The Scanner and Console Scanner Switches

/AA – apply actions to detected threats automatically. (Only for Scanner).

/AR – check archives. Option is enabled by default.

/AC – check installation packages. Option is enabled by default.

/AFS – use forward slash to separate paths in archive. Option is disabled by default.

/ARC:<ratio> – maximum archive object compression. If the compression rate of the archive exceed the limit, scanner neither unpacks, not scans the archive (unlimited).

/ARL:<level> – maximum archive level (unlimited).

/ARS:<size> – maximum archive size. If the archive size exceed the limit, scanner neither unpacks, nor scans the archive (unlimited, KB).

/ART:<size> – minimum size of file inside archive beginning from which compression ratio check will be performed (unlimited, KB).

/ARX:<size> – maximum size of objects in archives that should be checked (unlimited, KB).

/BI – show information on Dr.Web virus databases. Option is enabled by default.

/DR – scan folders recursively (i.e., scan subfolders). Option is enabled by default.

/E:<engines> – perform scanning in specified number of threads.

/FASTperform an express scan of the system. (For Scanner only.)

/FL:<path> – scan files listed in the specified file.

/FM:<masks> – scan files matching the specified masks. By default all files are scanned.

/FR:<regexpr> – scan files matching the specified regular expression. By default all files are scanned.

/FULLperform a full scan of all hard drives and removable data carriers (including boot sectors). (For Scanner only.)

/FX:<masks> exclude from scanning files that match the mask. (For Console Scanner only.)

/H or /? – show brief help. (For Console Scanner only.)

/HA – use heuristic analysis to detect unknown threats. Option is enabled by default.

/KEY:<keyfile> – specify a license key. It is necessary to use this parameter if your key file is stored outside of the Dr.Web installation folder where the scanner executables reside (by default, the drweb32.key or another suitable file from the С:\Program Files\DrWeb\ folder is used).

/LITEperform a basic scan of random access memory, boot sectors of all disks and startup objects. Scanner also runs a check on rootkits. (For Scanner only.)

/LN – resolve shell links. Option is disabled by default.

/LS – use LocalSystem account rights. Option is disabled by default.

/MA – check e-mail. Option is enabled by default.

/MC:<limit> – set maximum number of cure attempts to 'limit' (unlimited by default).

/NB – do not backup cured or deleted files. Option is disabled by default.

/NI[:X] – limits usage of system resources at scanning and priority of the scanning process (unlimited, %).

/NOREBOOT – cancel system reboot or shut down after scanning. (For Scanner only.)

/NT – check NTFS streams. Option is enabled by default.

/OK – display the full list of scanned objects showing OK for clean files. Option is disabled by default.

/P:<prio> – priority of the current scanning task:

0 – the lowest,

– low,

– general. Priority by default,

– high,

– maximal.

/PAL:<level> – maximum pack level. Value is 1000 by default.

/RA:<file.log> – append the specified file with the current scanning report. By default, report is not generated.

/RP:<file.log> –  rewrite the specified file with the current scanning report. By default, report is not generated.

/RPC:<secs> – Dr.Web Scanning Engine connection timeout. Timeout is 30 seconds by default. (For Console Scanner only.)

/RPCD – use dynamic RPC identification. (For Console Scanner only.)

/RPCE – use dynamic RPC endpoint. (For Console Scanner only.)

/RPCE:<name> – use specified RPC endpoint. (For Console Scanner only.)

/RPCH:<name> – use specified host name for remote call. (For Console Scanner only.)

/RPCP:<name> – use specified RPC protocol. Possible protocols: lpc, np, tcp. (For Console Scanner only.)

/QL – list quarantined files on all disks. (For Console Scanner only.)

/QL:<logical_drive_name> – list quarantined files on the specified drive (letter). (For Console Scanner only.)

/QR[:[d][:p]] – delete quarantined files on drive <d> (letter) that are older than <p> days (number)If <d> is not specified, then files are deleted on all drives; if <d> is not specified, then all quarantined files are deleted regarding of their age (0 days). (For Console Scanner only.)

/QNA – double quote file names.

/QUIT – terminate Dr.Web Scanner once scanning completes whenever or not the detected threats are neutralized. (For Scanner only.)

/REP – follow symbolic links while scanning. Option is disabled by default.

/SCC – show content of complex objects (archives, e-mail attachments, file containers). Option is disabled by default.

/SCN – show name of installation package. Option is disabled by default.

/SILENTMODE – perform a background scan. On threat detection, the Dr.Web Scanner window opens and dislays the list of detected threats. Otherwise, the window does not display. (For Scanner only.)

/SPN – show names of packers. Option is disabled by default.

/SLS – show log on the screen. Option is enabled by default. (For Console Scanner only.)

/SPS – display scan progress on the screen. Option is enabled by default. (For Console Scanner only.)

/SST – display object scan time. Option is disabled by default.

/TB – check boot sectors including master boot record (MBR) of the hard drive.

/TM – check processes in memory including Windows system control area.

/TS – check autorun objects including object in the Autorun folder, system ini files, and Windows registry.

/TR – check system restore points.

/W:<sec> – maximum time to scan (unlimited, sec).

/WCL – drwebwcl compatible output. (For Console Scanner only.)

/X:S[:R] – set power state shutDown/Reboot/Suspend/Hibernate with reason 'R' (for shutdown/reboot).

Action for different objects (C  - cure, Q - move to quarantine, D - delete, I  - ignore, R  - inform. R is available for Console Scanner only. R is set by default for all objects in Console Scanner):

/AAD:X – action for adware (R, possible DQIR).

/AAR:X – action for infected archives (R, possible DQIR).

/ACN:X – action for infected installation packages (R, possible DQIR).

/ADL:X – action for dialers (R, possible DQIR).

/AHT:X – action for hacktools (R, possible DQIR).

/AIC:X – action for incurable files (R, possible DQR).

/AIN:X – action for infected files (R, possible CDQR).

/AJK:X – action for jokes (R, possible DQIR).

/AML:X – action for infected e-mail files (R, possible QIR).

/ARW:X – action for riskware (R, possible DQIR).

/ASU:X – action for suspicious files (R, possible DQIR).

 

Several parameters can have modifiers that clearly enable or disable options specified by these keys. For example:

/AC-     option is clearly disabled,
/AC,  /AC+    option is clearly enabled.

These modifiers can be useful if option was enabled or disabled by default or was set in configuration file earlier. Keys with modifiers are listed below:

/AR,  /AC,  /AFS,  /BI,  /DR,  /HA,  /LN,  /LS,  /MA,  /NB,  /NT,  /OK,  /QNA,  /REP,  /SCC,  /SCN,  /SPN,  /SLS,  /SPS,  /SST,  /TB,  /TM,  /TS,  /TR,  /WCL.

For /FL parameter "-" modifier directs to scan paths listed in specified file and then delete this file.

For /ARC,  /ARL,  /ARS,  /ART,  /ARX,  /NI[:X],  /PAL,  /RPC and /W parameters "0" value means that there is no limit.

Example of using command line parameters with Console Scanner:

[<path_to_file>]dwscancl /AR- /AIN:C /AIC:Q C:\

scan all files on disk C:, excluding those in archives; cure the infected files and move to quarantine those that cannot be cured. To run Scanner the same way, type the dwscanner command name instead of dwscancl.