Kaspersky Embedded Systems Security 3.4 for Linux Help

This command outputs all application settings to the console or exports to a configuration file. These settings include encrypted connections scan settings, general application settings, and task settings.

Command syntax

kess-control [-T] --export-settings [--file <configuration file path>] [--json]

Arguments and options

--file <configuration file path> is the full path to the configuration file where the application settings will be saved.

--json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

kess-control --import-settings

This command imports all application settings from a configuration file, including encrypted connections scan settings, general application settings, and task settings.

Command syntax

kess-control [-T] --import-settings --file <configuration file path> [--json]

Arguments and options

--file <configuration file path> is the full path to the configuration file from which you want to import settings into the application.

--json is specified to import the settings from the configuration file in JSON format. If the --json option is not specified, the application attempts to import from an INI file. If the import fails, an error is displayed.

kess-control --update-application

This command installs a downloaded application module update.

It can only be executed if the application is being used in standard mode.

Command syntax

kess-control [-T] --update-application

In this section

Commands for managing general application settings

Commands for managing task settings

Commands for managing tasks

Commands for managing encrypted connections scan settings

Page top

Commands for managing general application settings

The kess-control --get-app-settings command

The command outputs the current values of the general application settings to the console or a configuration file.

Command syntax

kess-control [-T] --get-app-settings [--file <configuration file path>] [--json]

Arguments and options

--file <configuration file path> is the path to the configuration file where the application general settings will be written. If you do not specify the --file option, settings will be output to the console.

If you specify the name of a file without its path, the file will be created in the current directory. If a file already exists in the specified path, it will be overwritten. If the specified directory does not exist, no configuration file will be generated.

--json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

The kess-control --set-app-settings command

This command configures the general application settings via command options or by importing settings from a configuration file.

Command syntax

Define settings via command options:

kess-control [-T] --set-app-settings <setting name>=<setting value> [<setting name>=<setting value>]

Define settings via a configuration file:

kess-control [-T] --set-app-settings --file <configuration file path> [--json]

Arguments and options

<option name>=<option value>: the name and value of a general application setting.

--file <configuration file path> is the full path to the configuration file from which you want to import settings into the application.

--json is specified to import the settings from the configuration file into the application in JSON format. If the --json option is not specified, the application attempts to import from an INI file. If the import fails, an error is displayed.

Page top

Commands for managing task settings

kess-control --get-settings

This command outputs the current settings for a specified task to the console or a configuration file.

Command syntax

kess-control [-T] --get-settings <task ID/name> [--file <configuration file path>] [--json]

Arguments and options

<task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

--file <configuration file path> is the path to the configuration file into which the task settings will be written. If you do not specify the --file option, settings will be output to the console.

--json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

kess-control --set-settings

This command defines the settings for a specified task via command options or by importing settings from a configuration file.

Command syntax

Define settings via command options:

kess-control [-T] --set-settings <task name/ID> <setting name>=<setting value> [<setting name>=<setting value>] [--add-path <path>] [--del-path <path>] [--add-exclusion <path>] [--del-exclusion <path>]

Define settings via a configuration file:

kess-control [-T] --set-settings <task name/ID> --file <configuration file path> [--json]

Arguments and options

<task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

<setting name>=<setting value> is the name and value of one of the task settings.

--add-path <path> adds the path to the directory with the objects to be scanned.

--del-path <path> deletes the path to the directory with the objects to be scanned.

--add-exclusion <path>: add the path to the directory with objects to exclude from scanning.

--del-exclusion <path> deletes the path to the directory with the objects to be excluded.

--file <configuration file path> is the full path to the configuration file from which the task settings will be imported.

kess-control --set-to-default

The command restores the default settings for the specified task.

Command syntax

kess-control [-T] --set-settings <task ID/name> --set-to-default

Arguments and options

<task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

The kess-control --get-schedule command

The command outputs the current schedule of the specified task to the console or a configuration file.

Command syntax

kess-control [-T] --get-schedule <task ID/name> [--file <configuration file path>] [--json]

Arguments and options

<task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

--file <configuration file path> is the path to the configuration file in which the settings for the task run schedule will be written. If you do not specify the --file option, settings will be output to the console.

--json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

The kess-control --set-schedule command

The command defines a schedule for the specified task via command options or by importing settings from a configuration file.

Command syntax

Define settings via command options:

kess-control [-T] --set-schedule <task ID/name> <setting name>=<setting value> [<setting name>=<setting value>]

Define settings via a configuration file:

kess-control [-T] --set-schedule <task ID/name> --file <configuration file path> [--json]

Arguments and options

<task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

<setting name>=<setting value> is the name and value of one of the settings for the task schedule.

--file <configuration file path> is the full path to the configuration file from which the task schedule settings will be imported.

Page top

Commands for managing tasks

kess-control --get-task-list

This command outputs a list of existing tasks.

Command syntax

kess-control [-T] --get-task-list [--json]

Arguments and options

--json is specified to output the settings in JSON format.

kess-control --get-task-state

This command outputs the status of the specified task.

Command syntax

kess-control [-T] --get-task-state <task ID/name> [--json]

Arguments and options

<task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

--json is specified to output the settings in JSON format.

kess-control --create-task

This command creates a task of the specified type with the default settings or settings specified in a configuration file.

Command syntax

Create a task with the default settings:

kess-control [-T] --create-task <task name> --type <task type>

Create a task with the settings from a configuration file:

kess-control [-T] --create-task <task name> --type <task type> [--file <configuration file path>] [--json]

Arguments and options

<task name> is the name that you specify for the new task.

<task type> is the identifier for the type of the created task.

--file <configuration file path>: the full path to the configuration file to import settings from.

kess-control --delete-task

This command deletes a task.

Command syntax

kess-control [-T] --delete-task <task ID/name>

Arguments and options

<task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

kess-control --start-task

This command starts a task.

Command syntax

kess-control [-T] --start-task <task ID/name> [-W] [--progress]

Arguments and options

<task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

[-W]: enable current events output.

[--progress]: display task progress.

kess-control --stop-task

This command stops a task.

Command syntax

kess-control [-T] --stop-task <task ID/name> [-W]

Arguments and options

<task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

[-W]: enable current events output.

kess-control --suspend-task

This command pauses a task.

Command syntax

kess-control [-T] --suspend-task <task ID/name>

Arguments and options

<task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

kess-control --resume-task

This command resumes a task.

Command syntax

kess-control [-T] --resume-task <task ID/name>

Arguments and options

<task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

kess-control --scan-file

This command creates and runs a custom scan task.

Command syntax

kess-control [-T] --scan-file <path> [--action <action>]

Arguments and options

<path>: the path to the file or directory to scan. You can specify multiple paths by separating them with a space.

--action <action> is the action to be performed by the application on the infected objects. If you do not specify the --action option, the application performs the recommended action.

Page top

Commands for managing encrypted connections scan settings

-N is a prefix indicating that the command belongs to the group of commands for managing secure connections scan settings.

kess-control -N --query

The command outputs lists of exclusions from encrypted connections scanning:

a list of exclusions added by the user;
a list of exclusions added by the application;
list of exclusions received from the application databases.

Command syntax

kess-control -N --query user

kess-control -N --query auto

kess-control -N --query kl

kess-control --clear-web-auto-excluded

This command clears the list of domains that the application has automatically excluded from scanning.

Command syntax

kess-control -N --clear-web-auto-excluded

kess-control --get-net-settings

The command outputs the current encrypted connections scan settings to the console or a configuration file.

Command syntax

kess-control [-N] --get-net-settings [--file <configuration file path>] [--json]

Arguments and options

--file <configuration file path>: the path to the configuration file to output the encrypted connections scan settings to. If you do not specify the --file option, settings will be output to the console.

--json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

kess-control --set-net-settings

The command configures the encrypted connections scan settings with command options or by importing settings from a configuration file.

Command syntax

Define settings via command options:

kess-control [-N] --set-net-settings <setting name>=<setting value> [<setting name>=<setting value>]

Define settings via a configuration file:

kess-control [-N] --set-net-settings --file <configuration file path> [--json]

Arguments and options

<option name> = <option value >: the name and value of an encrypted connections scan option.

--file <configuration file path>: the full path to the configuration file to import encrypted connections scan settings from.

kess-control --list-certificates

This command outputs a list of trusted root certificates.

Command syntax

kess-control [-N] --list-certificates

kess-control --add-certificate

This command adds a certificate to the list of trusted root certificates.

Command syntax

kess-control [-N] --add-certificate <path to certificate>

Arguments and options

<path to certificate> is the path to the certificate file that you want to add (PEM or DER format).

kess-control --remove-certificate

This command removes a certificate from the list of trusted root certificates.

Command syntax

kess-control [-N] --remove-certificate <certificate subject>

Page top

Statistics commands

-S is a prefix indicating that the command belongs to the statistics command group.

kess-control --app-info

This command outputs information about the application.

Command syntax

kess-control [-S] --app-info [--json]

Arguments and options

--json is specified to output the settings in JSON format.

kess-control --get-statistic

The command allows you to display statistics about the operation of the application and the list of mount points found on the device.

Command syntax

kess-control [-S] --get-statistic [--files] [--processes] [--mountpoints]

Arguments and options

[--files]: statistics of files most frequently scanned by the File Threat Protection component, and the number of times the component accesses these files.

[--processes]: statistics of applications most frequently scanned by the Behavior Detection component, and the number of times the component accesses these applications.

--mountpoints: list of mount points.

You can specify one or more options in any combination or no options at all. If you do not specify options, the application displays three lists: statistics on the most frequently scanned files, statistics on the most frequently scanned applications, and the list of mount points found on the device.

kess-control --omsinfo

This command creates a JSON file for integration with Microsoft Operations Management Suite.

Command syntax

kess-control [-S] --omsinfo --file <file path>

Page top

Commands for displaying events

kess-control -W

This command enables the display of current application events. The command returns the name of the event and additional information about the event. You can use the command to display all current application events or only events associated with a currently running task.

Command syntax

kess-control -W [--query "<filter conditions>"]

Arguments and options

<filter conditions>: one or several logical expressions in the format <field> <comparison operator> '<value>', combined with the logical operator and to output specific current events.

Page top

Commands for managing application events

-E: a prefix indicating that the command belongs to the group of commands used for managing application events.

kess-control -E

This command outputs information about all events in the application event log. You can use the less command to navigate through the list of displayed events.

Command syntax

kess-control -E

kess-control -E --query

This command outputs information about events from the application event log. You can use the less command to navigate through the list of displayed events. You can use a filter to output specific events or output a list of events to a file.

Command syntax

kess-control -E --query "<filter conditions>" [--db <database file>] [-n <number>] [--file <file path>] [--json] [--reverse]

Arguments and options

<database file> is the full path to the event log database file to output events from. By default, the application saves information about events to the /var/opt/kaspersky/kess/private/storage/events.db database. The location of the database is determined by the EventsStoragePath global application setting.

<filter conditions>: one or several logical expressions in the format <field> <comparison operator> '<value >', combined with the help of the logical operator and to limit the results.

<number> – number of the latest events of the selection (number of records from the end of the selection) to be displayed.

--file <file path> is the full path to the file to output events to. If you specify the name of a file without specifying its path, the file will be created in the current directory. If a file with the specified name already exists in the specified path, it will be overwritten. If the specified directory cannot be found on the disk, file will not be created.

If you do not specify the --file option, the list of events will be output to the console.

--json: output events in JSON format.

--reverse: display events in reverse order (from the newest event at the top to the oldest at the bottom).

Page top

Commands for managing license keys

-L is a prefix indicating that the command belongs to the group of commands used to manage license keys.

kess-control --add-active-key

The command lets you add an active license key to the application using a key file or activation code.

Command syntax

kess-control [-L] --add-active-key <key file path>

kess-control [-L] --add-active-key <activation code>

Arguments and options

<path to the key file> – path to the key file. If the key file is located in the current directory, it is sufficient to specify only the file name.

<activation code> – activation code.

Example:

Add a key as an active key from the /home/test/00000001.key file:

kess-control --add-active-key /home/test/00000001.key

kess-control --add-reserve-key

The command lets you add a reserve license key to the application using a key file or an activation code.

If an active key has not yet been added to the application on the device, the command fails.

Command syntax

kess-control [-L] --add-reserve-key <key file path>

kess-control [-L] --add-reserve-key <activation code>

Arguments and options

<path to the key file> – path to the key file. If the key file is located in the current directory, it is sufficient to specify only the file name.

<activation code> – activation code.

Example:

Add a reserve key using the /home/test/00000002.key file:

kess-control --add-reserve-key /home/test/00000002.key

kess-control --remove-active-key

This command lets you remove an active license key.

Command syntax

kess-control [-L] --remove-active-key

kess-control --remove-reserve-key

This command lets you remove a reserve license key.

Command syntax

kess-control [-L] --remove-reserve-key

kess-control -L --query

The -L --query command outputs information about the license that was used for activating the application and license keys currently in use.

Command syntax

kess-control -L --query [--json]

Arguments and options

--json: output data in JSON format.

Page top

Commands for Firewall Management

-F: a prefix indicating that the command belongs to the firewall management commands.

kess-control --add-rule

This command adds a new network packet rule.

Command syntax

kess-control [-F] --add-rule [--name <rule name>] [--action <action>] [--protocol <protocol>] [--direction <direction>] [--remote <remote address>[:<port range>]] [--local <local address>[:<port range>]] [--at <index>]

Arguments and options

--name <rule name> is the name of the network packet rule.

--action <action> is the action to be performed on connections specified in network packet rule.

--protocol <protocol> is the type of data transfer protocol for which you want to monitor network activity.

--direction <direction> is the direction of the monitored network activity.

--remote <remote address>[:<port range>]: the network address of the remote device.

--local <local address>[:<port range>] is the network address of the device with Kaspersky Embedded Systems Security installed.

--at <index>: the number of the rule in the list of network packet rules. If the --at option is not specified or its value is larger than the number of rules in the list, the new rule is added to the end of the list.

Parameters that you do not specify values for in the command are set to their default values.

kess-control --del-rule

This command deletes the network packet rule with the specified name or index in the list of rules.

Command syntax

kess-control -F --del-rule --name <rule name>

kess-control [-F] --del-rule --index <index>

Arguments and options

--name <rule name> is the name of the network packet rule.

--index <index>: the number of the rule in the list of network packet rules.

kess-control --move-rule

This command changes the execution priority of a network packet rule.

Command syntax

kess-control [-F] --move-rule --name <rule name> --at <index>

kess-control [-F] --move-rule --index <index> --at <index>

Arguments and options

--name <rule name> is the name of the network packet rule.

--index < index >: the current number of the rule in the list of network packet rules.

--at < index >: the new number of the rule in the list of network packet rules.

kess-control --add-zone

This command adds an address to a network zone.

Command syntax

kess-control [-F] --add-zone --zone <zone> --address <address>

Arguments and options

--zone <zone> is the predefined name of the network zone.

--address <address> is the network address or subnet.

kess-control --del-zone

This command removes an address from a network zone.

Command syntax

kess-control [-F] --del-zone --zone <zone> --address <address>

kess-control [-F] --del-zone --zone <zone> --index <address index>

Arguments and options

--zone <zone> is the predefined name of the network zone.

--address <address> is the network address or subnet.

--index <address index>: the number of the address in the network zone.

kess-control -F --query

This command displays firewall rules created using Kaspersky Embedded Systems Security.

Command syntax

kess-control -F --query

Page top

Commands used to manage blocked devices

-H is a prefix indicating that the command belongs to the group of commands for managing devices blocked by Anti-Cryptor and Network Threat Protection.

kess-control --get-blocked-hosts

The command allows you to output the list of blocked devices to the console.

Command syntax

kess-control [-H] --get-blocked-hosts

kess-control --allow-hosts

The command allows you to unblock blocked devices.

Command syntax

kess-control [-H] --allow-hosts <address>

Arguments and options

<address> is an IP address of the device or subnet (IPv4/IPv6, including addresses in short form). You can specify multiple IP addresses of devices or subnets by separating them with a space.

Page top

Commands for managing Device Control

-D is a prefix indicating that the command belongs to the group of commands to manage Device Control.

kess-control --get-device-list

The command outputs to the console a list of devices that are installed on a client device or connected to it.

Command syntax

kess-control [-D] --get-device-list [--json]

Arguments and options

--json: output data in JSON format.

Page top

Commands for managing Application Control

-A is a prefix indicating that the command belongs to the group of commands to manage Application Control.

kess-control --get-app-list

The command outputs a list of applications found on a client device by the Inventory task.

Command syntax

kess-control [-A] --get-app-list [--json]

Arguments and options

--json: output data in JSON format.

kess-control --get-categories

This command outputs a list of created application control categories.

Command syntax

kess-control [-A] --get-categories [--names <category name 1> <category name 2> ... <category name N>] [--file <path to configuration file>] [--json]

Arguments and options

<name of category 1> <name of category 2> ... <name of category N> – names of the categories whose information you want to view. If you want to view information about several categories, specify the names of the categories, separated by a space.

--file <path to configuration file> – full path to the JSON configuration file to which the settings will be output.

--json: output data in JSON format.

kess-control --set-categories

This command lets you create or edit the list of created Application Control categories.

Command syntax

kess-control [-A] --set-categories [--names <name of category 1> <name of category 2> ... <name of category N>] --file <path to configuration file>

Arguments and options

<name of category 1> <name of category 2> ... <name of category N> – names of the categories whose information you want to change. If you want to change information about several categories, specify the names of the categories, separated by a space. If you do not specify a category name, the category will be removed from the list.

--file <path to configuration file> – full path to the configuration file with the category settings.

kess-control --get-settings 21

This command outputs a list of created application control rules.

Command syntax

kess-control --get-settings 21 [--file <path to configuration file>] [--json]

Arguments and options

--file <path to configuration file> – full path to the configuration file to which the settings will be exported.

--json: output data in JSON format.

kess-control --set-settings 21

This command lets you edit the list of created application categories and Application Control rules.

Command syntax

kess-control --get-settings 21 [--file <path to configuration file>] [--json]

Arguments and options

--file <path to configuration file> – full path to the configuration file from which the settings will be imported.

--json – import data from a JSON file.

kess-control --set-to-default 21

This command lets you delete a list of application categories and Application Control rules.

Command syntax

kess-control --set-settings 21 --set-to-default

kess-control ---add-app-control-trust-certificates

This command adds a certificate to Application Control's list of trusted certificates.

Command syntax

kess-control [-A] --add-app-control-trust-certificates <path to certificate>

Arguments and options

<path to certificate> is the path to the certificate file that you want to add (PEM or DER format).

kess-control --remove-app-control-trust-certificates

This command removes a certificate from Application Control's list of trusted certificates.

Command syntax

kess-control [-A] --remove-app-control-trust-certificates < certificate serial number>

kess-control --query-app-control-trust-certificates

This command outputs a list of Application Control's trusted certificates.

Command syntax

kess-control [-A] --query-app-control-trust-certificates

Page top

Commands for managing Backup

-B is a prefix indicating that the command belongs to the group of commands used to manage the Backup storage.

kess-control -B --mass-remove

The command deletes some or all objects from Backup.

Command syntax

Delete all objects:

kess-control -B --mass-remove

Delete objects that match the filter conditions:

kess-control -B --mass-remove --query "<filter conditions>"

Arguments and options

<filter conditions>: one or several logical expressions in the format <field> <comparison operator> '<value >', combined with the help of the logical operator and to limit the results.

kess-control -B --query

This command outputs information about Backup objects.

Command syntax

Output information about all objects in Backup:

kess-control -B --query [-n <number>] [--json] [--reverse]

Output information about Backup objects that match the filter conditions:

kess-control -B --query ["<filter conditions>"] [-n <number>] [--json] [--reverse]

Arguments and options

<filter conditions>: one or several logical expressions in the format <field> <comparison operator> '<value >', combined with the help of the logical operator and to limit the results. If you do not specify any filter conditions, the application will display the details of all objects in Backup.

<number>: the number of the most recent objects to display. If you do not specify the -n switch, the last 30 objects will be displayed. To display all objects, specify 0.

--json: output data in JSON format.

--reverse – output objects in reverse order (from the newest object at the top to the oldest at the bottom).

kess-control -B --restore

This command restores an object from Backup.

Command syntax

kess-control -B --restore <object ID> --file <path to file>

Arguments and options

<object ID>: the ID of the Backup object.

--file <file path>: the new name of the file and the path to the directory to save it to. If you do not specify the --file option, the object will be restored with its original name and to its original location.

Page top

Commands for managing users and roles

-U is a prefix indicating that the command belongs to the group of commands for managing users and roles.

kess-control --get-user-list

This command outputs a list of users and roles.

Command syntax

kess-control [-U] --get-user-list

kess-control --grant-role

This command assigns a role to a specific user.

Command syntax

kess-control [-U] --grant-role <role> <user>

kess-control --revoke-role

This command revokes a role from a specific user.

Command syntax

kess-control [-U] --revoke-role <role> <user>

Page top

Commands for managing system performance metrics

kess-control --export-metrics

This command allows configuring the collection of operating system performance metrics.

Command syntax

kess-control [-J] --export-metrics [--period <interval in seconds between exports>|--interactive]

Arguments and options

--period enables periodic output of results.

<interval in seconds between exports> (in seconds) sets the output period.

--interactive enables interactive output (on the Enter key being pressed).

Page top

Contents

Appendix 2. Commands for managing Kaspersky Embedded Systems Security

Commands for managing application tasks and settings

Commands for managing general application settings

Commands for managing task settings

Commands for managing tasks

Commands for managing encrypted connections scan settings

Statistics commands

Commands for displaying events

Commands for managing application events

Commands for managing license keys

Commands for Firewall Management

Commands used to manage blocked devices

Commands for managing Device Control

Commands for managing Application Control

Commands for managing Backup

Commands for managing users and roles

Commands for managing system performance metrics