Skip to main content

Using the command line interface

Bitdefender Endpoint Security Tools allows you to automatically run local on-demand scanning tasks and updates by using the Product Console, a command line interface found in the product installation folder on your Windows endpoints.

The BEST command line interface has two working modes:

  • Multiple commands at once. This mode uses its own command line interface. It allows you to enter commands and receive results until you exit.

    To access this mode:

    1. Go to c:\Program Files\Bitdefender\Endpoint Security or to the folder where BEST was installed.

    2. Find and double-click the product.console executable. The command line interface opens.

    3. Execute the desired command.

      Example:

      GetVersion antivirus

      The returned result represents the version number of the antimalware signatures.

    4. Execute exit to close the command line interface.

      product-console-interactive.png
  • One command at a time. This mode uses the Command Prompt and returns to the system prompt after the command is executed.

    To access this mode:

    1. Open Command Prompt (cmd.exe).

    2. Use the cd command to navigate to the installation folder of BEST.

    3. Execute the desired command.

      Example:

      • C:\Program Files\Bitdefender\Endpoint Security > product.console.exe /c StartUpdate
    4. If the command is successfully executed the returned result is error 0.

      product-console-cmd.png

Supported commands

The command line interface supports various commands, some of them requiring parameters to return valid results.

All examples in this section are given using the Product Console from the installation folder of BEST.

Note

Product Console commands are not case-sensitive.

GetUpdateStatus product|antivirus

Retrieve information about the latest updates.

This command requires one of the following parameters:

  • product – refers to the BEST version.

  • antivirus – refers to the version of the antimalware signatures.

Example:

getupdatestatus_product_antivirus.png

GetVersion product|antivirus

Retrieve information about the product's current version.

This command requires one of these parameters:

  • product – refers to the BEST version.

  • antivirus – refers to the version of the antimalware signatures.

Example:

getversion_product_antivirus.png

IsUpdateInProgress

Verify if a product update is in progress.

Output values:

  • true - a product update is in progress.

  • false - no product update is in progress.

Example:

update_in_progress.png

IsUpdateRestartNeeded

Verify whether an endpoint requires a system restart after the update.

Output values:

  • true - the endpoint requires a system restart after the update.

  • false - the endpoint does not require a system restart after the update.

Example:

restart_needed.png

StartUpdate

Start an update and retrieve the result without waiting for the task to finish.

Example:

StartUpdate

Output format: error 0 (the command has been executed successfully).

start_update.png

StartUpdate -force

Override the product update settings and start a forced update process. The command returns an error code.

Note

This command requires administrator privileges.

FileScan.OnDemand.RunScanTask custom [option]

Starts an on-demand scan and displays the path to the scan log and the summary of the scan.

This command requires the parameter custom, followed, if needed, by one or more options. For example:

scan_task_custom.png

With options, you can customize a scanning task. These options are not mandatory.

Each option has two or more available values, but you can use only one value.

When the FileScan.OnDemand.RunScanTask command does not specify any option, the custom scan takes into account the default value of that option.

For example, if you run this command without mentioning the scanKeyloggers option, that means BEST still scans for keyloggers, according to the scanKeyloggers default value (true).

Note

There are no specific commands for Quick scan or Full scan. However, you can configure FileScan.OnDemand.RunScanTask to scan either only the OS location or the entire system, with all options enabled, as needed.

Options

These options are an alternative to the options available in the BEST console. For more information, refer to Configuring and Running a Custom Scan.

path="<path>"

Enter the path of the scan target location. For multiple paths, use: path="<path1>" path="<path2>".

Example:

FileScan.OnDemand.RunScanTask custom path="C:\Program Files"
scan_path.png

infectedAction1=ignore|disinfect|disinfectOnly|delete|quarantine

Select the first action to take when an infected file is detected: ignore, disinfect, delete or move it to quarantine. You can use this action together with infectedAction2.

Default value: disinfect

Example:

infected_action1_ignore.png

infectedAction2=ignore|disinfect|disinfectOnly|delete|quarantine

Select the second action to take when an infected file is detected. This action applies when the first one fails.

Default value: quarantine

Example:

infected_action2_quarantine.png

suspiciousAction1=ignore|delete|quarantine

Select the first action to take when a suspicious file is detected. You can use this action together with suspiciousAction2.

Default value: ignore

Example:

suspicious_action1_quarantine.png

suspiciousAction2=ignore|delete|quarantine

Select the second action to take when a suspicious file is detected. This action applies when the first one fails.

Default value: ignore

Example:

suspicious_action2_delete.png

scanBootSectors=true|false

Scan the boot sectors of your hard disk.

Default value: false

Example:

scan_bootsectors.png

scanRegistry=true|false

Scan the registry keys on your endpoint.

Default value: false

Example:

scan_registry.png

scanMemory=true|false

Scan the programs running in your system’s memory.

Default value: false

Example:

scan_memory.png

smartScan=true|false

Scan only new and changed files.

Default value: true

Example:

scan_smart.png

scanRootKits=true|false

Scan for rootkits, and hidden objects that use them.

Default value: false

Example:

scan_rootkits.png

scanKeyloggers=true|false

Scan for keylogger software.

Default value: true

Example:

scan_keyloggers.png

scanPUA=true|false

Scan for Potentially Unwanted Applications (PUA).

Default value: false

Example:

scan_pua.png

scanArchives=true|false

Scan for infected files inside archives.

Default value: true

Example:

scan_archives.png

extensionType=all|application|custom|none

Scan files depending on their extension: all files, only executable files, only files with the extensions you want, or do not scan any files.

Default value: all

Example:

extension_type.png

customExt="<string>"

This option helps you scan only the files with the extensions you want. It requires a string that lists the desired extensions, separated by vertical bars. For example, "|exe|ini|txt|". This option is valid only together with the option extensionType=custom.

Example:

custom_ext.png

lowPriority=true|false

Run the task with low priority.

Default value: false

Example:

low_priority.png

Command line error codes

The command line utility may return the following error codes:

Error code

Description

0

Command executed successfully

87

Invalid parameter

160

Bad arguments

1552

This error occurs when a StartUpdate task is already in progress.

1627

Function failed – an error occurred while executing the command.

1639

Invalid command - this Power User CLI error occurs when a feature is incorrectly written or not installed on the endpoint.