Main parameters

 Home  Previous  Next

SCAN={folder}        Adds a folder or disk to the list of objects to be scanned. The path should start with the disk letter, for example, c:\windows. You can specify an unlimited number of SCAN parameters in the command lineall parameters are processed, making it possible to scan multiple folders. Specifying a nonexistent folder is not an errorit will be simply ignored. Repeatedly specifying one and the same folder or a parent folder and its subfolders does not constitute an error either. AVZ will “sum up” all the specified folders, taking into account their hierarchy. Example: SCAN=c:\windows

 

SCANDRIVE= [HDD|FDD|CDROM] Adds all disks of the specified types to the list of objects to be scanned. Three disk types are supported: HDDall hard drives are selected; FDDall floppy drives and Flash drives are selected; CDROMall CD/DVD drives and disks created by CD emulators are selected. You are allowed to specify several options separated with a comma or a + sign (without spaces before and after the comma or the + sign), for example, SCANDRIVE=HDD+CDROM.

 

SCANFILE={file name} Scanning of an individual file. There can be several such parameters. The scanning of files is performed in the order of the keys. Specifying a nonexistent file or the same file more than once is not an error. Example: SCANFILE=c:\windows\trojan.exe

 

NOSCAN={folder} Excludes the specified folder from the list of folders to be scanned. The path should start with the disk letter, for example, c:\windows. You can specify an unlimited number of NOSCAN parameters in the command lineall parameters are processed, making it possible to scan multiple folders. All NOSCAN parameters are analyzed after a list of scanned folders based on SCAN parameters has been created. Specifying a nonexistent folder is not an errorit will be simply ignored. Repeatedly specifying one and the same folder or a parent folder and its subfolders does not constitute an error either. AVZ will “sum up” all the specified folders, taking into account their hierarchy.

Example: SCAN=c:\ NOSCAN=c:\aids the entire disk C:\ with the exception of folder c:\aids will be scanned.

 

 

ScanAllFiles=[Y|N]        Scans all files (depending on the extension). The effect of selecting <All files> under the <File types> switch.

 

ScanFilesMode=[0|1|2] Specifies the scanning mode. 0 scanning of potentially dangerous files; 1 scanning of all files; 2 scanning of files by mask. In Mode 2, the masks have to be specified using the IncludeFiles and ExcludeFiles keys.

 

IncludeFiles={mask} Specifies the file mask (or a selection of masks) to be scanned. Identical to filling the field <Include files matching the template:> and unchecking the check box of the same name.

 

ExcludeFiles={mask}        Excludes files with names / extensions by mask. Identical to filling the field <Exclude files matching the template :> and unchecking the check box of the same name.

 

WinTrustLevel=[0|1|2]        Mode of file checking against the Microsoft Security Catalog (0 disabled; 1 check against catalog; 2 check against catalog plus comprehensive check of the digital signature of the file itself). Mode 1 is set by default. Enabling Mode 2 increases check reliability, while also prolonging the file check time by 2-3 times.

 

ScanProcess=[Y|N]        Scans processes and DLL loaded into the memory; enabled by default.

ScanSystem=[Y|N]        Heuristic system check using heuristic microprograms; enabled by default.

ScanSystemIPU=[Y|N]        Heuristic system check using the Potential Vulnerabilities Finder (PVF); enabled by default.

 

RepGoodFiles = [Y|N] Logs information about files which AVZ considered to be “clean”.

RepGoodCheck = [Y|N] Checks “clean” files against the Trusted Objects Database and the Microsoft digital signatures database, with the check results shown in the log. Using this parameter makes sense only when RepGoodFiles = Y.

 

CheckArchives=[Y|N] Checks archives and compound files.

UseInfected=[Y|N]        Copies deleted files to the Infected folder

UseQuarantine=[Y|N] Copies suspicious files to Quarantine.

 

EvLevel=[0|1|2|3]        Heuristics analyzer sensitivity level (0 disabled; 3 maximum level).

ExtEvCheck=[Y|N]        Extended heuristic check. This parameter makes sense only when the heuristics sensitivity level has been set to 3.

 

Antirootkit

 

RootKitDetect=[Y|N]        Enables detection of rootkits and API hooks.

AntiRootKitSystem=[Y|N]        Enables the antirootkit system (at all available levels). Enabling the antirootkit system automatically enables rootkit detection.

AntiRootKitSystemUser=[Y|N] Enables the antirootkit system only for UserMode rootkits.

AntiRootKitSystemKernel=[Y|N] Enables the antirootkit system only for KernelMode rootkits.

The AntiRootKitSystemUser and AntiRootKitSystemKernel parameters prevail over the AntiRootKitSystem parameter. For example, specifying AntiRootKitSystem=Y AntiRootKitSystemKernel=N will cause the blocking of UserMode rootkits only to be enabled (the first parameter enables all, and the second parameter disables KernelMode rootkit blocking).

 

CheckLSP=[Y|N] Checks SPI/LSP settings. Enabled by default.

AutoRepairLSP=[Y|N] Automatically repairs errors in SPI/LSP settings. Works only if CheckLSP=Y. Disabled by default.

 

KeyloggerSearch=[Y|N] Searches for keyloggers and trojan DLLs. Enabled by default.

 

SearchTrojanPorts=[Y|N] Searches for ports used by trojans. Enabled by default.

 

AutoFixSysProblems=[Y|N] Automatically fixes system errors detected at step 9 of the system scan (supported starting with version 4.30; disabled by default).

 

 

Profile={profile name}        Loads the profile stored in the file with the specified name. If you specify an incomplete path, the application will look for a profile in the current folder. You can specify several “Profile” parameters (all profiles will be loaded in the order in which they are specified in the command lime). A profile can in turn contain “Profile” parameters, enabling profiles to refer to one another. Upon loading profiles, the application makes sure to load each profile only once, which enables it to correctly process situations involving cross-references among profiles.

 

DelVir=[Y|N]        Deletes / removes any viruses found.

 

ModeVirus=[0|1|2]        Mode for dealing with viruses (0 report only, 1 delete or remove, 2 ask user).

 

ModeAdvWare=[0|1|2]        Mode for dealing with adware (0 report only, 1 delete or remove, 2 ask user).

 

ModeSpy=[0|1|2]        Mode for dealing with spy and spyware (0 report only, 1 delete or remove, 2 ask user).

 

ModePornWare=[0|1|2]        Mode for dealing with pornware and dialers (0 report only, 1 delete or remove, 2 ask user).

 

ModeRiskWare=[0|1|2]        Mode for dealing with riskware (0 report only, 1 delete or remove, 2 ask user).

 

ExtFileDelete=[Y|N] Heuristic file deletion. It implies system analysis, search and removal of traces of every file deleted.

 

Run=[Y|N]        Runs the scan automatically. Performed after all the other parameters have been executed.

 

Processing of parameters without the "=" sign

All AVZ parameters appear as Name=Value. Parameters that do not contain the equal sign (=) are viewed as names of files and folders that need to be scanned. They are subjected to two checks:

1.The parameter is viewed as a folder name. If a folder with this name exists, it is marked for scanning (in this case the operation is equivalent to the key SCAN=<folder>).
2.If a folder with the specified name has not been located at step 1, the application will consider the parameter value to be a file name. If a file with this name exists, it is marked for scanning (in this case the operation is equivalent to the key SCANFILE={file name}).