| abcount | Show name and hash antibody counts |
| abstate state filename|hash | Modify data AB state |
| allowuninstall [0|1] | Turn allow uninstall off or on, or report state |
| analyze | Analyze potential issues, generate analysis.bt9 |
| analyzenow [filename] | Tells the Agent to analyze a file right now |
| capture file | Make a zip file of diagnostic data |
| certificates | Displays cached certificate information |
| certinfo file [flags] [store] | Display certificate information on a file |
| certwvt file [flags] | Run WVT on file |
| certchain certhash|id | Displays a certificate chain by hash or id |
| certfind certhash|id|invalid | Displays files with certificate |
| certstates | Displays certificate approvals + bans |
| checkcache | Instruct the agent to correct cache problems |
| classifications | Displays current classifications and tags |
| clcounts | Get current configuration list counts |
| comment | Add a comment to the diagnostic trace |
| configlist | Get current configuration list version |
| configlistrefresh | Force config list refresh from server |
| configprops | Display active config properties |
| connect | Connect to server |
| copycache file | Make a safe copy of the live cache file |
| counters | Display counter information |
| countevents start end | Event counts (All|Sent|Unsent) |
| countreports start end | File report counts (All|Sent|Unsent) |
| crawlfile file | Prioritize a crawl of file |
| crawlinfo file|dir | Display top-level package and file analysis |
| crawljobs | Show outstanding crawl jobs |
| debuglevel [#] | Set agent debug message level, or report state |
| devicerules | Shows server device control rules |
| devices [all] | Shows attached devices (or all devices seen) |
| dirty | Displays current dirty entries |
| diagnostics [+/-]Setting | Queries or enables/disables diagnostics |
| disconnect | Disconnect from server |
| dump agent|system|config | Generate a crash dump, or config dump options |
| enforcement [high|med|low] | Show or change the enforcement level |
| extdab file | Apply extdab file to local external DAB |
| fileassoc file extension | Find file or protocol association string |
| filereports num | Display unsent file reports |
| files | Display files actively under analysis |
| filetype hex | Converts hexadecimal file type into string |
| find file|hash [qualifiers] | Find file(s) by filename or hash |
| flushlingering | Flush DABs with no corresponding NABs |
| flushlogs | Reset all agent log files to empty state |
| hash sha1|sha256|md5|bulk fn | Hash file/path or create bulk import list |
| healthcheck | Tests the operational health of the Agent |
| help | Display available commands |
| hostgroup | Get current host group identifier |
| importconfiglist file [now] | Loads configlist (requires restart unless now) |
| images [pid] | Displays loaded images |
| importkeychain [filename] | Import the keychain.json file from the path specified. |
| importservercertlist [filename] | Import the TrustedCertList.pem file from the path specified. |
| initializationallowed [0|1] | Allow initialization without server approval |
| installchain ieid | Displays processes by IEID |
| installs [active|trusted|msi] | Displays install events |
| isconnected | Is the agent connected to the server |
| isinitializing | Is the agent initializing |
| isinsession | Is the agent in session with the server |
| issleeping | Is the agent sleeping |
| kernelconfig name value | Send a name/value property to the kernel |
| kerneltrace [level [flags]] | Enable tracing at level; use 0 to disable |
| knormalize file | Show the normalized kernel filename |
| kprocess pid | Show kernel process information |
| links file | Display all hard links for file |
| localapprovals | Display local hash approvals |
| logonsessions | Display logon sessions and interactive users |
| metadata file | Displays metadata information for file |
| nettrace [0|1] | Turn network tracing off or on, or report state |
| password pwd [timeout#] | Enabled command access for timeout seconds |
| prioritize [0|1] | Prioritizes communication with the Cb Protection Server |
| process pid | Show process information by process id |
| processes | Show process list |
| queues | Displays outstanding queue items |
| resetcounters | Reset counters back to their initial state |
| restartcrawls | Clear crawler jobs and restart them all |
| restoreDB | Restores DB to backup |
| deleteDB | Deletes DB |
| refreshGlobalStates | Re-evaluates all global hash states |
| register | Terminates the current HTTPS session and re-registers current computer with the Server using the current ClientId. |
| register hostimage | Registers a new Golden Image with the Server. Agent sets the OldClientId to the same value as the current ClientId and re-registers with the Server. While processing register request, the Server detects a new Golden Image registration by comparing the reported ClientId with the OldClientId. If a new Golden Image is detected, Server creates an on-the-fly snapshot of the device to be used as a Template and directs the Template Computer to generate a new ClientId. Note: |
| register clone | Registers a new Clone with the Server. Agent sets the OldClientId to a pre-defined value, "HOSTIMAGE", keeps the current ClientId unchanged and re-registers with the Server. |
| register newclient | Terminates the current HTTPS session, populates OldClientId with the current ClientId. Generates a new ClientId and re-registers the computer with the Server using the new ClientId. |
| resync | Resynchronize file information with server |
| revertcliconfigprops | Revert all config props set from the CLI |
| runtimer name | Schedules a timer to run immediately |
| ruletags [add|remove] | Adds/Removes/Queries Global Rule Tags |
| safeboot query|set|clear | Recover from failed boot or query blocked files |
| server | Display the server address |
| servernamecheck [0|1] | Display or set SSL CN validation |
| setconfigprop name=value | Set agent configuration property |
| setserver address [port] | Change server address/port (requires repair install) |
| showmemorypolicies | Show the memory policies for this host |
| shownamebans | Display the blocked by name list |
| showpapaths | Show the pre-approval folders on this host |
| showpathpolicies | Show the path policies for this host |
| showregpolicies | Show the registry policies for this host |
| showscriptpolicies | Show the script policies for this host |
| showsysteminfo | Show system information |
| showpublisherstates | Show publisher policies |
| showupgrades | Show agent upgrade information |
| sidinfo user|group|sid | Display information about a SID, user or group |
| stategroups | Query the list of active state group ids |
| sslmode [#] | Set mode (1:Basic, 2:Strong), or report mode |
| status | Display status summary |
| tamperprotect [0|1] | Set tamper protection, or report state |
| testpattern pattern name | Tests whether a given pattern matches a name |
| timers | Displays outstanding timers |
| trustedusers | Show trusted users |
| updatemsiinfo | Rescan MSI file groups |
| uploads | Show outstanding uploads |
| uploaddiagnostics | Collect and upload diagnostics to the server |
| users | Show logged on users |
| version | Display the software versions |
| volumes | Display volume information |
| wait cond [timeout] | Wait until condition is true, up to timeout seconds |
| windowsupdates | Displays installed windows update summary |
| yara filename [force] | Instructs agent to import yara rules |
| policy [add|delete|query|queryunexpanded] [xmlfilename|[path|script|object|registry]] | Add, delete policies from the xml file, or query specified or all policy types |
| deleterule [rule ID] [path|script|object|registry] | Delete the specified rule |
