Manual Scan Commands Parent topic

Perform actions related to manual scans on endpoints using the Command Line Interface by typing your command in the following format:
SLCmd.exe -p <admin_password> <command>   <parameter> <value>
Note
Note
  • The Manual Scan commands require special licensing. Ensure that you have the correct Activation Code before using Manual Scan commands. For more information on how to obtain the Activation Code, contact your sales representative.
  • For agent component updates, make sure that Safe Lock agents can connect to an update source without using a proxy server.
  • After a component update is complete, you cannot roll back the component to a previous version.
The following table lists the commands, parameters, and values available.

Manual Scan Commands

Command
Parameter
Description
start scan
[-action <action>]
Start a manual scan on an endpoint
Use the -action option to specify an action to perform when a detection is found. The following lists the available actions:
  • 0: No action
  • 1: Clean, or delete if the clean action is unsuccessful
  • 2: Clean, or quarantine if the clean action is unsuccessful. This is the default action.
  • 3: Clean, or ignore if the clean action is unsuccessful
For example, type: SLCmd.exe -p <admin_password> start scan -action 1
Note
Note
  • For each manual scan, Safe Lock saves the scan results in a log file (with a file name of TMSLScanResult_YYYYMMDDHHMMSS.log) in C:\Program Files\Trend Micro\Safe Lock\Scan\log.
  • With administrator privileges, you can restore quarantined files using the following command:
    WKSupportTool.exe RestorePrescan <QuarantinedFilePath> <FilePathToRestore>
    where <QuarantinedFilePath> is the file path of the quarantined file and <FilePathToRestore> is the folder location to restore the file.
    For information about quarantined files, see the scan logs.
start update
  
Update Safe Lock agent components (pattern file and scan engine)
set update
-source <source>
Set the update source for component updates
show update
-source <source>
Display the current update source