Command Line

ESET NOD32 Antivirus’s antivirus module can be launched via the command line – manually (with the “ecls” command) or with a batch (“bat”) file.

The following parameters and switches can be used when running the on-demand scanner from the command line:

General options:   
–help show help and quit
–version show version information and quit
–base-dir=FOLDER load modules from FOLDER
–quar-dir=FOLDER quarantine FOLDER
–aind show activity indicator
–auto scans all hard drives in the cleaning mode
–files scan files (default)
–no-files do not scan files
–boots scan boot sectors (default)
–no-boots do not scan boot sectors
–arch scan archives (default)
–no-arch do not scan archives
–max-archive-level=LEVEL maximum archive nesting LEVEL
–scan-timeout=LIMIT scan archives for LIMIT seconds at maximum. If the scanning time reaches this limit, the scanning of the archive is stopped and the scan will continue to the next file
–max-arch-size=SIZE only scan the first SIZE bytes in archives (default 0 = unlimited)
–mail scan email files
–no-mail do not scan email files
–sfx scan self-extracting archives
–no-sfx do not scan self-extracting archives
–rtp scan runtime packers
–no-rtp do not scan runtime packers
–exclude=FOLDER exclude FOLDER from scanning (example of excluding multiple folders: –exclude <first>,<second>,…)
–subdir scan subfolders (default)
–no-subdir do not scan subfolders
–max-subdir-level=LEVEL maximum subfolder nesting LEVEL (default 0 =unlimited)
–symlink follow symbolic links (default)
–no-symlink skip symbolic links
–ext-exclude=EXTENSIONS exclude EXTENSIONS delimited by colon from scanning
–adware scan for Adware/Spyware/Riskware
–no-adware do not scan for Adware/Spyware/Riskware
–unsafe scan for potentially unsafe applications
–no-unsafe do not scan for potentially unsafe applications
–unwanted scan for potentially unwanted applications
–no-unwanted do not scan for potentially unwanted applications
–pattern use signatures
–no-pattern do not use signatures
–heur enable heuristics
–no-heur disable heuristics
–adv-heur enable Advanced heuristics
–no-adv-heur disable Advanced heuristics
–action=ACTION perform ACTION on infected objects. Available actions: none, clean, prompt
–quarantine copy infected files to Quarantine (supplements ACTION)
–no-quarantine do not copy infected files to Quarantine
–log-file=FILE log output to FILE
–log-rewrite overwrite output file (default – append)
–log-all also log clean files
–no-log-all do not log clean files (default)

The possible exit codes of the scan:


Exit codes greater than 100 mean that the file was not scanned and therefore can be infected.

0 – no threat found
1 – threat found and cleaned
10 – some files could not be scanned (may be threats)
50 – threat found
100 – error


Command Line