Switch
|
Description
|
/AA
|
Apply actions to detected threats automatically. (For Scanner only.)
|
/AC
|
Scan containers. Option is enabled by default.
|
/AFS
|
Use forward slash to separate paths in an archive. Option is disabled by default.
|
/AR
|
Scan archives. Option is enabled by default.
|
/ARC:<commpression_ratio>
|
Maximum compression level. If the compression ratio of the archive exceeds the limit, Scanner neither unpacks nor scans the archive. By default: unlimited.
|
/ARL:<nesting_level>
|
Maximum archive nesting level. By default: unlimited.
|
/ARS:<size>
|
Maximum archive size (in KB). By default: unlimited.
|
/ART:<size>
|
Minimum size of a file inside an archive beginning from which compression ratio check is performed (in KB). By default: unlimited.
|
/ARX:<size>
|
Maximum size of a file inside an archive that is scanned (in KB). By default: unlimited.
|
/BI
|
Show information on virus databases. Option is enabled by default.
|
/CUSTOM
|
Perform a custom scan. If additional parameters are set (for example, objects to be scanned or /TM and /TB parameters), only the specified objects will be scanned. (For Scanner only.)
|
/DCT
|
Do not display estimated scan time. (For Console Scanner only.)
|
/DR
|
Scan folders recursively (scan subfolders). Option is enabled by default.
|
/E:<number_of_threads>
|
Perform scanning in specified number of threads.
|
/FAST
|
Perform an express scan of the system. If additional parameters are set (for example, objects to be scanned or /TM and /TB parameters), the specified objects will also be scanned. (For Scanner only.)
|
/FL:<file_name>
|
Scan paths listed in the specified file.
|
/FM:<mask>
|
Scan files matching the specified mask. By default, all files are scanned.
|
/FR:<regexpr>
|
Scan files matching the specified regular expression. By default, all files are scanned.
|
/FULL
|
Perform a full scan of all hard drives and removable media (including boot sectors). If additional parameters are set (for example, objects to be scanned or /TM and /TB parameters), an express scan will be performed, and the specified objects will be scanned. (For Scanner only.)
|
/FX:<mask>
|
Exclude from scan files that match the specified mask. (For Console Scanner only.)
|
/GO
|
Scanner operation mode that skips the questions that require answers from a user; decisions that require a selection are made automatically. This mode is useful for the automatic file scan; for example, for the daily or weekly hard disk scanning. An object for scanning must be indicated in the command line. Along with the /GO parameter, it is also possible to use the following parameters: /LITE, /FAST, /FULL. In this mode, the scanning stops when switching to the battery power.
|
/H or /?
|
Show brief help. (For Console Scanner only.)
|
/HA
|
Use heuristic analysis to detect unknown threats. Option is enabled by default.
|
/LITE
|
Perform a basic scan of random access memory and boot sectors of all disks as well as run a scan for rootkits. (For Scanner only.)
|
/LN
|
Resolve shell links. Option is disabled by default.
|
/LS
|
Scan using LocalSystem account rights. Option is disabled by default.
|
/MA
|
Scan mail files. Option is enabled by default.
|
/MC:<number_of_attempts>
|
Set the maximum number of cure attempts. By default: unlimited.
|
/NI[:X]
|
Limits usage of system resources at scanning (%). Defines the amount of memory required for scanning and the system priority of scanning process. By default: unlimited.
|
/NOREBOOT
|
Cancel system reboot or shutdown after scanning. (For Scanner only.)
|
/NT
|
Scan NTFS streams. Option is enabled by default.
|
/OK
|
Show the full list of scanned objects and mark clean files with Ok. Option is disabled by default.
|
/P:<priority>
|
Priority of the current scanning task. Can be as follows:
0—the lowest
L—low
N—normal (default priority)
H—high
M—maximal
|
/PAL:<nesting_level>
|
Maximum nesting level for executable packers. If a nesting level is greater than the specified value, scanning proceeds until this limit is reached. The nesting level is 1,000 by default.
|
/QL
|
Show the list of files quarantined on all disks. (For Console Scanner only.)
|
/QL:<logical_drive_letter>
|
Show the list of files quarantined on the specified logical drive. (For Console Scanner only.)
|
/QNA
|
Double quote paths.
|
/QR[:[d][:p]]
|
Delete quarantined files on drive <d >(logical_drive_letter) that are older than <p> (number) days. If <d> and <p> are not specified, all quarantined files on all drives are deleted. (For Console Scanner only.)
|
/QUIT
|
Terminate Scanner once scanning is completed regardless of whether or not any actions have been applied to the detected threats. (For Scanner only.)
|
/RA:<file_name>
|
Append the report on program operation to the specified file. By default, logging is disabled (when running Scanner in the command-line mode).
|
/REP
|
Follow symbolic links while scanning. Option is disabled by default.
|
/RK
|
Scan for rootkits. Option is disabled by default.
|
/RP:<file_name>
|
Append the report on program operation to the specified file. By default, logging is disabled (when running Scanner in the command-line mode).
|
/RPC:<sec>
|
Scanning Engine connection time-out. Time-out is 30 seconds by default. (For Console Scanner only.)
|
/SCC
|
Show content of complex objects. Option is disabled by default.
|
/SCN
|
Show container name. Option is disabled by default.
|
/SLS
|
Show logs on the screen. Option is enabled by default. (For Console Scanner only.)
|
/SPN
|
Show packer name. Option is disabled by default.
|
/SPS
|
Display the scan progress on the screen. Option is enabled by default. (For Console Scanner only.)
|
/SST
|
Display object scan time. Option is disabled by default.
|
/ST
|
Start of Scanner in the background mode. If the /GO parameter is not set, the graphical mode is displayed only in case of threat detection. In this mode, the scanning stops when switching to the battery power.
|
/TB
|
Scan boot sectors including master boot record (MBR) of the hard drive.
|
/TM
|
Scan processes in memory including Windows system control area.
|
/TR
|
Scan system restore points.
|
/W:<sec>
|
Maximum time to scan (sec.). By default: unlimited.
|
/WCL
|
drwebwcl compatible output. (For Console Scanner only.)
|
/X:S[:R]
|
Set one of the following states for the computer to enter once scanning is completed: Shutdown/Reboot/Suspend/Hibernate.
|
The following actions can be specified for different objects (C—cure, Q—move to quarantine, D—delete, I—ignore, R—inform; R is available for Console Scanner only; R is set by default for all objects in Console Scanner):
Action
|
Description
|
/AAD:<action>
|
action for adware (possible: DQIR)
|
/AAR:<action>
|
action for infected archives (possible: DQIR)
|
/ACN:<action>
|
action for infected containers (possible: DQIR)
|
/ADL:<action>
|
action for dialers (possible: DQIR)
|
/AES:<action>
|
action for exploitable software (possible: IR)
|
/AHT:<action>
|
action for hacktools (possible: DQIR)
|
/AIC:<action>
|
action for incurable files (possible: DQR)
|
/AIN:<action>
|
action for infected files (possible: CDQR)
|
/AJK:<action>
|
action for jokes (possible: DQIR)
|
/AML:<action>
|
action for infected mail files (possible: QIR)
|
/ARW:<action>
|
action for riskware (possible: DQIR)
|
/ASU:<action>
|
action for suspicious files (possible: DQIR)
|
Several switches can have modifiers that explicitly enable or disable options specified by these switches. For example, as follows:
/AC-
|
option is clearly disabled
|
/AC, /AC+
|
option is clearly enabled
|
These modifiers can be useful if the option is enabled or disabled by default or has been set in the configuration file earlier. The following switches can have modifiers:
/AC, /AFS, /AR, /BI, /DR, /HA, /LN, /LS, /MA, /NT, /OK, /QNA, /REP, /SCC, /SCN, /SLS, /SPN, /SPS, /SST, /TB, /TM, /TR, /WCL.
For /FL parameter '-' modifier directs to scan the paths listed in the specified file and then delete this file.
For /ARC, /ARL, /ARS, /ART, /ARX, /NI[:X], /PAL, /RPC, /W parameters "0" value means that there is no limit.
The following example shows how to use command-line switches with Console Scanner:
[<path_to_program>]dwscancl /AR- /AIN:C /AIC:Q C:\
scan all files on disk 'C:', excluding those in archives; cure the infected files and move to quarantine those that cannot be cured. To run Scanner the same way, enter the dwscancl command name instead of dwscanner.
|