Scanner and Console Scanner Parameters

Switch

Description

/AA

Apply actions to detected threats automatically. (For Scanner only.)

/AC

Scan containers. Option is enabled by default.

/AFS

Use forward slash to separate paths in an archive. Option is disabled by default.

/AR

Scan archives. Option is enabled by default.

/ARC:<commpression_ratio>

Maximum compression level. If the compression ratio of the archive exceeds the limit, Scanner neither unpacks nor scans the archive. By default: unlimited.

/ARL:<nesting_level>

Maximum archive nesting level. By default: unlimited.

/ARS:<size>

Maximum archive size (in KB). By default: unlimited.

/ART:<size>

Minimum size of a file inside an archive beginning from which compression ratio check is performed (in KB). By default: unlimited.

/ARX:<size>

Maximum size of a file inside an archive that is scanned (in KB). By default: unlimited.

/BI

Show information on virus databases. Option is enabled by default.

/CUSTOM

Perform a custom scan. If additional parameters are set (for example, objects to be scanned or /TM and /TB parameters), only the specified objects will be scanned. (For Scanner only.)

/DCT

Do not display estimated scan time. (For Console Scanner only.)

/DR

Scan folders recursively (scan subfolders). Option is enabled by default.

/E:<number_of_threads>

Perform scanning in specified number of threads.

/FAST

Perform an express scan of the system. If additional parameters are set (for example, objects to be scanned or /TM and /TB parameters), the specified objects will also be scanned. (For Scanner only.)

/FL:<file_name>

Scan paths listed in the specified file.

/FM:<mask>

Scan files matching the specified mask. By default, all files are scanned.

/FR:<regexpr>

Scan files matching the specified regular expression. By default, all files are scanned.

/FULL

Perform a full scan of all hard drives and removable media (including boot sectors). If additional parameters are set (for example, objects to be scanned or /TM and /TB parameters), an express scan will be performed, and the specified objects will be scanned. (For Scanner only.)

/FX:<mask>

Exclude from scan files that match the specified mask. (For Console Scanner only.)

/GO

Scanner operation mode that skips the questions that require answers from a user; decisions that require a selection are made automatically. This mode is useful for the automatic file scan; for example, for the daily or weekly hard disk scanning. An object for scanning must be indicated in the command line. Along with the /GO parameter, it is also possible to use the following parameters: /LITE, /FAST, /FULL. In this mode, the scanning stops when switching to the battery power.

/H or /?

Show brief help. (For Console Scanner only.)

/HA

Use heuristic analysis to detect unknown threats. Option is enabled by default.

/LITE

Perform a basic scan of random access memory and boot sectors of all disks as well as run a scan for rootkits. (For Scanner only.)

/LN

Resolve shell links. Option is disabled by default.

/LS

Scan using LocalSystem account rights. Option is disabled by default.

/MA

Scan mail files. Option is enabled by default.

/MC:<number_of_attempts>

Set the maximum number of cure attempts. By default: unlimited.

/NI[:X]

Limits usage of system resources at scanning (%). Defines the amount of memory required for scanning and the system priority of scanning process. By default: unlimited.

/NOREBOOT

Cancel system reboot or shutdown after scanning. (For Scanner only.)

/NT

Scan NTFS streams. Option is enabled by default.

/OK

Show the full list of scanned objects and mark clean files with Ok. Option is disabled by default.

/P:<priority>

Priority of the current scanning task. Can be as follows:

0—the lowest

L—low

N—normal (default priority)

H—high

M—maximal

/PAL:<nesting_level>

Maximum nesting level for executable packers. If a nesting level is greater than the specified value, scanning proceeds until this limit is reached. The nesting level is 1,000 by default.

/QL

Show the list of files quarantined on all disks. (For Console Scanner only.)

/QL:<logical_drive_letter>

Show the list of files quarantined on the specified logical drive. (For Console Scanner only.)

/QNA

Double quote paths.

/QR[:[d][:p]]

Delete quarantined files on drive <d >(logical_drive_letter) that are older than <p> (number) days. If <d> and <p> are not specified, all quarantined files on all drives are deleted. (For Console Scanner only.)

/QUIT

Terminate Scanner once scanning is completed regardless of whether or not any actions have been applied to the detected threats. (For Scanner only.)

/RA:<file_name>

Append the report on program operation to the specified file. By default, logging is disabled (when running Scanner in the command-line mode).

/REP

Follow symbolic links while scanning. Option is disabled by default.

/RK

Scan for rootkits. Option is disabled by default.

/RP:<file_name>

Append the report on program operation to the specified file. By default, logging is disabled (when running Scanner in the command-line mode).

/RPC:<sec>

Scanning Engine connection time-out. Time-out is 30 seconds by default. (For Console Scanner only.)

/SCC

Show content of complex objects. Option is disabled by default.

/SCN

Show container name. Option is disabled by default.

/SLS

Show logs on the screen. Option is enabled by default. (For Console Scanner only.)

/SPN

Show packer name. Option is disabled by default.

/SPS

Display the scan progress on the screen. Option is enabled by default. (For Console Scanner only.)

/SST

Display object scan time. Option is disabled by default.

/ST

Start of Scanner in the background mode. If the /GO parameter is not set, the graphical mode is displayed only in case of threat detection. In this mode, the scanning stops when switching to the battery power.

/TB

Scan boot sectors including master boot record (MBR) of the hard drive.

/TM

Scan processes in memory including Windows system control area.

/TR

Scan system restore points.

/W:<sec>

Maximum time to scan (sec.). By default: unlimited.

/WCL

drwebwcl compatible output. (For Console Scanner only.)

/X:S[:R]

Set one of the following states for the computer to enter once scanning is completed: Shutdown/Reboot/Suspend/Hibernate.

The following actions can be specified for different objects (C—cure, Q—move to quarantine, D—delete, I—ignore, R—inform; R is available for Console Scanner only; R is set by default for all objects in Console Scanner):

Action

Description

/AAD:<action>

action for adware (possible: DQIR)

/AAR:<action>

action for infected archives (possible: DQIR)

/ACN:<action>

action for infected containers (possible: DQIR)

/ADL:<action>

action for dialers (possible: DQIR)

/AES:<action>

action for exploitable software (possible: IR)

/AHT:<action>

action for hacktools (possible: DQIR)

/AIC:<action>

action for incurable files (possible: DQR)

/AIN:<action>

action for infected files (possible: CDQR)

/AJK:<action>

action for jokes (possible: DQIR)

/AML:<action>

action for infected mail files (possible: QIR)

/ARW:<action>

action for riskware (possible: DQIR)

/ASU:<action>

action for suspicious files (possible: DQIR)

Several switches can have modifiers that explicitly enable or disable options specified by these switches. For example, as follows:

/AC-

option is clearly disabled

/AC, /AC+

option is clearly enabled

These modifiers can be useful if the option is enabled or disabled by default or has been set in the configuration file earlier. The following switches can have modifiers:

/AC,   /AFS,   /AR,   /BI,   /DR,   /HA,   /LN,   /LS,   /MA,   /NT,   /OK,   /QNA,   /REP,   /SCC,   /SCN,   /SLS,   /SPN,   /SPS,   /SST,   /TB,   /TM,   /TR,   /WCL.

For /FL parameter '-' modifier directs to scan the paths listed in the specified file and then delete this file.

For /ARC, /ARL, /ARS, /ART, /ARX, /NI[:X], /PAL, /RPC, /W parameters "0" value means that there is no limit.

The following example shows how to use command-line switches with Console Scanner:

[<path_to_program>]dwscancl /AR- /AIN:C /AIC:Q C:\

scan all files on disk 'C:', excluding those in archives; cure the infected files and move to quarantine those that cannot be cured. To run Scanner the same way, enter the dwscancl command name instead of dwscanner.