- Vulscan Switches for Windows Agents
- Vulscan Switches for Windows Agents
Vulscan Switches for Windows Agents
This document describes the various switches that can be used on the command line to manipulate the vulscan behavior. It is recommended to use the different available settings (Distribution and Patch Settings, Reboot Settings, etc) to control the Vulscan behavior otherwise unintended consequences may result.
Vulscan switches to control scan types
| Number | Type | Description | Example |
|---|---|---|---|
| 0 | Vulnerabilities | This category is for security-related releases by 3rd-party vendors such as Microsoft, For a detailed list of available content click here |  |
| 1 | Anti-Spyware | Definitions and engine updates for the Anti-spyware component within Security and Patch Manager (This differs from the Anti-virus component and is based on the Lavasoft engine and targets spyware and adware) |  |
| 2 | Security Threats | This differs from the Vulnerabilities category in that this is not to address vulnerabilities in vendor code, but simply facilitates configuration changes to tighten down security. |  |
| 3 | Ivanti Updates | Ivanti Patches and Service Updates (not including Ivanti Antivirus which is in category 8) |  |
| 4 | Custom Definitions | Custom-user made definitions, including custom definitions that have been imported. This will also include other definitions that have been cloned. |  |
| 5 | Blocked Apps | Includes both pre-configured content downloaded from Ivanti Content servers, and any custom blocked application content that has been created. Some of the Summary information in the blocked applications definitions are provided from http://www.sysinfo.org (Blocked application legal disclaimer) Click graphic for an example of these definitions: |  |
| 6 | Software Updates | Non-Security related updates for Intel, Ivanti, and Lenovo. (Click graphic for an example) |  |
| 7 | Drivers | This category includes Dell, HII, HP Client, and Lenovo definitions if they have been downloaded as part of the download updates process. |  |
| 8 | Antivirus | Downloads Ivanti Antivirus definitions, and if selected also downloads updates pattern files for both Ivanti Antivirus and 3rd party antivirus products |  |
Example: "Vulscan /scan=0 /showui" will scan the type "Vulnerabilities" while showing the Ivanti Vulscan UI.
General Switches
| General | Description |
|---|---|
| /AgentBehavior=AgentBehaviorID | Points to the Distribution and Patch behavior to be used during scan and repair |
| /ShowUI | Shows the vulscan user interface during the scanning and/or repair operation (Note: you can press Alt-L while this window is active to show the current vulscan log) |
| /AllowUserCancelScan | Allow the user to cancel the scan or repair operation |
| /AutoCloseTimeout=Seconds | Changes the default amount of time the Vulscan UI stays open after the scan/repair operation is complete. (Default is 60 seconds) |
| /Group=GroupID | Specify the Custom group that should be scanned against. The custom Group ID can be found right clicking the group and looking at the Unique ID: section. |
| /Autofix=True or False |
Reboot related operations
| Repair | Description |
|---|---|
| /ob:RebootBehavior=<BehaviorIDName_vXXX> | References the Reboot Behavior to be used during the repair job. |
| /rebootwithui | Allows the vulscan GUI to appear during a reboot operation. Should be used in conjunction with /ob:rebootbehavior |
| /rebootifneeded | Checks whether a reboot is required or not, if /showui switch is used this can be viewed |
VBScript related options
| VB Testing | Description |
|---|---|
| /scriptrepair=filename | VBScript file to be used during testing of a repair operation |
| /scriptdetect=filename | VBScript file to be used during testing of a detection operation |
| /customVarfile=filename | If the VBScript calls variables, they should be defined in this file |
Disable certain behaviors
| Disable | Description |
|---|---|
| /NoElevate | Do not elevate permissions during scanning or repair |
| /NoSleep | |
| /NoSync | |
| /NoUpdate | Do not update other files that vulscan typically updates during a scan operation. More information about the files that vulscan will automatically update |
| /NoSelfUpdate | Do not update vulscan.dll and vulscan.exe if the files are newer on the core. |
| /NoRepair |
Manipulate Data Files
| Data Files | Result | Example |
|---|---|---|
| /O=Filename (including full path)s | Send vulscan output to a file as specified in the command line rather than back to the server in the form of a SOAP response. (Click graphic for an example) |  |
| /Log=Filename (including full path) | Sends the vulscan log files to a different location than the default as specified. | |
| /Reset | Removes the client side settings and files (leaves log files intact if you want to delete the log files as well you can simply delete the ProgramData\Vulscan directory) | |
| /Clear or /ClearScanStatus | Will clear the scan and repair status for the client on the core server (blanks out the history) |
Ivanti Endpoint Security Related Commands
| Ivanti Endpoint Security related commands | Description |
|---|---|
| vulscan /installeps | Installs Ivanti Endpoint Security (use /showui to show progress) |
| vulscan /removeeps | Removes Ivanti Endpoint Security (use /showui to show progress) |
| vulscan /changesettings | Run this command to refresh any changes that have been made to the settings |
Ivanti Antivirus related commands
| Ivanti Antivirus related commands | Description |
|---|---|
| vulscan /removeoldav | Removes 3rd party antivirus solutions (Provided they are not password protected) |
| vulscan /removeav | Removes an already installed instance of Ivanti Antivirus |
| vulscan /installav | Install Ivanti Antivirus |
| vulscan av | Opens the Ivanti Antivirus logs directory (Typically C:\ProgramData\LANDESKAV |
Shortcuts to open folders or logs:
| Vulscan configuration settings directory | Open logs folder | Open LDClient directory | Open Ivanti Antivirus logs folder |
|---|---|---|---|
| vulscan e - Opens the Vulscan Directory | vulscan l - Opens the current vulscan log (Or press "Alt-L" while the vulscan UI is showing) vulscan log (vulscan space log) opens the LANDESK logs directory | vulscan c | vulscan av |
Vulscan switches used for content replication
| Switch | Description |
|---|---|
| /replicate | Triggers vulscan to do a content replication |
| /changesettings with /replicationbehavior=default | Tells vulscan which vulscan behavior to use. Default means to compute the behavior guid based on the computer idn. For example, if my computer idn is 1234, then I will try to download a behavior called “ReplicationBehavior_Replicator_1234.xml”. Vulscan will now consider itself a “replicator” and will try to update its copy of a replicationBehavior any time it runs, creating any local scheduler jobs as necessary. |
| /changesettings with /replicationbehavior=-2 | Will disable vulscan as a replicator, removing any local scheduler tasks regarding replication and causing vulscan to no longer attempt to get the latest replication behavior file. |
| /settingsIndex=NNN | You’ll see this commandline used by the local scheduler when it launches vulscan. This tells vulscan which group of settings to use to control its behavior as specified in the console’s UI. For each scheduled replication event that you specify, there will be a new “settingsIndex”. |
| /duration=NNN | The maximum duration that vulscan should do replication, in minutes. This will appear in the replication behavior file and not typically on the command line, but in the file, you’ll see something like “Duration_0”, or “Duration_1”, etc. The value after the underscore is the settings index number. When vulscan applies settings found in the behavior file and it sees that its settings Index value has been set, then it looks for any variables in the behavior file that ends with an underscore and that number (such as “Duration_0”). It strips off the underscore and number and sets the value internally. Therefore, anything you see in the behavior file that ends in the underscore can be passed on the commandline (and therefore take precedence over the behavior file settings). Many of the _NNN settings that are in the behavior file are regarding the local scheduler task that should be created. So vulscan only interprets those values when creating the local scheduled task that will later launch itself to do replication. |