-
Command Line Parameters (Premium Only Feature):
- /undo
Remove protections but leave whitelists - /undoall
Remove protections and all whitelists - /l=#
Set a specific plan level set of protections
Note: l is a lowercase L
#=0 for None Protection Plan
=1 for Minimal Protection Plan
=2 for Default Protection Plan
=3 for Maximum Protection Plan
=5 for Extreme Protection Plan
=a for Custom Plan (This won’t actually apply any new settings it will just reapply current settings) - /whitelist
Whitelist all EXEs in protected locations - /enablesidebar
Enable Sidebar and Gadgets - /disablesidebar
Disable Sidebar and GadgetsFor the following protections a “=0” can be added to disable protection. Enabling the protection would not require additional parameters.
You may also want to run “/apply” to ensure settings have been fully applied. - /bcdedit
Prevent bcdedit from execution on the system - /syskey
Prevent syskey from execution on the system - /cipher
Prevent cipher from execution on the system - /vssadmin
Prevent vssadmin from execution on the system - /known
Enable Prevent known malware from starting on Protection Settings->Software Restriction Policies->Default Plan - /programdata
Enable %programdata% on Protection Settings->Software Restriction Policies->Default Plan - /userprofile
Enable %userprofile% on Protection Settings->Software Restriction Policies->Default Plan - /startup
Enable Startup Folders on Protection Settings->Software Restriction Policies->Default Plan - /bin
Enable Recycle Bin on Protection Settings->Software Restriction Policies->Minimum Plan - /appdata
Enable %appdata% on Protection Settings->Software Restriction Policies->Minimum Plan - /appdatadeep
Enable %appdata%\* on Protection Settings->Software Restriction Policies->Minimum Plan - /localappdata
Enable %localappdata% on Protection Settings->Software Restriction Policies->Minimum Plan - /localappdatadeep
Enable %localappdata%\* on Protection Settings->Software Restriction Policies->Maximum Plan - /fakeexts
Enable Double File Extensions on Protection Settings->Software Restriction Policies->Minimum Plan - /tempexes
Enable Block Executables Temporarily Extracted from Archives on Protection Settings->Software Restriction Policies->Maximum Plan
- /w=[filename.ext]
Whitelist a specific executable in %appdata% - /p=[filename.ext]
Whitelist a specific executable in %programdata% - /u=[filename.ext]
Whitelist a specific executable in %userprofile% - /s=[filename.ext]
Whitelist a specific executable in Startup Folder - /a=[custom allow policy rule]
Custom allow rule; full file/path NO WILDCARDS - /b=[custom block policy rule]
Custom block rule; wildcards supportedYou can add multiple entries by separating values with “,”(comma)
- /enablefiltermodule
Enable the filter module based on the current settings - /disableenablefiltermodule
Disables the filter module (regardless of current settings) - /noallowprompt
Disable allowing applications from running when blocked by filter module - /sg=[type] (separate values with a ‘,’ comma) * Requires v21.07.07 or later!
Enable ‘ShadowGuard’ protection; valid types include “powershell”, “wmic”, and “vssadmin” - /disablesg=[type] (separate values with a ‘,’ comma) * Requires v21.07.07 or later!
Disable ‘ShadowGuard’ protection; valid types include “powershell”, “wmic”, and “vssadmin” - /fs=[extensionType] (separate values with ‘,’ comma)
Add suspicious filter module for CPL, SCR, or PIF - /fc=[extensionType] (separate values with ‘,’ comma)
Add constant filter module for CPL, SCR, or PIF - /disablefs=[extensionType] (separate values with ‘,’ comma)
Remove supsicious filter moduel for CPL, SCR, or PIF - /disablefc=[extensionType] (separate values with ‘,’ comma)
Remove constant filter module for CPL, SCR, or PIF - /exefilter
Enable EXE/COM program filter - /disableexefilter
Disable EXE/COM program filter - /enablefolderwatch
Enable FolderWatch Protection - /disablefolderwatch
Disable FolderWatch protection - /enablehoneypot
Enable FolderWatch HoneyPot Detection (note: FolderWatch Protection must also be enabled) - /disablehoneypot
Disable FolderWatch HoneyPot Detection
- /enableemail
Enable email alerts (uses already defined settings) - /disableemail
Disable email alerts - /enabletray
Enable tray icon autostart - /disabletray
Disable tray icon autostart - /enableupdates
Enable scheduled updates (uses existing hour) - /disableupdates
Disable schedule updates - /updatehour=[XX] or Random
Defines update hours for scheduled updates
(XX should be between 00 and 23)
(Assumes /enableupdates command as well)
- /killemall
Kills all non-essential running processes - /test + /silent
Writes a file w/ text 0 or 1 to show protections status - /test
Displays a form to show protection status - /silent
Silent Mode - /reboot
Reboots the system (final operation if other parameters are defined) - /nogpupdate
Skip the group policy update after changes - /apply
Apply protection and alert when completed - /logging or /debug
Enable logging output to logs folder
- /emailusername=”user@addy.com”
- /emailsamesendtofromaddy
- or use the following together:
- /emailfromaddy=”user@addy.com”
- /emailsendtoaddy=”user@addy.com”
- or use the following together:
- /emailpassword=”password”
- /emailserver=”serverAddress”
- /emailport=”portNumber”
- /emailauthenable
- (Add =0 to disable)
- /emailstarttlsenable
- (Add =0 to disable)
- /emailsslenable
- (Add =0 to disable)
- /clientemailid=”Client ID to be added to Email Subject”
- /emaillocksettings
-
- (Add =0 to disable)
- Only applies to Bulk or White-Label Editions
-
- /ProxyUpdateEnabled (add ‘=0’ to disable)
Enables proxy for update operations - /ProxyUpdateAddress=[domain]
Set proxy address to specified domain or IP for update operations - /ProxyUpdatePort=[Port#]
Set proxy port number for update operations - /ProxyUpdateUser=[userName]
Set proxy username for update operations - /ProxyUpdatePassword=[password]
Set proxy password for update operations - /ProxyUpdateSocksEnabled (add ‘=0’ to disable)
Set proxy to be SOCKS proxy instead of HTTP proxy for update operations - /ProxyEmailEnabled (add ‘=0’ to disable)
Enables proxy for email operations - /ProxyEmailAddress=[domain]
Set proxy address to specified domain or IP for email operations - /ProxyEmailPort=[Port#]
Set proxy port number for email operations - /ProxyEmailUser=[userName]
Set proxy username for email operations - /ProxyEmailPassword=[password]
Set proxy password for email operations - /ProxyEmailSocksEnabled (add ‘=0’ to disable)
Set proxy to be SOCKS proxy instead of HTTP proxy for email operations - /ProxySame (add ‘=0’ to disable)
Apply the same proxy settings for email as are applied for updates - /ProxyFromFile=[ini file location]
Applies proxy settings from an INI file format
Example Proxy INI File contents:
[Proxy] UpdateSameEmail=1 or 0
UpdateEnabled=1 or 0
ProxyAddressU=testAddress
ProxyPortU=1234
ProxyAuthU=1 or 0
ProxyUserU=userName
ProxyPassU==password
ProxySocksU=1 or 0
EmailEnabled=1 or 0
ProxyAddressE=testAddress
ProxyPortE=1234
ProxyAuthE=1 or 0
ProxyUserE=userName
ProxyPassE==password
ProxySocksE=1 or 0