Usage

Syntax

Commands must be formatted in the correct syntax to function and can be composed of a prefix, context, arguments, options, etc. This is the general syntax used throughout eShell:

[<prefix>] [<command path>] <command> [<arguments>]

Example (this activates document protection):

SET COMPUTER SCANS DOCUMENT REGISTER ENABLED

SET - a prefix

COMPUTER SCANS DOCUMENT - path to a specific command, a context where this command belongs

REGISTER - the command itself

ENABLED - an argument for the command

Using ? as an argument for command will display the syntax for that specific command. For example, STATUS ? will show you the syntax for STATUS command:

SYNTAX:

[get] status

OPERATIONS:

get - Show status of all protection modules

You may notice that [get] is in brackets. It designates that the prefix get is default for the status command. This means that when you execute status without specifying any prefix, it will actually use the default prefix (in this case get status). Using commands without a prefix saves time when typing. Usually get is the default prefix for most commands, but you need to be sure what the default prefix is for a specific command and that it is exactly what you want to execute.


note

Commands are not case sensitive, you can use upper case (capital) or lower case letters and the command will execute regardless.

Prefix / Operation

A prefix is an operation. The GET prefix will give you information about how a certain feature of ESET Server Security is configured or show you the status (such as GET COMPUTER REAL-TIME STATUS will show you current protection status of the Real-time module). The SET prefix will configure functionality or change its status (SET COMPUTER REAL-TIME STATUS ENABLED will activate Real-time protection).

These are the prefixes that eShell lets you use. A command may or may not support any of the prefixes:

GET

returns current setting/status

SET

sets value/status

SELECT

selects an item

ADD

adds an item

REMOVE

removes an item

CLEAR

removes all items/files

START

starts an action

STOP

stops an action

PAUSE

pauses an action

RESUME

resumes an action

RESTORE

restores default settings/object/file

SEND

sends an object/file

IMPORT

imports from a file

EXPORT

exports to a file


note

Prefixes such as GET and SET are used with many commands, but some commands (such as EXIT) do not use a prefix.

Command path / Context

Commands are placed in contexts which form a tree structure. The top level of the tree is root. When you run eShell, you are at the root level:

eShell>

You can execute a command from here or type the context name to navigate within the tree. For example, when you type the TOOLS context, it will list all commands and sub-contexts available.

page_tools_eshell_context

Yellow items are commands you can execute and grey items are sub-contexts you can enter. A sub-context contain further commands.

If you need to return back to a higher level, use .. (two dots).


example

Say you are here:

eShell computer real-time>

type .. to go up one level, to:

eShell computer>

If you want to get back to root from eShell computer real-time> (which is two levels lower than root), simply type .. .. (two dots and two dots separated by space). By doing so, you will get two levels up, which is root in this case. Use backslash \ to return directly to root from any level no matter how deep within the context tree you are. If you want to get to a specific context in upper levels, simply use the appropriate number of .. commands to get to the desired level, using space as a separator. For example, if you want to get three levels higher, use .. .. ..

The path is relative to the current context. Do not type a path if the command is contained in the current context. For example, to execute GET COMPUTER REAL-TIME STATUS enter:

GET COMPUTER STATUS - If you are in the root context (command line shows eShell>)

GET STATUS - If you are in the context COMPUTER (command line shows eShell computer>)

.. GET STATUS - If you are in the context COMPUTER REAL-TIME (command line shows eShell computer real-time>)

You can use single . (dot) instead of two .. because single dot is an abbreviation of two dots.


example

. GET STATUS - if you are in the context COMPUTER REAL-TIME (command line shows eShell computer real-time>)

Argument

An argument an action which is performed for a specific command. For example, command CLEAN-LEVEL (located in COMPUTER REAL-TIME ENGINE) can be used with following arguments:

rigorous - Always remedy detection

safe - Remedy detection if safe, keep otherwise

normal - Remedy detection if safe, ask otherwise

none - Always ask the end user

Another example are the arguments ENABLED or DISABLED, which are used to enable or disable a certain feature or functionality.

Abbreviated form / Shortened commands

eShell allows you to shorten contexts, commands and arguments (provided the argument is a switch or an alternative option). You cannot shorten a prefix or argument with concrete values such as a number, name or path. You can use numbers 1 and 0 instead of enabled and disabled arguments.


example

computer set real-time status enabled        =>        com set real stat 1

computer set real-time status disabled        =>        com set real stat 0

Examples of the short form:


example

computer set real-time status enabled        =>        com set real stat en

computer exclusions add detection-excludes object C:\path\file.ext        =>        com excl add det obj C:\path\file.ext

computer exclusions remove detection-excludes 1        =>        com excl rem det 1

If two commands or contexts start with the same letters (such as ADVANCED and AUTO-EXCLUSIONS, and you type A as shortened context), eShell will not be able to decide which context of these two you want to type. An error message will display and list commands starting with "A" which you can choose from:

eShell>a

The following command is not unique: a

The following sub-contexts are available in COMPUTER context:

ADVANCED

AUTO-EXCLUSIONS

By adding one or more letter (for example AD instead of just A) eShell will enter ADVANCED sub-context since it is unique now. The same applies to abbreviated commands.


note

When you want to be sure that a command executes the way you need, we recommend that you do not abbreviate commands, arguments, etc. and use the full form. This way, eShell will execute exactly what you need and prevent unwanted mistakes. This is especially true for batch files/scripts.

Automatic completion

This new feature was introduced in eShell 2.0 and is very similar to automatic completion in Windows Command Prompt. While Windows Command Prompt completes file paths, eShell completes commands, context and operation names. Argument completion is not supported.

Press Tab to complete or cycle through available variations when typing a command.

Press SHIFT + Tab to cycle backward. Mixing abbreviated form and automatic completion is not supported. Use either one or the other.

For example, when you type computer real-time additional hitting Tab will do nothing. Instead, type com and then Tab to complete computer, continue typing real + Tab, and add + Tab, hit Enter. Type on + Tab and continue hitting Tab to cycle through all available variations: on-execute-ah, on-execute-ah-removable, on-write-ah, on-write-archive-default, etc.

Aliases

An alias is an alternative name which can be used to execute a command (provided that the command has an alias assigned). There are a few default aliases:

(global) close - exit

(global) quit - exit

(global) bye - exit

warnlog - tools log events

virlog - tools log detections

"(global)" means that the command can be used anywhere regardless of current context. One command can have multiple aliases assigned, for example the command EXIT has aliases CLOSE, QUIT and BYE. When you want to exit eShell, you can use the EXIT command itself or any of its aliases. The alias VIRLOG is an alias for the command DETECTIONS which is located in the TOOLS LOG context. This way the detections command is available from the ROOT context, making it easier to access (you do not have to type TOOLS and then LOG sub-context and run it directly from ROOT).

eShell allows you to define your own aliases. Command ALIAS can be found in UI ESHELL context.

Password protected settings

ESET Server Security settings can be protected by a password. You can set a password using GUI or eShell using the set ui access lock-password.

You must type this password interactively for certain commands (such as changing settings or modifying data). If you plan to work with eShell for a longer period and do not want to type the password repeatedly, you can get eShell to remember the password using the set password command (execute from root). Your password will then be filled in automatically for each executed command that requires a password. It is remembered until you exit eShell; you must use the set password again when you start a new session and want eShell to remember your password.

Guide / Help

When you run the GUIDE or HELP command, it will display a "first run" screen explaining how to use eShell. This command is available only from the ROOT context (eShell>).

Command history

eShell keeps a history of previously executed commands. This applies only to the current eShell interactive session. Once you exit eShell, the command history will be dropped. Use the Up and Down arrow keys on your keyboard to navigate through the history. Once you find the command you were looking for, you can execute it again, or modify it without having to type in the entire command from the beginning.

CLS / Clear screen

The CLS command can be used to clear the screen. It works the same way as it does with Windows Command Prompt or similar command line interfaces.

EXIT / CLOSE / QUIT / BYE

To close or exit eShell, you can use any of these commands (EXIT, CLOSE, QUIT or BYE).