F-Secure BlackLight Command Line Help
F-Secure BlackLight Command Line scanner has all the same
features as the GUI version of BlackLight. The main
difference is that System Administrators are able to create scripts
to automate scanning more easily.
For home users, we recommend the GUI (Graphical User Interface)
version of BlackLight.
Like the GUI version, the command line version is a
stand-alone executable. There is no install package. You simply run the program,
blbetac.exe
, and then delete the file if you wish
to stop using it. Please note that you need to have administrator
privileges to run BlackLight.
The command line version accepts multiple command line options,
including:
--help
Provides Help information for BlackLight Command
Line.
--expert
Scan in Expert mode. The default is Normal
mode.
--show-eula
Show the End User License Agreement and
exit.
--accept-eula
Accept the End User License Agreement
(non-interactive mode). If you are calling the progam from a script, you should
specify this option.
--rename <regexp>
If the full path (e.g.
"c:\folder\filename.ext") of a hidden item matches the regular expression, queue
the file for renaming. The regular expression is case-insensitive.
Examples of regular expressions:
- "--rename c:\\.*\.exe" means all files on c: with
.exe extension
- "--rename c:\\foldername\\.*" means all files in
c:\foldername\.
Cautions:
- You should back up all important data externally before attempting to
clean a system using the renaming option. Malware removal can impede your
operation system, and so a system reinstall/repair may be required.
- You should only rename hidden items that are part of the rootkit.
Important system files may also be hidden for some reason. Renaming them might
damage the operating system.
Note: Renaming requires a system restart. Therefore, using the rename option
in a login-script is not advised. Unsuccessful renaming within a login-script
could lead to an endless loop.
--reboot-if <timeout>
If items have been queued for
renaming, reboot the computer after <timeout> seconds.
--minimize-window
Minimize the console window.
The command line version returns the following return
codes:
- 0 = Scan completed
- 1 = Scan completed, hidden items found
- 2 = Scan aborted by user
- 3 = Scan completed with errors
You can automate scans in many different ways, for example:
Here is an example batch script that calls the command line
tool, checks the return code and acts based on the result:
---
@echo off
REM
***********************************************************
REM Example script for F-Secure BlackLight command line scanner
REM
***********************************************************
REM ** Run a rootkit scan and save the output
"c:\Program Files\F-Secure\blbetac.exe" --accept-eula
--minimize-window > "c:\Program Files\F-Secure\blbetac.log"
REM ** Check the results of the scan
if %ERRORLEVEL% EQU 0 goto scan_ok
if %ERRORLEVEL% EQU 1 goto hidden_items
if ERRORLEVEL 2 goto scan_not_ok
:scan_not_ok
REM ** Scan did not complete cleanly, copy the output to a
centralized location
type "c:\Program Files\F-Secure\blbetac.log" >>
\\server\share\blbetac_%COMPUTERNAME%_error.log
goto end
:hidden_items
REM ** Hidden items were found, copy the output to a centralized
location
type "c:\Program Files\F-Secure\blbetac.log" >>
\\server\share\blbetac_%COMPUTERNAME%_hiddenitems.log
goto end
:scan_ok
REM ** Scan completed successfully, do possible cleanup
del /q "c:\Program Files\F-Secure\fsbl*.log"
goto end
:end
---
To use F-Secure BlackLight Command Line, your computer must have
one of the following supported operating systems:
- Windows 2000 (from sp0 to sp4)
- Windows XP (from sp0 to sp2)
- Windows 2003 Server (sp0, sp1)
Note: BlackLight currently only operates on
32-bit Windows platforms.
|
