ESET Command Line Scanner Parameters (ecls.exe) (5.x and later)

Issue

  • Launch the antivirus module in ESET Windows home and business products via the command line.

Solution

The ESET Security On-demand scanner can be initiated from both the graphical user interface and command line. Command line scanning is useful if your computer is currently operational only in Safe Mode or if you are a network administrator and want to initiate scanning from an external application.

Location of ECLS scanner

The scanner (filename: ecls.exe) is located in the C:ProgramFilesESETESET Smart Security, C:ProgramFilesESETESET NOD32 Antivirus directory, or C:Program FilesESETESET Endpoint directory.

To use the scanner, open a Command Prompt, reference the full directory path to the scanner followed by the list of object(s) to scan. Additional parameters (see Scanner options) can be appended to the command line to further modify your scan.

Command line examples

I. The example below commands your ESET Smart Security product to run a scan with automatic scan settings, show the status bar of the scan while running and create a scan log file:

"c:\Program Files\ESET\ESET Smart Security\ecls.exe" /base-dir="c:\Program Files\ESET\ESET Smart Security\Modules" /auto /log-file=c:\ecls.txt /aind

NOTE:

When performing an On-demand computer scan,  you may see multiple blue “error” notifications in the Scan log. Visit the following ESET Knowledgebase article for more information: Blue "error opening" notifications in On-demand Scanner Log

II. In the example below you create a batch file that commands ESET Endpoint (version 5) product to shutdown when a scan finishes:

@echo off
“c:\Program Files\ESET\ESET Endpoint Antivirus\ecls.exe” /base-dir=”c:\Program Files\ESET\ESET Endpoint Antivirus\Modules” /auto /aind /quarantine /memory /log-file=c:\ESET_scanlog.txt
shutdown /f /s /t 00

Click https://help.eset.com/essp/latest/en-US/advanced_cmd.html for more information on ESET Command Line Scanner.

Command line parameters

Basic options Description
/base-dir=FOLDER load modules from FOLDER
/quar-dir=FOLDER quarantine FOLDER
/exclude=MASK exclude files matching MASK from scanning
/subdir scan subfolders (default)
/no-subdir do not scan subfolders
/max-subdir-level=LEVEL maximum sub-level of folders within folders to scan
/symlink follow symbolic links (default)
/no-symlink skip symbolic links
/ads scan Alternate Data Streams (ADS) (default)
/no-ads do not scan ADS
/log-file=FILE log output to FILE
/log-rewrite overwrite output file (default - append)
/log-console log output to console (default)
/no-log-console do not log output to console
/log-all also log clean files
/no-log-all do not log clean files (default)
/aind show activity indicator
/auto scan and automatically clean all local disks
Scanner options Description
/files scan files (default)
/no-files do not scan files
/memory scan memory
/boots scan boot sectors
/no-boots do not scan boot sectors (default)
/arch scan archives (default)
/no-arch do not scan archives
/max-obj-size=SIZE only scan files smaller than SIZE megabytes (default 0 = unlimited)
/max-archive-level=LEVEL maximum number of archives within archives (nested archives) to scan
/scan-timeout=LIMIT scan archives for LIMIT seconds at maximum
/max-arch-size=SIZE only scan the files in an archive if they are smaller than SIZE (default 0= unlimited)
/max-sfx-size=SIZE only scan the files in a self-extracting archive if they are smaller than SIZE megabytes (default 0 = unlimited)
/mail scan email files (default0
/no-mail do not scan email files
/mailbox scan mailboxes (default)
/no-mailbox do not scan mailboxes
/sfx scan self-extracting archive files (default)
/no-sfx do not scan self-extracting archive files
/rtp scan runtime packers (default)
/no-rtp do not scan runtime packers
/adware scan for Adware/Spyware/Riskware
/no-adware do not scan for Adware/Spyware/Riskware
/unsafe scan for potentially unsafe applications
/no-unsafe do not scan for potentially unsafe applications (default)
/unwanted scan for potentially unwanted applications
/no-unwanted do not scan for potentially unwanted applications (default)
/suspicious scan for suspicious applications (default)
/no-suspicious do not scan for suspicious applications
/pattern use signatures (default)
/no-pattern do not use signatures
/heur enable heuristics (default)
/no-heur disable heuristics
/adv-heur enable Advanced heuristics (default)
/no-adv-heur disable Advanced heuristics
/ext=EXTENSIONS scan only EXTENSIONS delimited by a colon
/ext-exclude=EXTENSIONS exclude EXENSIONS delimited by a colon from scanning
/clean-mode=MODE

use cleaning MODE for infected objects. The following options are available:

None— No automatic cleaning will occur.

Standard (default)— ECLS.exe will attempt to automatically clean or delete infected files.

Strict— ECLS.exe will attempt to automatically clean or delete infected files without user intervention (you will not be prompted before files are deleted).

Rigorous— ECLS.exe will delete files without attempting to clean regardless of what the file is.

Delete— ECLS.exe will delete files without attempting to clean, but will refrain from deleting sensitive files such as Windows system files.

/quarantine copy infected files to Quarantine (supplements the action carried out during cleaning)
/no-quarantine do not copy infected files to Quarantine
General options Description
/help show help and quit
/version show version information and quit
/preserve-time preserve last access timestamp
Exit codes* Description
0 no threat found
1 threat found and cleaned
10 some files could not be scanned (may be threats)
50 threat found
100 error

*If you receive an error message with an exit code greater than 100, the file was not scanned and thus could be infected.

 

Additional resources