RogueKillerCMD | Documentation : Run a Scan • Adlice Software

WARNING: Starting with version 2.3, Scan feature requires a RogueKiller Technician license.
WARNING: Starting with v4.0, some of the parameters have changed. Please double check carefully your existing scripts.

Available scan modes

-scan: Start standard scan
-quickscan: Start quick scan
-customscan: Start custom scan (needs additional arguments, see below)

Available scan parameters

-reportpath {report_path}: Specify a file path where the report will be also copied
-reportformat {json|txt}: Specify a file format for the report copy
-accept-eula: Accept terms and conditions without prompt
-deleteall: Remove all found elements after a scan
-deletecritical: Remove only critical (meaning detections that are NOT “PUP.” or “PUM.”) elements after a scan
-ignoreall: Ignore all found elements after a scan
-no-interact: No user interaction, equivalent to -accept-eula and -deletecritical
-debuglog {path}: Log scan activity to a file
-portable-config {path_to_portable_config_file}: Specify a portable config file generated by the Technician
-portable-license {license_email} {license_key}: Technician only, uses the given license in memory only (portable mode)
-portable-signatures {path}: Uses the given signatures package instead of checking online
-portable-workdir {path}: Directory to use for scanner files storage. Leaves no traces outside of this.
-excluded-paths: Paths to exclude from scanner (files / folders), up to 10 paths

Custom scan

-scanoptions: Modules to use for scan, any combination with “processes, services, tasks, registry, filesystem, wmi, hosts, web, outdated”
-scanpaths: Custom paths to scan (folders), up to 10 paths

Examples

RogueKillerCMD.exe -scan
RogueKillerCMD.exe -quickscan
RogueKillerCMD.exe -customscan -scanoptions processes filesystem task web outdated 
RogueKillerCMD.exe -customscan -scanpaths "C:/my_folder_to_scan" "C:/folder/my_other_folder_to_scan"
RogueKillerCMD.exe -scan -no-interact -deleteall
RogueKillerCMD.exe -scan -no-interact -deletecritical
RogueKillerCMD.exe -scan -no-interact -ignoreall
RogueKillerCMD.exe -scan -reportpath C:\report.txt -reportformat txt
RogueKillerCMD.exe -scan -portable-config C:\my_config.ini
RogueKillerCMD.exe -scan -debuglog C:\debug.log -accept-eula
RogueKillerCMD.exe -scan -portable-license licenseid@email.com AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA
RogueKillerCMD.exe -scan -portable-signatures "Z:\roguekiller_signatures.zip"
RogueKillerCMD.exe -scan -portable-workdir "C:\roguekiller_workdir"
RogueKillerCMD.exe -scan -excluded-paths "C:\folder_to_exclude" "C:\file_to_exclude.exe"

=== POWERSHELL ===
Start-Process -NoNewWindow -FilePath .\RogueKillerCMD.exe -ArgumentList "-quickscan -portable-config Z:\roguekiller_license.lic -deleteall -no-interact" -Wait -PassThru

During the scan multiple user interactions can be requested to accept EULA, validate update or choose a removal mode. This can be avoided by using the -no-interact flag.
Default values are to accept EULA, accept update and use standard (no PUP/PUM) removal mode.