WARNING: Starting with version 2.3, Scan feature requires a RogueKiller Technician license.
Available scan modes
- -scan (scan_params): Start standard scan, scan_params (optional) passes arguments to the core (see below)
- -quickscan: Start quick scan
- -customscan: Start custom scan (needs additional arguments, see below)
Available scan parameters
Important note: scan parameters need to be enclosed into one big quotes delimiters. If you need to use quotes inside of it, use triple quotes (see example below).
Example: RogueKillerCMD.Exe -scan “-reportpath C:\report.txt”
- -reportpath {report_path}: Specify a file path where the report will be also copied
- -reportformat {json|txt}: Specify a file format for the report copy
- -portable-license {path_to_portable_config_file}: Specify a portable config file generated by the Technician
Optional parameters
Important note: Optional parameters below are standalone arguments, they should not be inside the scan parameters’ quotes.
Example: RogueKillerCMD.exe -scan “here the scan args” -deleteall -no_interact
- -no_interact: No user interaction, implicit EULA accept and starts removal after scan (only alleged malware)
- -deleteall: Consider PUP and PUM entries as malware, and select them for removal
- -ignoreall: Ignores removal after a scan
- -debuglog {path}: Log scan activity to a file
- -force_portable_license {license_email} {license_key}: Technician only, uses the given license in memory only (portable mode)
- -portable_signatures {path}: Uses the given signatures package instead of checking online
Custom scan
- -scanoptions: Modules to use for scan, any combination with “processes, services, tasks, registry, filesystem, wmi, hosts, web”
- -scanpaths: Custom paths to scan (folders), up to 10 paths
Examples
RogueKillerCMD.exe -scan -debuglog "C:\my_scan.log"
RogueKillerCMD.exe -quickscan -no_interact -deleteall
RogueKillerCMD.exe -quickscan -no_interact -ignoreall
RogueKillerCMD.exe -scan "-reportpath C:\my_scan_report.txt -reportformat txt"
RogueKillerCMD.exe -scan "-portable-license C:\my_config.ini"
RogueKillerCMD.exe -scan "-reportpath """C:\my folder with spaces\my_scan_report.json""" -reportformat json"
RogueKillerCMD.exe -scan -force_portable_license licenseid@email.com AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA
RogueKillerCMD.exe -scan -portable_signatures "Z:\roguekiller_signatures.zip"
RogueKillerCMD.exe -scan "-portable-license """Z:\roguekiller_license.lic""""
RogueKillerCMD.exe -custom_scan -scanoptions processes filesystem task web -scanpaths "C:/my_folder_to_scan" "C:/folder/my_other_folder_to_scan"
During the scan multiple user interactions can be requested to accept EULA, validate update or choose a removal mode. This can be avoided by using the -no_interact flag. Default values are to accept EULA, accept update and use standard (no PUP/PUM) removal mode.