ESET PRIVATE Scanning Solution – Table of Contents

Performing a static scan

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

The command below demonstrates how to request a static scan using valid credentials and includes a mandatory option: --skip_cloud_reputation. This option instructs the scanner to bypass cloud reputation checks during the scan, preventing it from querying cloud-based reputation services such as ESET LiveGuard Advanced. Use of this option ensures the scan relies exclusively on local static analysis and avoids sending file metadata or hashes to the cloud. For static scans, specifying this parameter is mandatory.

Command:

scanner_agent -t 'example.com/load_balancer:50052' -s -a
'http://example.com/scanner/protocol/openid-connect/token -u 'username' -p
'password' -v a7d4e2e63bef19fffee19920e82211f88e5e72cca19b7278f05a88499665e35a
--skip_cloud_reputation /bin/bash

Default Scanner JSON response example:

Will scan these files:

/bin/bash

{"scanResults": [{"objectReference": "/bin/bash", "dataHashSha1": "C5BE5FC32477D0D0B08952B5E56A5F6EA9FDF391",

"dataHashSha256": "A7D4E2E63BEF19FFFEE19920E82211F88E5E72CCA19B7278F05A88499665E35A", "dataSizeBytes": "756384",

"objectType": "OBJECT_TYPE_FILE", "objectDisplayName": "/bin/bash", "scanFinishTime": "2025-05-20T13:20:10Z",

"deepScanStatus": "DEEP_SCAN_STATUS_SKIPPED", "objectIsClean": true, "behavior": [],

"parentObjectReference": "", "threatCategory": "THREAT_CATEGORY_UNSPECIFIED", "threatName": ""}]}

Formatted JSON data (for easier readability)

{
  "scanResults": [
    {
      "objectReference": "/bin/bash",
      "dataHashSha1": "C5BE5FC32477D0D0B08952B5E56A5F6EA9FDF391",
      "dataHashSha256": "A7D4E2E63BEF19FFFEE19920E82211F88E5E72CCA19B7278F05A88499665E35A",
      "dataSizeBytes": "756384",
      "objectType": "OBJECT_TYPE_FILE",
      "objectDisplayName": "/bin/bash",
      "scanFinishTime": "2025-07-24T11:42:22Z",
      "deepScanStatus": "DEEP_SCAN_STATUS_SKIPPED",
      "objectIsClean": true,
      "behavior": [],
      "parentObjectReference": "",
      "threatCategory": "THREAT_CATEGORY_UNSPECIFIED",
      "threatName": ""
    }
  ]
}

Explanation of JSON Fields and static scan result:

•objectReference:; The path or identifier of the scanned object.

•dataHashSha1 / dataHashSha256:; Cryptographic hashes of the scanned file used to identify it uniquely.

•dataSizeBytes:; Size of the file in bytes.

•objectType:; Type of the scanned object (e.g., file, directory).

•objectDisplayName:; Friendly name or path of the scanned object.

•scanFinishTime:; Timestamp marking when the scan was completed.

•deepScanStatus:; Indicates whether a dynamic scan was performed:

o"DEEP_SCAN_STATUS_SKIPPED" means no dynamic scan was requested and only static scanning was performed.

•objectIsClean:; Boolean indicating whether the file was found to be clean (true) or infected (false).

•behavior:; Behavioral indicators or actions detected during the scan (empty array here, indicating none).

•parentObjectReference:; Reference to a containing object if applicable.

•threatCategory and threatName:; Information about the detected threat category and name if any malware or suspicious content was found. Empty here since the file is clean.

˄˅