVEL |
maximum sub-level of archives within archives (nested archives) to scan |
/scan-timeout=LIMIT |
scan archives for LIMIT seconds at maximum |
/max-arch-size=SIZE |
only scan the files in an archive if they are smaller than SIZE (default 0 = unlimited) |
/max-sfx-size=SIZE |
only scan the files in a self-extracting archive if they are smaller than SIZE megabytes (default 0 = unlimited) |
scan email files (default) |
|
/no-mail |
do not scan email files |
/mailbox |
scan mailboxes (default) |
/no-mailbox |
do not scan mailboxes |
/sfx |
scan self-extracting archives (default) |
/no-sfx |
do not scan self-extracting archives |
/rtp |
scan runtime packers (default) |
/no-rtp |
do not scan runtime packers |
/unsafe |
scan for potentially unsafe applications |
/no-unsafe |
do not scan for potentially unsafe applications (default) |
/unwanted |
scan for potentially unwanted applications |
/no-unwanted |
do not scan for potentially unwanted applications (default) |
/suspicious |
scan for suspicious applications (default) |
/no-suspicious |
do not scan for suspicious applications |
/pattern |
use signatures (default) |
/no-pattern |
do not use signatures |
/heur |
enable heuristics (default) |
/no-heur |
disable heuristics |
/adv-heur |
enable Advanced heuristics (default) |
/no-adv-heur |
disable Advanced heuristics |
/ext-exclude=EXTENSIONS |
exclude file EXTENSIONS delimited by colon from scanning |
/clean-mode=MODE |
use cleaning MODE for infected objects The following options are available: •none (default) – No automatic cleaning will occur. •standard – ecls.exe will attempt to automatically clean or delete infected files. •strict – ecls.exe will attempt to automatically clean or delete infected files without user intervention (you will not be prompted before files are deleted). •rigorous – ecls.exe will delete files without attempting to clean regardless of what the file is. •delete – ecls.exe will delete files without attempting to clean, but will refrain from deleting sensitive files such as Windows system files. |
/quarantine |
copy infected files (if cleaned) to Quarantine (supplements the action carried out while cleaning) |
/no-quarantine |
do not copy infected files to Quarantine |
General options
/help |
show help and quit |
/version |
show version information and quit |
/preserve-time |
preserve last access timestamp |
Exit codes
0 |
no threat found |
1 |
threat found and cleaned |
10 |
some files could not be scanned (may be threats) |
50 |
threat found |
100 |
error |
Exit codes greater than 100 mean that the file was not scanned and thus can be infected. |