ESET PRIVATE Scanning Solution – Table of Contents

Performing a static scan with various parameters

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

The following example shows how to run the scanner_agent with additional command-line parameters that modify the scanner’s detection behavior. These parameters allow customization of detection sensitivity for different threat categories, such as malware --malware_level and suspicious files --sus_level.

Explanation of the command-line parameters added:

--malware_level AGGRESSIVE

Sets the detection sensitivity for malware to AGGRESSIVE. This instructs the scanner to use a stricter detection mode, potentially flagging more threats but possibly increasing false positives compared to default or balanced levels.

--sus_level AGGRESSIVE

Sets the sensitivity for detecting suspicious files to AGGRESSIVE. Suspicious files are those that exhibit behaviors or characteristics that are unusual or potentially harmful but do not fit clear malware definitions. This setting increases the likelihood that these files are flagged for further inspection.

Command:

scanner_agent -t 'example.com/load_balancer:50052' -s -a
'http://example.com/scanner/protocol/openid-connect/token -u 'username' -p
'password' -v a7d4e2e63bef19fffee19920e82211f88e5e72cca19b7278f05a88499665e35a --malware_level AGGRESSIVE
--sus_level AGGRESSIVE --skip_cloud_reputation /bin/bash

Default Scanner JSON response example:

Will scan these files:

/bin/bash

{"scanResults": [{"objectReference": "/bin/bash", "dataHashSha1": "C5BE5FC32477D0D0B08952B5E56A5F6EA9FDF391",

"dataHashSha256": "A7D4E2E63BEF19FFFEE19920E82211F88E5E72CCA19B7278F05A88499665E35A", "dataSizeBytes": "756384",

"objectType": "OBJECT_TYPE_FILE", "objectDisplayName": "/bin/bash", "scanFinishTime": "2025-07-24T11:47:45Z",

"deepScanStatus": "DEEP_SCAN_STATUS_SKIPPED", "objectIsClean": true, "behavior": [], "parentObjectReference": "",

"threatCategory": "THREAT_CATEGORY_UNSPECIFIED", "threatName": ""}]}

Formatted JSON data (for easier readability)

{
  "scanResults": [
    {
      "objectReference": "/bin/bash",
      "dataHashSha1": "C5BE5FC32477D0D0B08952B5E56A5F6EA9FDF391",
      "dataHashSha256": "A7D4E2E63BEF19FFFEE19920E82211F88E5E72CCA19B7278F05A88499665E35A",
      "dataSizeBytes": "756384",
      "objectType": "OBJECT_TYPE_FILE",
      "objectDisplayName": "/bin/bash",
      "scanFinishTime": "2025-07-24T11:51:56Z",
      "deepScanStatus": "DEEP_SCAN_STATUS_SKIPPED",
      "objectIsClean": true,
      "behavior": [],
      "parentObjectReference": "",
      "threatCategory": "THREAT_CATEGORY_UNSPECIFIED",
      "threatName": ""
    }
  ]
}

Adjusting detection levels using options such as --malware_level and --sus_level does not add extra information or change the results in the scanner’s JSON output.

Instead, these parameters provide a way to customize the scan’s aggressiveness according to the environment’s risk tolerance.

Always review the JSON response carefully, especially the deepScanStatus and threat-related fields: threatCategory, threatName, to understand the full scan outcome.

˄˅