Scanner and Console Scanner Parameters

Top  Previous  Next

/AA—apply actions to detected threats automatically. (For Scanner only.)

/AC—scan installation packages. Option is enabled by default.

/AFS—use forward slash to separate paths in an archive. Option is disabled by default.

/AR—scan archives. Option is enabled by default.

/ARC:<compression_ratio>—maximum compression level. If the compression ratio of the archive exceeds the limit, Scanner neither unpacks nor scans the archive. By default: unlimited.

/ARL:<nesting_level>—maximum archive nesting level. By default: unlimited.

/ARS:<size>—maximum archive size (in KB). By default: unlimited.

/ART:<size>—minimum size of a file inside an archive beginning from which compression ratio check is performed (in KB). By default: unlimited.

/ARX:<size>—maximum size of a file inside an archive that is scanned (in KB). By default: unlimited.

/BI—show information on virus databases.

/CUSTOM—perform a custom scan. If additional parameters are set (for example, objects to be scanned or /TM and /TB parameters), only the specified objects will be scanned. (For Scanner only.)

/CL—use Dr.Web cloud service. Option is enabled by default. (For Console Scanner only.)

/DCT—do not display estimated scan time. (For Console Scanner only.)

/DR—scan folders recursively (scan subfolders).

/E:<number_of_threads>—perform scanning in specified number of threads.

/FAST—perform an express scan of the system. If additional parameters are set (for example, objects to be scanned or /TM and /TB parameters), the specified objects will also be scanned. (For Scanner only.)

/FL:<file_name>—scan paths listed in the specified file.

/FM:<mask>—scan files matching the specified mask. By default, all files are scanned.

/FR:<regexpr>—scan files matching the specified regular expression. By default, all files are scanned.

/FULL—perform a full scan of all hard drives and removable media (including boot sectors). If additional parameters are set (for example, objects to be scanned or /TM and /TB parameters), an express scan will be performed, and the specified objects will be scanned. (For Scanner only.)

/FX:<mask>—exclude from scanning files that match the specified mask. (For Console Scanner only.)

/GO—Scanner operation mode that skips the questions that require answers from a user; decisions that require a selection are made automatically. This mode is useful for the automatic file scanning; for example, for the daily or weekly hard disc scanning. An object for scanning must be indicated in the command line. Along with the /GO parameter, it is also possible to use the following parameters: /LITE, /FAST, /FULL. In this mode, the scanning stops when switching to the battery power.

/H or /?—show brief help. (For Console Scanner only.)

/HA—use heuristic analysis to detect unknown threats. Option is enabled by default.

/KEY:<key_file>—specify a path to the key file. It is necessary to use this parameter if your key file is stored outside of the installation folder where the scanner executables reside. By default, drweb32.key or another suitable file from the С:\Program Files\DrWeb\ folder is used.

/LITE—perform a basic scan of random access memory and boot sectors of all disks as well as run a scan for rootkits. (For Scanner only.)

/LN—resolve shell links. Option is disabled by default.

/LS—scan using LocalSystem account rights. Option is disabled by default.

/MA—scan mail files.

/MC:<number_of_attempts>—set the maximum number of cure attempts. By default: unlimited.

/NB—do not backup cured or deleted files. Option is disabled by default.

/NI[:X]—limits usage of system resources at scanning (%), defines the amount of memory required for scanning and the priority of scanning process. By default: unlimited.

/NOREBOOT—cancel system reboot or shutdown after scanning. (For Scanner only.)

/NT—scan NTFS streams.

/OK—show the full list of scanned objects and mark clean files with Ok. Option is disabled by default.

/P:<priority>—priority of the current scanning task. Can be as follows:

0—the lowest

L—low

N—normal (default priority)

H—high

M—maximal

/PAL:<nesting_level>—maximum nesting level for executable packers. If a nesting level is greater than the specified value, scanning proceeds until this limit is reached. The nesting level is 1,000 by default.

/QL—show the list of files quarantined on all disks. (For Console Scanner only.)

/QL:<logical_drive_letter>—show the list of files quarantined on the specified logical drive. (For Console Scanner only.)

/QNA—double quote paths.

/QR[:[d][:p]]—delete quarantined files on drive <d> (logical_drive_letter) that are older than <p> (number) days. If <d> and <p> are not specified, all quarantined files on all drives are deleted. (For Console Scanner only.)

/QUIT—terminate Scanner once scanning is complete regardless of whether or not any actions have been applied to the detected threats. (For Scanner only.)

/RA:<file_name>—append the report on program operation to the specified file. By default, logging is disabled.

/REP—follow symbolic links while scanning. Option is disabled by default.

/RK—scan for rootkits. Option is disabled by default.

/RP:<file_name>—write the report on program operation to the specified file. By default, logging is disabled.

/RPC:<sec>—Scanning Engine connection timeout. Timeout is 30 seconds by default. (For Console Scanner only.)

/RPCD—use dynamic RPC identification. (For Console Scanner only.)

/RPCE—use dynamic RPC endpoint. (For Console Scanner only.)

/RPCE:<target_address>—use specified RPC endpoint. (For Console Scanner only.)

/RPCH:<host_name>—use specified host name for remote call. (For Console Scanner only.)

/RPCP:<protocol>—use specified RPC protocol. Possible protocols are as follows: lpc, np, tcp. (For Console Scanner only.)

/SCC—show content of complex objects. Option is disabled by default.

/SCN—show installation package name. Option is disabled by default.

/SLS—show logs on the screen. Option is enabled by default. (For Console Scanner only.)

/SPN—show packer name. Option is disabled by default.

/SPS—display scan progress on the screen. Option is enabled by default. (For Console Scanner only.)

/SST—display object scan time. Option is disabled by default.

/ST—start of Scanner in the background mode. If the /GO parameter is not set, the graphical mode is displayed only in case of threat detection. In this mode, the scanning stops when switching to the battery power.

/TB—scan boot sectors including master boot record (MBR) of the hard drive.

/TM—scan processes in memory including Windows system control area.

/TR—scan system restore points.

/W:<sec>—maximum time to scan (sec.). By default: unlimited.

/WCL—drwebwcl compatible output. (For Console Scanner only.)

/X:S[:R]—set one of the following states for the computer to enter once scanning is complete: Shutdown/Reboot/Suspend/Hibernate.

The following actions can be specified for different objects ('C'—cure, 'Q'—move to quarantine, 'D'—delete, 'I'—ignore, 'R'—inform; 'R' is available for Console Scanner only; 'R' is set by default for all objects in Console Scanner):

/AAD:<action>—action for adware (possible: DQIR)

/AAR:<action>—action for infected archives (possible: DQIR)

/ACN:<action>—action for infected installation packages (possible: DQIR)

/ADL:<action>—action for dialers (possible: DQIR)

/AHT:<action>—action for hacktools (possible: DQIR)

/AIC:<action>—action for incurable files (possible: DQR)

/AIN:<action>—action for infected files (possible: CDQR)

/AJK:<action>—action for jokes (possible: DQIR)

/AML:<action>—action for infected mail files (possible: QIR)

/ARW:<action>—action for riskware (possible: DQIR)

/ASU:<action>—action for suspicious files (possible: DQIR)

Several switches can have modifiers that explicitly enable or disable options specified by these switches. For example, as follows:

/AC-

option is clearly disabled

/AC, /AC+

option is clearly enabled

These modifiers can be useful if the option was enabled or disabled by default or was set in the configuration file earlier. The following switches can have modifiers:

/AC,   /AFS,   /AR,   /BI,   /DR,   /HA,   /LN,   /LS,   /MA,   /NB,   /NT,   /OK,   /QNA,   /REP,   /SCC,   /SCN,   /SLS,   /SPN,   /SPS,   /SST,   /TB,   /TM,   /TR,   /WCL.

For /FL parameter '-' modifier directs to scan the paths listed in the specified file and then delete this file.

For /ARC,   /ARL,   /ARS,   /ART,   /ARX,   /NI[:X],   /PAL,   /RPC,   /W parameters the '0' value means that there is no limit.

The following example shows how to use command-line switches with Console Scanner:

[<path_to_program>]dwscancl /AR- /AIN:C /AIC:Q C:\

scan all files on disk 'C:', excluding those in archives; cure the infected files and move to quarantine those that cannot be cured. To run Scanner the same way, enter the dwscancl command name instead of dwscanner.