Contents
- Managing application tasks using the command line
- View the list of tasks
- Creating a new task
- Editing task settings using a configuration file
- Editing task settings using the command line
- Resetting task settings to their default values
- Starting and stopping a task
- Viewing a task state
- Scheduling a task
- Managing scan scopes from the command line
- Managing exclusion scopes from the command line
- Deleting a task
Managing application tasks using the command line
You can manage the application operation using tasks locally on the device (using the command line or configuration files), as well as using Administration Console or Kaspersky Security Center Web Console.
There are two types of tasks for working with the application:
- Predefined task — a task created during installation of the application. Predefined tasks cannot be created or deleted, but you can modify the settings of these tasks.
- A user task that you can create or delete on your own. You can create the following types of user tasks: ODS, Update, Rollback, ODFIM, ContainerScan, and InventoryScan.
Task ID is an identifier that the application assigns to the task at creation. IDs for user tasks are starting from 100. All tasks (including deleted tasks) have unique IDs. The application does not reuse the identifiers of the deleted tasks. The identifier of a new task is the next successive number to the identifier of the latest created task.
Task names are not case-sensitive.
The application's predefined tasks are listed in the table.
Application tasks
Task |
Task name in the command line |
Task ID |
Task type |
|---|---|---|---|
File_Threat_Protection |
1 |
OAS |
|
Scan_My_Computer |
2 |
ODS |
|
Scan_File |
3 |
ODS |
|
Critical_Areas_Scan |
4 |
ODS |
|
Update |
6 |
Update |
|
Rollback |
7 |
Rollback |
|
License |
9 |
License |
|
Backup |
10 |
Backup |
|
System_Integrity_Monitoring |
11 |
OAFIM |
|
Firewall_Management |
12 |
Firewall |
|
Anti_Cryptor |
13 |
AntiCryptor |
|
Web_Threat_Protection |
14 |
WTP |
|
Device_Control |
15 |
DeviceControl |
|
Removable_Drives_Scan |
16 |
RDS |
|
Network_Threat_Protection |
17 |
NTP |
|
Container_Scan |
18 |
ContainerScan |
|
Custom_Container_Scan |
19 |
ContainerScan |
|
Behavior_Detection |
20 |
BehaviorDetection |
|
Application_Control |
21 |
AppControl |
|
Inventory_Scan |
22 |
InventoryScan |
You can perform the following actions with tasks:
- start and stop tasks.
- create and delete user tasks.
- Edit task settings.
View the list of tasks
To view the list of application tasks, execute the following command:
kess-control [-T] --get-task-list [--json]
where:
--json – output format for the list of application tasks. If a file format is not specified, the output will be an INI file.
The list of Kaspersky Embedded Systems Security tasks will be displayed.
The following information will be displayed for each task:
If Kaspersky Security Center policy prohibits users from viewing and editing tasks locally, information will only be displayed about the Scan_File, Backup, License, File_Threat_Protection, System_Integrity_Monitoring, and Anti_Cryptor tasks. Information about other tasks is not available.
Creating a new task
You can create tasks with default settings or with settings specified in a configuration file.
You can create only the following types of user tasks: ODS, Update, Rollback, ODFIM, ContainerScan, and InventoryScan.
To create a task with default settings, execute the following command:
kess-control [-T] --create-task <task name> --type <task type>
where:
<task name>is the name you assign to the new task;<task type>is the type of task.
A task of the specified type is created with default settings.
To create a task with the settings specified in the configuration file, execute the following command:
kess-control [-T] --create-task <task name> --type <task type> --file <file path> [--json]
where:
<task name>is the name you assign to the new task;<task type>is the type of task;<path to file>is the full path to the configuration file.
A task of the specified type is created with settings specified in a configuration file.
Editing task settings using a configuration file
To edit task settings by changing a configuration file:
- Save task settings to the configuration file:
kess-control --get-settings <task ID>|<task name> --file <full path to the file> [--json] - Open the created configuration file for editing.
- Edit the required settings in the configuration file.
- Save the changes in the configuration file.
- Import the settings from the configuration file into the task:
kess-control --set-settings <task ID>|<task name> --file <full path to the file> [--json]
Task settings will be updated.
If you change the allowlist, or prohibit launch of all applications or applications that affect the operation of Kaspersky Embedded Systems Security in the Application Control task settings, run the --set-settings command with the --accept flag.
Editing task settings using command line
To edit task settings using the command line:
- Specify the required setting value:
kess-control --set-settings <task ID>|<task name> <setting=value> [<setting=value>]The application changes the specified setting.
If you change the allowlist, or prohibit launch of all applications or applications that affect the operation of Kaspersky Embedded Systems Security in the Application Control task settings, run the
--set-settingscommand with the--acceptflag. - Make sure the setting value is changed in the task configuration file:
kess-control --get-settings <task ID>|<task name>
If you add a new scan scope or exclusion scope not specifying all settings, a scope with default settings is added to the configuration file.
Example: To specify a new scan scope, execute the following command:
A new section describing the scan scope is added to the task configuration file with ID=100:
|
Resetting task settings to their default values
Kaspersky Embedded Systems Security allows you to reset task settings to default values from command line.
Restoring default settings is not available for the License and Rollback tasks.
To reset task settings to their default values from the command line:
- Execute the following command:
kess-control --set-settings <task ID>|<task name> --set-to-defaultThe application changes the setting values to their defaults.
- Make sure the settings' values are changed in the task configuration file:
kess-control --get-settings <task ID>|<task name> --file <configuration file name>The task configuration file contains default values for all settings.
Starting and stopping a task
By default, the following tasks are automatically started when the application starts: File Threat Protection, Device Control, and Behavior Detection. The remaining tasks are stopped (their status is Stopped).
You can start a task at any time.
The Backup and License tasks cannot be started or stopped.
To start a task, execute the following command:
kess-control --start-task <task ID>|<task name>
To stop a task, execute the following command:
kess-control --stop-task <task ID>|<task name>
Viewing a task state
To view a task state, execute the following command:
kess-control --get-task-state <task ID>|<task name>
where:
<taskID>
The application tasks can have one of the following states:
Started—Task is running.Starting—Task is being launched.Stopped—Task has been stopped.Stopping—Task is stopping.
The ODS, ODFIM, and InventoryScan tasks can also have one of the following states:
Pausing— Task is pausing.Suspended— Task is suspended.Resuming— Task is resuming.
The Backup and License tasks cannot be started, suspended, or stopped. They can have only the Started state.
Scheduling a task
You can view and configure the schedule settings for the following task types: ODS, Update, Rollback, ODFIM, ContainerScan and InventoryScan.
Editing task schedule settings
To configure task schedule settings:
- Save task schedule settings to a configuration file by executing the following command:
kess-control --get-schedule <task ID>|<task name> --file <configuration file name> [--json] - Open the configuration file for editing.
- Specify the schedule settings.
- Save the changes in the configuration file.
- Import the schedule settings from the configuration file to the task using the following command:
kess-control --set-schedule <task ID>|<task name> --file <configuration file name> [--json]
The application will apply the new values of the schedule settings immediately.
Task schedule settings
The application provides the following settings for configuring the task launch schedule:
RuleType=Once|Monthly|Weekly|Daily|Hourly|Minutely|Manual|PS|BR
where:
Manual – start the task manually.
PS – start the task after starting the application.
BR – start the task after the application databases have been updated.
StartTime=[<year>/<month>/<day of the month>] [hh]:[mm]:[ss]; [<day of the month>|<day of the week>]; [<start periodicity>] – task start time. The StartTime setting is required if RuleType=Once|Monthly|Weekly|Daily|Hourly|Minutely.
RandomInterval=<minutes> – a time interval from 0 to the specified value (in minutes), which will be added to the task start time to avoid starting tasks at the same time.
RunMissedStartRules – enables launch of the missed task after the application starts.
Examples: To schedule the task to start every ten hours, specify the following settings:
To schedule the task to start every ten minutes, specify the following settings:
To schedule the task to start on the 15th of every month, specify the following settings:
To schedule the task to start on every Tuesday, specify the following settings:
To schedule the task to start every 11 days, specify the following settings:
|
The kess-control --get-schedule command
The kess-control --get-schedule command displays the task schedule settings or saves them to the specified configuration file.
Command syntax
kess-control [-T] --get-schedule <task ID>|<task name> [--file <configuration file name>] [--json]
Arguments and keys
<task ID> is the task identification number in the application.
<task name> is a name of a task.
--file <configuration file name> is the name of the configuration file where the schedule settings will be saved. If you specify the name of a file without specifying its path, the file will be created in the current directory. If a file with the specified name already exists in the specified path, it will be overwritten. If the specified directory cannot be found on the disk, the configuration file will not be created.
Examples: Save the update task settings to a file named update_schedule.ini and save the created file in the current directory:
Display the Update task schedule:
|
The kess-control --set-schedule command
The kess-control --set-schedule command sets the task schedule settings using the command keys or imports the task schedule settings from the specified configuration file.
Command syntax
kess-control --set-schedule <task ID>|<task name> --file <configuration file name> [--json]
kess-control --set-schedule <task ID>|<task name> <setting name>=<setting value> <setting name>=<setting value>
Arguments and keys
<task ID> is the task identification number in the application.
<task name> is a name of a task.
--file <configuration file name> is the name of the configuration file; the schedule settings from this file will be imported into the task; includes the full path to the file.
Example: Import the schedule settings from the configuration file named /home/test/on_demand_schedule.ini into the task with ID=2:
|
Managing scan scopes from the command line
You can add or delete a scan scope with a specified Path for OAS, ODS, OAFIM, ODFIM, and AntiCryptor tasks from the command line.
To add a new scan scope, execute the following command:
kess-control --set-settings <task ID>|<task name> --add-path <path>
A new [ScanScope.item_#] section will be added to the configuration file. The application scans the objects in the directory specified by the Path setting.
If a [ScanScope.item_#] section already exists for the specified Path setting, a duplicate section will not be added to the configuration file. If the UseScanArea setting is set to No its value will change to Yes after this command is executed and the objects located in this directory will be scanned.
To delete a scan scope, execute the following command:
kess-control --set-settings <task ID>|<task name> --del-path <path>
The [ScanScope.item_#] section that contains the specified path will be deleted from the task configuration file. The application will not scan the objects in the directory specified by the Path setting.
Managing exclusion scopes from the command line
You can add or delete an exclusion scope with a specified Path for OAS, ODS, OAFIM, ODFIM, and AntiCryptor tasks from the command line.
To add a new exclusion scope, execute the following command:
kess-control --set-settings <task ID>|<task name> --add-exclusion <path>
In order to optimize the operation of scan tasks, it is recommended to add the path with snapshots mounted by the system in the read-only mode to the exclusions for the systems with the btrfs file system and enabled active snapshots. For example, for the systems based on SUSE/OpenSUSE, you can add the following exclusion for the path: /.snapshots/*/snapshot/.
A new [ExcludedFromScanScope.item_#] section will be added to the configuration file. The application will exclude objects in the directory specified by the Path setting from scans.
If an [ExcludedFromScanScope.item_#] section already exists for the specified Path setting, a duplicate section will not be added to the configuration file. If the UseScanArea setting is set to No its value will change to Yes after this command is executed and the objects located in this directory will be excluded from scans.
To delete an exclusion scope, execute the following command:
kess-control --set-settings <task ID>|<task name> --del-exclusion <path>
The [ExcludedFromScanScope.item_#] section that contains the specified path is deleted from the task configuration file. The application will not exclude objects in the directory specified by the Path setting from scans.
Deleting a task
You can only delete tasks that you have created. You cannot delete predefined tasks.
To delete a task, execute the following command:
kess-control --delete-task <task ID>|<task name>