- Vulscan Switches for Windows Agents
- Vulscan switches to control scan types
- General Switches
- Reboot related operations
- VBScript related options
- Disable certain behaviors
- Manipulate Data Files
- LANDESK Endpoint Security Related Commands
- LANDESK Antivirus related commands
- Shortcuts to open folders or logs:
- Vulscan switches used for content replication
- Vulscan Switches for Windows Agents
- Vulscan switches to control scan types
- General Switches
- Reboot related operations
- VBScript related options
- Disable certain behaviors
- Manipulate Data Files
- LANDESK Endpoint Security Related Commands
- LANDESK Antivirus related commands
- Shortcuts to open folders or logs:
- Vulscan switches used for content replication
- Vulscan Switches for Windows Agents
Vulscan Switches for Windows Agents
This document describes the various switches that can be used on the command line to manipulate the vulscan behavior. It is recommended to use the different available settings (Distribution and Patch Settings, Reboot Settings, etc) to control the Vulscan behavior otherwise unintended consequences may result.
Vulscan switches to control scan types
| Number | Type | Description | Example |
|---|---|---|---|
| 0 | Vulnerabilities | This category is for security related releases by 3rd-party vendors such as Microsoft, For a detailed list of available content click here |  |
| 1 | Anti-Spyware | Definitions and engine updates for the Anti-spyware component within Security and Patch Manager (This differs from the Anti-virus component and is based on the Lavasoft engine and targets spyware and ad-ware) |  |
| 2 | Security Threats | This differs from the Vulnerabilities category in that this is not to address vulnerabilities in vendor code, but simply facilitates configuration changes to tighten down security. |  |
| 3 | LANDESK Updates | LANDESK Patches and Service Packs (not including LANDESK Antivirus which is in category 8) |  |
| 4 | Custom Definitions | Custom-user made definitions, including custom definitions that have been imported. This will also include other definitions that have been cloned. |  |
| 5 | Blocked Apps | Includes both pre-configured content downloaded from LANDESK Content servers, and any custom blocked application content that has been created. Some of the Summary information in the blocked applications definitions are provided from http://www.sysinfo.org (Blocked application legal disclaimer) Click graphic for an example of these definitions: |  |
| 6 | Software Updates | Non-Security related updates for Intel, LANDESK, and Lenovo. (Click graphic for an example) |  |
| 7 | Drivers | This category includes Dell, HII, HP Client, and Lenovo definitions if they have been downloaded as part of the download updates process. |  |
| 8 | Antivirus | Downloads LANDESK Antivirus definitions, and if selected also downloads updates pattern files for both LANDESK Antivirus and 3rd party antivirus products |  |
Example: "Vulscan /scan=0 /showui" will scan the type "Vulnerabilities" while showing the LANDESK Vulscan UI.
General Switches
| General | Description |
|---|---|
| /AgentBehavior=AgentBehaviorID | Points to the Distribution and Patch behavior to be used during scan and repair |
| /ShowUI | Shows the vulscan user interface during the scanning and/or repair operation (Note: you can press Alt-L while this window is active to show the current vulscan log) |
| /AllowUserCancelScan | Allow the user to cancel the scan or repair operation |
| /AutoCloseTimeout=Seconds | Changes the default amount of time the Vulscan UI stays open after the scan/repair operation is complete. (Default is 60 seconds) |
| /Group=GroupID | Specify the Custom group that should be scanned against. The custom Group ID can be found right clicking the group and looking at the ID: section. |
| /Autofix=True or False |
Reboot related operations
| Repair | Description |
|---|---|
| /ob:RebootBehavior=<BehaviorIDName_vXXX> | References the Reboot Behavior to be used during the repair job. |
VBScript related options
| VB Testing | Description |
|---|---|
| /scriptrepair=filename | VBScript file to be used during testing of a repair operation |
| /scriptdetect=filename | VBScript file to be used during testing of a detection operation |
| /customVarfile=filename | If the VBScript calls variables, they should be defined in this file |
Disable certain behaviors
| Disable | Description |
|---|---|
| /NoElevate | Do not elevate permissions during scanning or repair |
| /NoSleep | |
| /NoSync | |
| /NoUpdate | Do not update other files that vulscan typically updates during a scan operation. More information about the files that vulscan will automatically update |
| /NoSelfUpdate | Do not update vulscan.dll and vulscan.exe if the files are newer on the core. |
| /NoRepair |
Manipulate Data Files
| Data Files | Result | Example |
|---|---|---|
| /O=Filename (including full path)s | Send vulscan output to a file as specific in the command line rather than back to the server in the form of a SOAP response. (Click graphic for an example) |  |
| /Log=Filename (including full path) | Sends the vulscan log files to a different location than the default as specified. | |
| /Reset | Removes the client side settings and files (leaves log files intact, if you want to delete the log files as well you can simply delete the ProgramData\Vulscan directory) | |
| /Clear or /ClearScanStatus | Will clear the scan and repair status for the client on the core server (blanks out the history) |
LANDESK Endpoint Security Related Commands
| LANDESK Endpoint Security related commands | Description |
|---|---|
| vulscan /installeps | Installs LANDESK Endpoint Security (use /showui to show progress) |
| vulscan /removeeps | Removes LANDESK Endpoint Security (use /showui to show progress) |
| vulscan /changesettings | Run this command to refresh any changes that have been made to the settings |
LANDESK Antivirus related commands
| LANDESK Antivirus related commands | Description |
|---|---|
| vulscan /removeoldav | Removes 3-rd party antivirus solutions (Provided they are not password protected) |
| vulscan /removeav | Removes an already installed instance of LANDESK Antivirus |
| vulscan /installav | Install LANDESK Antivirus |
| vulscan av | Opens the LANDESK Antivirus logs directory (Typically C:\ProgramData\LANDESKAV |
Shortcuts to open folders or logs:
| Vulscan configuration settings directory | Open logs folder | Open LDClient directory | Open LANDESK Antivirus logs folder | Open LANDESK logs directory (9.6 SP1 and newer) |
|---|---|---|---|---|
| vulscan e - Opens the Vulscan Directory | vulscan l - Opens the current vulscan log (Or press "Alt-L" while the vulscan UI is showing) | vulscan c | vulscan av | vulscan log |
Vulscan switches used for content replication
| Switch | Description |
|---|---|
| /replicate | Triggers vulscan to do a content replication |
| /changesettings with /replicationbehavior=default | Tells vulscan which vulscan behavior to use. Default means compute the behavior guid based on the computer idn. For example, if my computer idn is 1234, then I will try to download a behavior called “ReplicationBehavior_Replicator_1234.xml”. Vulscan will now consider itself a “replicator” and will try to update its copy of a replicationBehavior any time it runs, creating any local scheduler jobs as necessary. |
| /changesettings with /replicationbehavior=-2 | Will disable vulscan as a replicator, removing any local scheduler tasks regarding replication and causing vulscan to no longer attempt to get the latest replication behavior file. |
| /settingsIndex=NNN | You’ll see this commandline used by the local scheduler when it launches vulscan. This tells vulscan which group of settings to use to control its behavior as specified in the console’s UI. For each scheduled replication event that you specify, there will be a new “settingsIndex”. |
| /duration=NNN | The maximum duration that vulscan should do replication, in minutes. This will appear in the replication behavior file and not typically on the command line, but in the file you’ll see something like “Duration_0”, or “Duration_1”, etc. The value after the underscore is the settings index number. When vulscan applies settings found in the behavior file and it sees that its settingsIndex value has been set, then it looks for any variables in the behavior file that end with an underscore and that number (such as “Duration_0”). It strips off the underscore and number and sets the value internally. Therefore, anything you see in the behavior file that ends in the underscore can be passed on the commandline (and therefore take precedence over the behavior file settings). Many of the _NNN settings that are in the behavior file are regarding the local scheduler task that should be created. So vulscan only interprets those values when creating the local scheduled task that will later launch itself to do replication. |