WARNING: Starting with version 2.3, Scan feature requires a RogueKiller Technician license.
WARNING: Starting with v4.0, some of the parameters have changed. Please double check carefully your existing scripts.
Available scan modes
- -scan: Start standard scan
- -quickscan: Start quick scan
- -customscan: Start custom scan (needs additional arguments, see below)
Available scan parameters
- -reportpath {report_path}: Specify a file path where the report will be also copied
- -reportformat {json|txt}: Specify a file format for the report copy
- -accept-eula: Accept terms and conditions without prompt
- -deleteall: Remove all found elements after a scan
- -deletecritical: Remove only critical (meaning detections that are NOT “PUP.” or “PUM.”) elements after a scan
- -ignoreall: Ignore all found elements after a scan
- -no-interact: No user interaction, equivalent to -accept-eula and -deletecritical
- -debuglog {path}: Log scan activity to a file
- -portable-config {path_to_portable_config_file}: Specify a portable config file generated by the Technician
- -portable-license {license_email} {license_key}: Technician only, uses the given license in memory only (portable mode)
- -portable-signatures {path}: Uses the given signatures package instead of checking online
- -portable-workdir {path}: Directory to use for scanner files storage. Leaves no traces outside of this.
- -excluded-paths: Paths to exclude from scanner (files / folders), up to 10 paths
Custom scan
- -scanoptions: Modules to use for scan, any combination with “processes, services, tasks, registry, filesystem, wmi, hosts, web, outdated”
- -scanpaths: Custom paths to scan (folders), up to 10 paths
Examples
RogueKillerCMD.exe -scan
RogueKillerCMD.exe -quickscan
RogueKillerCMD.exe -customscan -scanoptions processes filesystem task web outdated
RogueKillerCMD.exe -customscan -scanpaths "C:/my_folder_to_scan" "C:/folder/my_other_folder_to_scan"
RogueKillerCMD.exe -scan -no-interact -deleteall
RogueKillerCMD.exe -scan -no-interact -deletecritical
RogueKillerCMD.exe -scan -no-interact -ignoreall
RogueKillerCMD.exe -scan -reportpath C:\report.txt -reportformat txt
RogueKillerCMD.exe -scan -portable-config C:\my_config.ini
RogueKillerCMD.exe -scan -debuglog C:\debug.log -accept-eula
RogueKillerCMD.exe -scan -portable-license licenseid@email.com AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA
RogueKillerCMD.exe -scan -portable-signatures "Z:\roguekiller_signatures.zip"
RogueKillerCMD.exe -scan -portable-workdir "C:\roguekiller_workdir"
RogueKillerCMD.exe -scan -excluded-paths "C:\folder_to_exclude" "C:\file_to_exclude.exe"
=== POWERSHELL ===
Start-Process -NoNewWindow -FilePath .\RogueKillerCMD.exe -ArgumentList "-quickscan -portable-config Z:\roguekiller_license.lic -deleteall -no-interact" -Wait -PassThru
During the scan multiple user interactions can be requested to accept EULA, validate update or choose a removal mode. This can be avoided by using the -no-interact flag.
Default values are to accept EULA, accept update and use standard (no PUP/PUM) removal mode.