Running an OnDemand Scan via Command Prompt Window
You can effortlessly initiate an On-Demand Scan right from the Command Prompt window. This offers a quick and efficient way to start a scan without needing to navigate through any graphical interfaces.
You can immediately trigger a scan and customize its parameters using specific commands.
This approach offers high control and flexibility, making it suitable for advanced users or system administrators overseeing large environments.
Start Here
Using the command line, you can initiate a scan on the Windows endpoint:
Follow these steps:
- Go to C:\Program Files\Qualys\QualysEPP
- Execute this command –
.\product.console.exe /c FileScan.OnDemand.RunScanTask custom path= “define the directory that needs to be scanned”
Example
Supported Commands
When it comes to the command line interface, there's a whole range of commands to explore. Some of these commands need specific parameters to give you the results you're looking for. Ready to dive in and discover more?
FileScan.OnDemand.RunScanTask custom [option]
This command empowers you to initiate a manual scan with customized settings, allowing you to precisely define the exact scope and parameters of the scan.
Here's what's involved:
| Option | Description |
| FileScan.OnDemand | This signifies that the setting or command is for a manual on-demand scan, giving you the control to scan specific files or directories at your chosen time. |
| RunScanTask | This indicates your intention to kick off a scan task. |
| Custom | This denotes that the scan task is tailored to your specific requirements, allowing you to define parameters and settings for the scan. |
| [option] | These additional parameters enable you to specify exactly how the scan should be conducted, including options to define file types, directories, and other settings. |
How it works:
- Initiate Scan: You initiate the scan manually using the command or setting.
- Custom Settings: You can tailor the scan with specific options, such as targeting specific file extensions or directories.
- Execute: Qualys Antimalware executes the scan based on your defined custom settings.
Example:
Options
custom path="path1" path="path2"
This allows you to define and scan specific directories or file paths with custom settings, enabling more targeted and efficient scanning.
Here's what's involved:
| Option | Description |
| custom | This indicates that you are defining custom settings or paths for the scan. |
| path="path1" | This specifies the first directory or file path you want to scan. Replace "path1" with the actual path you want to include in the scan. |
| path="path2" | This specifies a second directory or file path you want to scan. Similarly, replace "path2" with the actual path you want to include in the scan. |
How it works:
- Define Paths: Using the custom settings with multiple path parameters, you can list several directories or file paths Qualys Antimalware should focus on during the scan. This adaptability allows you to tailor the scan to your specific needs.
- Scan Specific Locations: Qualys Antimalware will only scan the paths you specify, not the entire system. This allows for targeted scanning of areas where you suspect a problem or want to ensure files are clean.
- Custom Scan: This custom path setting is not just an alternative; it's a more efficient way of scanning. Instead of relying on default or automatic scanning settings, you can target specific areas, saving time and resources.
Example:
infectedAction1=ignore|disinfect|disinfectOnly|delete|quarantine
Specify the first action to be taken when an infected file is detected during a scan.
You can choose one of the listed options. Here's what each option means:
| Option | Description |
| ignore | This option tells Qualys Antimalware to take no action when an infected file is found. |
| disinfect | This option aims to clean the infected file by removing the malicious code while preserving the original file if possible. If disinfection isn't possible, Qualys Antimalware may take another specified action, such as quarantine or deletion. |
| disinfectOnly | This option attempts to clean the infected file. If disinfection fails, no further action will be taken, and the file will remain in its original location, even if still infected. |
| delete | This option tells Qualys Antimalware to permanently delete infected files that cannot be disinfected or are too risky to keep. |
| quarantine | This option isolates infected files securely, allowing for review and potential restoration or deletion. |
You can use this action together with infectedAction2.
Default value: disinfect
Example:
infectedAction2=ignore|disinfect|disinfectOnly|delete|quarantine
Specify the secondary action to be taken when an infected file is detected during a scan, typically when the primary action (defined by infectedAction1) fails or is not applicable.
You can choose one of the listed options. Here's what each option means:
| Option | Description |
| ignore | No action will be taken if the secondary action is executed, regardless of whether the file is infected. |
| disinfect | This option attempts to remove the malicious code from the infected file while preserving the original file. If the primary action fails, this secondary action will try to disinfect the file. |
| disinfectOnly | This option also attempts to clean the infected file. If the disinfection fails, no further action will be taken. The file will remain in its original location despite being infected, preventing it from being deleted without explicit permission. |
| delete | If the primary action fails, this option instructs Qualys Antimalware to delete the infected file permanently. This provides a high level of security by obliterating threats. |
| quarantine | This option moves infected files to a secure, isolated location where they can't harm the endpoint if the primary action fails. Quarantined files can be reviewed, restored if they are false positives, or deleted if they are confirmed threats. |
Default value: quarantine
Example:
suspiciousAction1=ignore|delete|quarantine
When a suspicious file is detected, choose the first action to take. This action can be used in conjunction with suspiciousAction2.
You can choose one of the listed options. Here's what each option means:
| Option | Description |
| ignore | Suspicious activity or files will be detected, but no action will be taken. The event will be logged, but the file or activity will remain unchanged. |
| delete | If any suspicious activity or files are detected, they will be immediately removed from the system to prevent further damage. |
| quarantine | If any suspicious activity or files are detected, they will be moved to a secure, isolated area. This way, they will not cause any harm, and you can review them later to decide whether to delete or restore them. |
Default value: ignore
Example:
suspiciousAction2=ignore|delete|quarantine
This setting is similar to suspiciousAction1, which dictates how the endpoint should handle when suspicious files are detected. This action applies when the first fails.
You can choose one of the listed options. Here's what each option means:
| Option | Description |
| ignore | Qualys Antimalware will log suspicious activity or files but not act on them. No changes are made to the file or activity on the system. |
| delete | Qualys Antimalware will remove suspicious activity or files. |
| quarantine | Qualys Antimalware will move a suspicious activity or file to a secure, isolated area where it cannot cause harm, allowing for later review and decision-making. |
Default value: ignore
Example:
scanBootSectors=true|false
Scan the boot sectors of your hard disk for malware and viruses.
You can choose one of the listed options. Here's what each option means:
| Option | Description |
| true | If set to true, Qualys Antimalware will scan the boot sector, which contains the code to start (or "boot") a computer. This scan helps detect and remove malware and viruses that could interfere with the system's startup. |
| false | If set to false, Qualys Antimalware will not scan the boot sector. Consequently, it will skip scanning this area during its scans and focus on other areas instead. |
Default value: false
Example:
scanRegistry=true|false
Scan the registry keys on your endpoint for malware or viruses.
You can choose one of the listed options. Here's what each option means:
| Option | Description |
| true | If set to true, Qualys Antimalware will scan the registry keys. A registry stores configuration settings and options for the operating system and installed applications. By scanning the registry, malicious entries affecting the endpoint can be detected and removed. |
| false | If set to false, Qualys Antimalware will not scan the registry keys. As a result, it will skip checking this area during its scans and focus on other areas. |
Default value: false
scanMemory=true|false
Scan the programs running in your system’s memory for malware and viruses.
You can choose one of the listed options. Here's what each option means:
| Option | Description |
| true | If set to true, Qualys Antimalware will scan the system's memory. Scanning memory helps detect and remove malware or viruses currently running or hidden in the system's active memory. Although these threats might not be stored on the hard drive, they can still affect the system's performance and security. |
| false | If set to false, Qualys Antimalware will not scan the system's registry. As a result, it will skip checking this area during its scans and focus on other areas. |
Default value: false
smartScan=true|false
Scan only new and changed files to maximize efficiency and effectiveness.
You can choose one of the listed options. Here's what each option means:
| Option | Description |
| true |
If set to true, Qualys Antimalware will utilize smart scanning. Smart scanning entails prioritizing scanning the most probable locations where malware or viruses tend to hide. Qualys Antimalware can swiftly and efficiently identify threats without scanning every file using heuristics, behavioral analysis, and other advanced techniques. This speeds up the scanning process and reduces the impact on system performance. |
| false | If set to false, Qualys Antimalware will not use smart scanning. Instead, it will conduct a complete or more comprehensive scan of all files and locations on the endpoint. While this approach may be more thorough, it may take longer and use more system resources. |
Default value: true
scanPUA=true|false
Scan for Potentially Unwanted Applications (PUA).
You can choose one of the listed options. Here's what each option means:
| Option | Description |
| true | If set to true, Qualys Antimalware will scan for Potentially Unwanted Applications (PUAs). These are not necessarily malicious, but they can still cause significant problems, such as displaying unwanted ads or changing browser settings. |
| false | If set to false, Qualys Antimalware will not scan for Potentially Unwanted Applications. When scanning, it will skip checking for these types of programs and instead focus on more clearly malicious threats. |
Default value: false
scanArchives=true|false
Scan for infected files inside archives (like ZIP, RAR, or other archive formats) for malware or viruses.
You can choose one of the listed options. Here's what each option means:
| Option | Description |
| true | If set to true, Qualys Antimalware will scan inside archive files. Compressed files will be opened and examined to detect hidden malware or viruses. This is crucial, as malicious files could be concealed in archives to evade detection. |
| false | If set to false, Qualys Antimalware will not scan inside archive files and skip checking the contents of archived files during its scans. This may speed up the scan process, but there is a significant risk of missing threats hidden inside them. |
Default value: true
extensionType=all|application|custom|none
Scan files depending on their extension for malware and viruses.
You can choose one of the listed options. Here's what each option means:
| Option | Description |
| all | If 'all' is selected, Qualys Antimalware will scan all file types, regardless of extension, ensuring comprehensive coverage. |
| application | If 'application' is selected, Qualys Antimalware will scan application-related files, such as .exe, .dll, and .sys files, since executable files are susceptible to malicious use. |
| custom | If 'custom' is selected, Qualys Antimalware will scan only the file extensions defined by the user or administrator. As a result, scanning can be tailored based on the type of files considered most important or at risk. |
| none | If 'none' is selected, Qualys Antimalware will not scan files based on extensions. The files may not be scanned based on extension, or another criteria may be used. |
Default value: all
customExt="<string>"
This option lets you define which file extensions Qualys Antimalware should scan by listing them in the string.
Here’s what it means:
| Option | Description |
| customExt | Qualys Antimalware includes specific file extensions based on this setting in its scans. |
| <string> | This placeholder contains a list of file extensions separated by commas. For example, if you want Qualys Antimalware to scan files with the extensions .docx, .xlsx, and .pptx, you would set it to customExt=".docx,.xlsx,.pptx." |
How it works
- If you set customExt to a specific list of extensions, Qualys Antimalware will scan only files with those extensions. You can tailor the scan to include only the critical or risky files.
- Without this setting, Qualys Antimalware may use its default scanning settings or the extensionType setting.
Example:
