ESET PRIVATE Scanning Solution – Table of Contents

ESET Agent generic usage

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

Generic agent syntax

scanner_agent

Running scanner_agent without parameters:

Running scanner_agent without parameters displays the usage information and an error stating that the mandatory -t/--target argument is missing.

scanner_agent

scanner_agent [-h] -t TARGET [-j THREADS] [-c CRT] [-u USER] [-p PASSWORD] [-a AUTH]

[-k AUTH_CRT] [-s] [-d] [-b] [-x SHA1] [-v SHA256] [-o TIMEOUT] [--is_email] [--skip_archived_files]

[--skip_cloud_reputation] [--skip_email_parts] [--enable_machine_learning] [--skip_runtime_packed_files]

[--skip_sfx_archived_files] [--malware_level MALWARE_LEVEL] [--pup_level PUP_LEVEL] [--sus_level SUS_LEVEL]

[--punsafe_level PUNSAFE_LEVEL] [--deep_scan_result] [files ...]

scanner_agent: error: the following arguments are required: -t/--target

Running scanner_agent with parameter -h:

Displays a full list of available command-line options along with detailed explanations for each parameter. This help message provides guidance on how to use the tool, including required and optional flags, expected values, and descriptions that clarify the purpose of each option.

scanner_agent -h

scanner_agent [-h] -t TARGET [-j THREADS] [-c CRT] [-u USER] [-p PASSWORD] [-a AUTH]

[-k AUTH_CRT] [-s] [-d] [-b] [-x SHA1] [-v SHA256] [-o TIMEOUT] [--is_email] [--skip_archived_files]

[--skip_cloud_reputation] [--skip_email_parts] [--enable_machine_learning] [--skip_runtime_packed_files]

[--skip_sfx_archived_files] [--malware_level MALWARE_LEVEL] [--pup_level PUP_LEVEL] [--sus_level SUS_LEVEL]

[--punsafe_level PUNSAFE_LEVEL] [--deep_scan_result] [files ...]

Python3 gRPC scanner agent

Positional arguments:

Parameter	Description
Files	Path to files to be tested (can be a directory).

Options:

Options – short form	Options – long form	Description
-h	--help	Show this help message and exit.
-t TARGET	--target TARGET	Address of load balancer in format [address]:[port]
-j THREADS	--threads THREADS	Specify the number of parallel files to be scanned.
-c CRT	--crt CRT	Trusted ssl certificate (of load balancer) or cert bundle (can be left out, if you set the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable).
-u USER	--user USER	Username (or client id) for authorization server (required when authorization is configured).
-p PASSWORD	--password PASSWORD	Password (or client secret) for authorization server (required when authorization is configured).
-a AUTH	--auth AUTH	Authorization server to use (has to include the protocol, e.g. https://) (required for authorization).
-k AUTH_CRT	--auth_crt AUTH_CRT	Trusted ssl certificate (of authorization server) or cert bundle (can be left out, if you set the REQUESTS_CA_BUNDLE environment variable).
-s	--ssl	Indicates, that you want to use ssl.
-d	--debug	Adds some debug messages.
-b	--no_sha	Disable sha calculation.
-x SHA1	--sha1 SHA1	sha1 for files will not be calculated, just used from this option (for multiple files - sha1 hashes separated by ";")
-v SHA256	--sha256 SHA256	sha256 for files will not be calculated, just used from this option (for multiple files - sha256 hashes separated by ";")
	--is_email	Scan the given file as an email.
	--skip_archived_files	Archive will be treated as a BLOB with properties, such as its hash. The scan result is provided only for the archive itself. In some cases, it isn't obvious to the user, that a file is an archive (apk files, some document types, etc...). This setting can therefore significantly impact scan results if used on an archive file by mistake.
	--skip_cloud_reputation	The cloud reputation will not be considered when compiling scan results.
	--skip_email_parts	The email will be scanned as a BLOB, and scan results are provided solely for the email file.
	--skip_machine_learning	Threats will not be detected by using machine learning component.
	--skip_runtime_packed_files	The runtime packer will be scanned as a regular executable, and scan results are provided solely for the runtime packer.
	--skip_sfx_archived_files	The SFX is scanned as a regular executable, and scan results are provided solely for the SFX.
	--malware_level MALWARE_LEVEL	Change detection level for malware, one of { NONE, CAUTIOUS, BALANCED, AGGRESSIVE }
	--pup_level PUP_LEVEL	Change detection level for potentially unwanted applications, one of { NONE, CAUTIOUS, BALANCED, AGGRESSIVE }
	--sus_level SUS_LEVEL	Change detection level for suspicious files, one of { NONE, CAUTIOUS. BALANCED. AGGRESSIVE }
	--punsafe_level PUNSAFE_LEVEL	Change detection level for potentially unsafe applications, one of { NONE, CAUTIOUS, BALANCED, AGGRESSIVE }

Mandatory parameters for scanner agent, regardless of scan type:

Options – short form	Options – long form	Description
-t TARGET	--target TARGET	Address of load balancer in format [address]:[port]
-u USER	--user USER	Username (or client id) for authorization
-p PASSWORD	--password PASSWORD	Password (or client secret)for authorization server
-s	--ssl	Indicates, that you want to use ssl
-a AUTH	--auth AUTH	authorization server to use (has to include the protocol, e.g. https://)
-v SHA256	--sha256 SHA256	sha256 for files will not be calculated, just used from this option

Communication endpoints examples:

-t 'e2kr9b8q.threat.scanners.eset.systems:50052'
-a https://e2kr9b8qauth.threat.scanners.eset.systems/realms/scanner/protocol/openid-connect/token

Additional mandatory field for static scan

Options – short form	Options – long form	Description
	--skip_cloud_reputation	The cloud reputation (dynamic scanning) will not be considered when compiling scan results. Note: Relevant only for customers with ESET PRIVATE Scanning Solution connected to the dynamic scanning component

Options – short form

Options – long form

Description

--skip_cloud_reputation

The cloud reputation (dynamic scanning) will not be considered when compiling scan results.

Note: Relevant only for customers with ESET PRIVATE Scanning Solution connected to the dynamic scanning component

˄˅