This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Command-Line Updates and Scans

This Article Applies to:

  • Avast Small Business Solutions
  • Avast Small Office Protection
  • Avast Business Antivirus
  • Avast Business Antivirus Pro
  • Avast Business Antivirus Pro Plus
  • Avast Business CloudCare Antivirus

Command Line Updater/Scanner (Windows)

Below are the folder paths to the Avast command line updater/scanner, and report files.

Default .exe File location:

  • %ProgramFiles%\AVAST Software\Avast

Default Report File location:

  • %ProgramData%\AVAST Software\Avast\report

ashUpd.exe (Updates)

Update Virus Definitions Command: ashUpd.exe vps [/autoreboot] [/help]

Update Antivirus Program Command: ashUpd.exe program [/autoreboot] [/help]

ashCmd.exe (Scans)

  • (area name): area for virus testing; there can be multiple areas in your command
  • /# or --remote: remote disks
  • /* or --local: local hard drives
  • /?, /h or --help: displays a short description of all parameters
  • /@ = expect string or --task = expect string: parameter contains name of task which will be started; other parameters are ignored
  • /_ or --console: application will be ready for STDIN/STDOUT
  • /a or --testall: test of all files
  • /c or --testfull: scan entire files
  • /d or --dontpanic: do not switch to 'panic mode' when a virus is found
  • /e = expect byte or --heuristics = expect byte: set the heuristic sensitivity, where 0 is no heuristics and 100 is the maximum sensitivity
  • /f = expect string or --fileactions = expect string=[BPSW] additional configuration for actions on infected files:
    • B: allow delayed actions (after reboot) for locked files
    • P: if a file cannot be removed from an archive, try to remove its parent(s) instead
    • S: do not remove associated auto-start references when removing a file
    • W: when an infected file is found in an archive, perform the action with the whole archive, not just the file inside
  • /g = expect byte or --checkgenuine = expect byte: =[0|1] check digital signatures of infected files (and ignore genuine)
  • /i or --ignoretype: ignore virus sets
  • /j or --paging: paging the lines if program is not in STDOUT mode (parameter /_)
  • /m or --boot: test boot sectors and whole operating memory
  • /p = expect byte or --continue = expect byte: program doesn't wait for user input (/p); automatic action with infected file (/p=[01234])
    • 0: fix automatically
    • 1: delete file
    • 2: quarantine
    • 3: repair
    • 4: stop when virus is detected
  • /q or --stopclean: stop on clean files and wait for user input
  • /r = expect string or --report = expect string: =[*~][file] create report file. * includes Ok files, ~ includes skipped files
  • /s or --soundoff: no sounds
  • /t = expect string or --archivetype = expect string: =[JZIMXRSTGCBWOEQHFVKPY7D6U4123AN]; default option is /t=XSW2
  • /u = expect string or --sendmessage = expect string=(address) send message about found virus to selected address
  • /w = expect string or --exclude = expect string: =(mask) exclude specific file/folder from scanning (wildcards accepted)
  • /x = expect string or --virustypes = expect string: =[P] detect specific malware types that are not detected by default:
    • P: PUPs (potentially unwanted programs)

Return Codes

Avast uses both internal and Microsoft return codes.

Internal codes

  • <ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
  • <ExitCode Type='Infected' Description='Threat was detected'>1</ExitCode>
  • <ExitCode Type='Warning' Description='Access denied'>5</ExitCode>
  • <ExitCode Type='Warning' Description='Sharing violation - file in use'>32</ExitCode>
  • <ExitCode Type='Error' Description='Invalid scan parameter specified'>87</ExitCode>
  • <ExitCode Type='Error' Description='Archive too large to be scanned'>42057</ExitCode>
  • <ExitCode Type='Error' Description='Operation cancelled by user'>42011</ExitCode>

You may also find return codes matching those in Avast Error Codes.

Microsoft codes

Microsoft codes can be found here.

Example Avast Batch Script

This is just for scanning common areas for infections.

@Echo Off

CD /D "%ProgramFiles%\AVAST Software\Avast"

ashUpd VPS

ashCmd "%SystemDrive%\Users\*" "%WinDir%\*" /e=50 /f=B /m /p=0 /s /r="%ProgramData%\AVAST Software\Avast\report\DefaultScan.txt"

"%WinDir%\System32\ShutDown.exe" /r /f /t 60 /c "Restarting computer in 1 (one) minute! Please save all work immediately!"

Exit

  1. Changes directory to %ProgramFiles%\AVAST Software\Avast
  2. Checks for virus definition updates (highly recommended before starting scan)
  3. Runs a default scan (executable and documents) just on the users' profiles and Windows folders, and also scans boot sector and memory
    • Heuristic sensitivity is set at medium (normal)
    • Attempts to fix infected files automatically, including locked files after restart
    • Disables sound
    • Creates %ProgramData%\AVAST Software\Avast\report\DefaultScan.txt report file
  4. Restarts device after scan, and exits batch script

Command Line Scanner (macOS)

You can use terminal commands to scan your macOS devices with Essential/Premium/Ultimate Business Security or Small Office Protection.

Path: /Applications/Avast.app/Contents/Backend/utils/scan -h

Usage examples:

  • /Applications/Avast.app/Contents/Backend/utils/scan [-e PATH] [-l LEVEL] [-abfipux] [-t TYPE] [PATH]...
  • /Applications/Avast.app/Contents/Backend/utils/scan [-a] -U [URL]...
  • /Applications/Avast.app/Contents/Backend/utils/scan -V
  • /Applications/Avast.app/Contents/Backend/utils/scan -h | -v

Scans

  • -h: Print short usage info and exit
  • -v: Print program version and exit
  • -U: Check URLs
  • -V: Print the virus definitions (VPS) version and exit
  • -e PATH: Exclude PATH from the scan. Can be specified multiple times
  • -a
    • Without -t: Print all scanned files, not only infected
    • With -t: Aside from infected, print also some other random scanned files, so that progress can be seen
  • -b: Report decompression bombs as infections. Not compatible with -t
  • -f: Scan full files
  • -p: Print archive content
  • -u: Report potentially unwanted programs (PUP)
  • -l LEVEL: Set heuristics level to LEVEL (0-100)
  • -x: Do not extract archives
  • -t TYPE: Run one of scans whose reports can later be seen in GUI:
    • FULL: full system scan; do not specify PATH
    • CUSTOM: scan of custom PATHs
    • SMART: smart scan; cannot be run by root. Do not specify PATH

Exit Status

  • 0: no infections were found
  • 1: some infected file was found
  • 2: an error occurred

 

Other Articles In This Section:

Configuring Virus Scans

Creating and Configuring Custom Scans

Related Articles:

Resolving Threats