Using the command line interface
Bitdefender Endpoint Security Tools allows you to automatically run local on-demand scanning tasks and updates by using the Product Console, a command line interface found in the product installation folder on your Windows endpoints.
The BEST command line interface has two working modes:
Multiple commands at once. This mode uses its own command line interface. It allows you to enter commands and receive results until you exit.
To access this mode:
Go to
c:\Program Files\Bitdefender\Endpoint Security
or to the folder where BEST was installed.Find and double-click the
product.console
executable. The command line interface opens.Execute the desired command.
Example:
GetVersion antivirus
The returned result represents the version number of the antimalware signatures.
Execute
exit
to close the command line interface.
One command at a time. This mode uses the Command Prompt and returns to the system prompt after the command is executed.
To access this mode:
Open Command Prompt (
cmd.exe
).Use the
cd
command to navigate to the installation folder of BEST.Execute the desired command.
Example:
C:\Program Files\Bitdefender\Endpoint Security > product.console.exe /c StartUpdate
If the command is successfully executed the returned result is
error 0
.
Supported commands
The command line interface supports various commands, some of them requiring parameters to return valid results.
All examples in this section are given using the Product Console from the installation folder of BEST.
Note
Product Console commands are not case-sensitive.
GetUpdateStatus product|antivirus
Retrieve information about the latest updates.
This command requires one of the following parameters:
product
– refers to the BEST version.antivirus
– refers to the version of the antimalware signatures.
Example:
GetVersion product|antivirus
Retrieve information about the product's current version.
This command requires one of these parameters:
product
– refers to the BEST version.antivirus
– refers to the version of the antimalware signatures.
Example:
IsUpdateInProgress
Verify if a product update is in progress.
Output values:
true
- a product update is in progress.false
- no product update is in progress.
Example:
IsUpdateRestartNeeded
Verify whether an endpoint requires a system restart after the update.
Output values:
true
- the endpoint requires a system restart after the update.false
- the endpoint does not require a system restart after the update.
Example:
StartUpdate
Start an update and retrieve the result without waiting for the task to finish.
Example:
StartUpdate
Output format: error 0
(the command has been executed successfully).
StartUpdate -force
Override the product update settings and start a forced update process. The command returns an error code.
Note
This command requires administrator privileges.
FileScan.OnDemand.RunScanTask custom [option]
Starts an on-demand scan and displays the path to the scan log and the summary of the scan.
This command requires the parameter custom
, followed, if needed, by one or more options. For example:
With options, you can customize a scanning task. These options are not mandatory.
Each option has two or more available values, but you can use only one value.
When the FileScan.OnDemand.RunScanTask
command does not specify any option, the custom scan takes into account the default value of that option.
For example, if you run this command without mentioning the scanKeyloggers
option, that means BEST still scans for keyloggers, according to the scanKeyloggers
default value (true
).
Note
There are no specific commands for Quick scan or Full scan. However, you can configure FileScan.OnDemand.RunScanTask
to scan either only the OS location or the entire system, with all options enabled, as needed.
Options
These options are an alternative to the options available in the BEST console. For more information, refer to Configuring and Running a Custom Scan.
path="<path>"
Enter the path of the scan target location. For multiple paths, use: path="<path1>" path="<path2>"
.
Example:
FileScan.OnDemand.RunScanTask custom path="C:\Program Files"
infectedAction1=ignore|disinfect|disinfectOnly|delete|quarantine
Select the first action to take when an infected file is detected: ignore, disinfect, delete or move it to quarantine. You can use this action together with infectedAction2
.
Default value: disinfect
Example:
infectedAction2=ignore|disinfect|disinfectOnly|delete|quarantine
Select the second action to take when an infected file is detected. This action applies when the first one fails.
Default value: quarantine
Example:
suspiciousAction1=ignore|delete|quarantine
Select the first action to take when a suspicious file is detected. You can use this action together with suspiciousAction2
.
Default value: ignore
Example:
suspiciousAction2=ignore|delete|quarantine
Select the second action to take when a suspicious file is detected. This action applies when the first one fails.
Default value: ignore
Example:
scanBootSectors=true|false
Scan the boot sectors of your hard disk.
Default value: false
Example:
scanRegistry=true|false
Scan the registry keys on your endpoint.
Default value: false
Example:
scanMemory=true|false
Scan the programs running in your system’s memory.
Default value: false
Example:
smartScan=true|false
Scan only new and changed files.
Default value: true
Example:
scanRootKits=true|false
Scan for rootkits, and hidden objects that use them.
Default value: false
Example:
scanKeyloggers=true|false
Scan for keylogger software.
Default value: true
Example:
scanPUA=true|false
Scan for Potentially Unwanted Applications (PUA).
Default value: false
Example:
scanArchives=true|false
Scan for infected files inside archives.
Default value: true
Example:
extensionType=all|application|custom|none
Scan files depending on their extension: all files, only executable files, only files with the extensions you want, or do not scan any files.
Default value: all
Example:
customExt="<string>"
This option helps you scan only the files with the extensions you want. It requires a string that lists the desired extensions, separated by vertical bars. For example, "|exe|ini|txt|"
. This option is valid only together with the option extensionType=custom
.
Example:
lowPriority=true|false
Run the task with low priority.
Default value: false
Example:
Command line error codes
The command line utility may return the following error codes:
Error code | Description |
---|---|
0 | Command executed successfully |
87 | Invalid parameter |
160 | Bad arguments |
1552 | This error occurs when a |
1627 | Function failed – an error occurred while executing the command. |
1639 | Invalid command - this Power User CLI error occurs when a feature is incorrectly written or not installed on the endpoint. |