1. Home
  2. Docs
  3. RogueKillerCMD
  4. Getting Started
  5. Run a Scan

Run a Scan

WARNING: Starting with version 2.3, Scan feature requires a RogueKiller Technician license.
WARNING: Starting with v4.0, some of the parameters have changed. Please double check carefully your existing scripts.

Available scan modes

  • -scan: Start standard scan
  • -quickscan: Start quick scan
  • -customscan: Start custom scan (needs additional arguments, see below)

Available scan parameters

  • -reportpath {report_path}: Specify a file path where the report will be also copied
  • -reportformat {json|txt}: Specify a file format for the report copy
  • -accept-eula: Accept terms and conditions without prompt
  • -deleteall: Remove all found elements after a scan
  • -deletecritical: Remove only critical (meaning detections that are NOT “PUP.” or “PUM.”) elements after a scan
  • -ignoreall: Ignore all found elements after a scan
  • -no-interact: No user interaction, equivalent to -accept-eula and -deletecritical
  • -debuglog {path}: Log scan activity to a file
  • -portable-config {path_to_portable_config_file}: Specify a portable config file generated by the Technician
  • -portable-license {license_email} {license_key}: Technician only, uses the given license in memory only (portable mode)
  • -portable-signatures {path}: Uses the given signatures package instead of checking online
  • -portable-workdir {path}: Directory to use for scanner files storage. Leaves no traces outside of this.
  • -excluded-paths: Paths to exclude from scanner (files / folders), up to 10 paths

Custom scan

  • -scanoptions: Modules to use for scan, any combination with “processes, services, tasks, registry, filesystem, wmi, hosts, web, outdated”
  • -scanpaths: Custom paths to scan (folders), up to 10 paths


RogueKillerCMD.exe -scan
RogueKillerCMD.exe -quickscan
RogueKillerCMD.exe -customscan -scanoptions processes filesystem task web outdated 
RogueKillerCMD.exe -customscan -scanpaths "C:/my_folder_to_scan" "C:/folder/my_other_folder_to_scan"
RogueKillerCMD.exe -scan -no-interact -deleteall
RogueKillerCMD.exe -scan -no-interact -deletecritical
RogueKillerCMD.exe -scan -no-interact -ignoreall
RogueKillerCMD.exe -scan -reportpath C:\report.txt -reportformat txt
RogueKillerCMD.exe -scan -portable-config C:\my_config.ini
RogueKillerCMD.exe -scan -debuglog C:\debug.log -accept-eula
RogueKillerCMD.exe -scan -portable-license licenseid@email.com AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA
RogueKillerCMD.exe -scan -portable-signatures "Z:\roguekiller_signatures.zip"
RogueKillerCMD.exe -scan -portable-workdir "C:\roguekiller_workdir"
RogueKillerCMD.exe -scan -excluded-paths "C:\folder_to_exclude" "C:\file_to_exclude.exe"

Start-Process -NoNewWindow -FilePath .\RogueKillerCMD.exe -ArgumentList "-quickscan -portable-config Z:\roguekiller_license.lic -deleteall -no-interact" -Wait -PassThru

During the scan multiple user interactions can be requested to accept EULA, validate update or choose a removal mode. This can be avoided by using the -no-interact flag.
Default values are to accept EULA, accept update and use standard (no PUP/PUM) removal mode.

How can we help?