Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: What Dascli Commands are Available?

App Control: What Dascli Commands are Available?

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Question

What Dascli Commands are Available?

Answer

Not Authenticated:
capture fileMake a zip file of diagnostic data
certinfo file [flags] [store]Display certificate information on a file
certwvt file [flags]Run WVT on file
commentAdd a comment to the diagnostic trace
copycache fileMake a safe copy of the live cache file
countersDisplay counter information
countevents start endEvent counts (All|Sent|Unsent)
countreports start endFile report counts (All|Sent|Unsent)
fileassoc file extensionFind file or protocol association string
filetype hexConverts hexadecimal file type into string
hash sha1|sha256|md5|bulk fnHash file/path or create bulk import list
helpDisplay available commands
initializationallowed [0|1]Allow initialization without server approval
isconnectedIs the agent connected to the server
isinitializingIs the agent initializing
isinsessionIs the agent in session with the server
links fileDisplay all hard links for file
logonsessionsDisplay logon sessions and interactive users
metadata fileDisplays metadata information for file
password pwd [timeout#]Enabled command access for timeout seconds
serverDisplay the server address
sidinfo user|group|sidDisplay information about a SID, user or group
statusDisplay status summary
validatecerts Revalidate certificates
versionDisplay the software versions
wait cond [timeout]Wait until condition is true, up to timeout seco
windowsupdatesDisplays installed windows update summary


Authenticated: 
abcount Show name and hash antibody counts
abstate state filename|hash Modify data AB state
allowuninstall [0|1] Turn allow uninstall off or on, or report state
analyze Analyze potential issues, generate analysis.bt9
capture file Make a zip file of diagnostic data
certificates Displays cached certificate information
certinfo file [flags] [store] Display certificate information on a file
certwvt file [flags] Run WVT on file
certchain certhash|id Displays a certificate chain by hash or id
certfind certhash|id|invalid Displays files with certificate
certstates Displays certificate approvals + bans
checkcache Instruct the agent to correct cache problems
classifications Displays current classifications and tags
clcounts Get current configuration list counts
comment Add a comment to the diagnostic trace
configlist Get current configuration list version
configlistrefresh Force config list refresh from server
configprops Display active config properties
connect Connect to server
copycache file Make a safe copy of the live cache file
counters Display counter information
countevents start end Event counts (All|Sent|Unsent)
countreports start end File report counts (All|Sent|Unsent)
crawlfile file Prioritize a crawl of file
crawlinfo file|dir Display top-level package and file analysis
crawljobs Show outstanding crawl jobs
debuglevel [#] Set agent debug message level, or report state
devicerules Shows server device control rules
devices [all] Shows attached devices (or all devices seen)
dirty Displays current dirty entries
diagnostics [+/-]Setting Queries or enables/disables diagnostics
disconnect Disconnect from server
dump agent|system|config Generate a crash dump, or config dump options
enforcement [high|med|low] Show or change the enforcement level
extdab file Apply extdab file to local external DAB
fileassoc file extension Find file or protocol association string
filereports num Display unsent file reports
files Display files actively under analysis
filetype hex Converts hexadecimal file type into string
find file|hash [qualifiers] Find file(s) by filename or hash
flushlingering Flush DABs with no corresponding NABs
flushlogs Reset all agent log files to empty state
hash sha1|sha256|md5|bulk fn Hash file/path or create bulk import list
healthcheck Tests the operational health of the Agent
help Display available commands
hostgroup Get current host group identifier
importconfiglist file [now] Loads configlist (requires restart unless now)
images [pid] Displays loaded images
importservercertlist  Import the TrustedCertList.pem file from the path specified.
initializationallowed [0|1] Allow initialization without server approval
installchain ieid Displays processes by IEID
installs [active|trusted|msi] Displays install events
isconnected Is the agent connected to the server
isinitializing Is the agent initializing
isinsession Is the agent in session with the server
issleeping Is the agent sleeping
kernelconfig name value Send a name/value property to the kernel
kerneltrace [level [flags]] Enable tracing at level; use 0 to disable
knormalize file Show the normalized kernel filename
kprocess pid Show kernel process information
links file Display all hard links for file
localapprovals Display local hash approvals
logonsessions Display logon sessions and interactive users
metadata file Displays metadata information for file
nettrace [0|1] Turn network tracing off or on, or report state
password pwd [timeout#] Enabled command access for timeout seconds
prioritize [0|1] Prioritizes communication with the Cb Protection Server
process pid Show process information by process id
processes Show process list
queues Displays outstanding queue items
resetcounters Reset counters back to their initial state
restartcrawls Clear crawler jobs and restart them all
restoreDB Restores DB to backup
deleteDB Deletes DB
refreshGlobalStates Re-evaluates all global hash states
registerTerminates the current HTTPS session and re-registers current computer with the Server using the current ClientId.
register hostimageRegisters a new Golden Image with the Server. Agent sets the OldClientId to the same value as the current ClientId and re-registers with the Server. While processing register request, the Server detects a new Golden Image registration by comparing the reported ClientId with the OldClientId. If a new Golden Image is detected, Server creates an on-the-fly snapshot of the device to be used as a Template and directs the Template Computer to generate a new ClientId. Note:
register cloneRegisters a new Clone with the Server. Agent sets the OldClientId to a pre-defined value, "HOSTIMAGE", keeps the current ClientId unchanged and re-registers with the Server.
register newclientTerminates the current HTTPS session, populates OldClientId with the current ClientId. Generates a new ClientId and re-registers the computer with the Server using the new ClientId.
resync Resynchronize file information with server
revertcliconfigprops Revert all config props set from the CLI
runtimer name Schedules a timer to run immediately
ruletags [add|remove] Adds/Removes/Queries Global Rule Tags
safeboot query|set|clear Recover from failed boot or query blocked files
server Display the server address
servernamecheck [0|1] Display or set SSL CN validation
setconfigprop name=value Set agent configuration property
setserver address [port] Change server address/port (requires repair install)
showmemorypolicies Show the memory policies for this host
shownamebans Display the blocked by name list
showpapaths Show the pre-approval folders on this host
showpathpolicies Show the path policies for this host
showregpolicies Show the registry policies for this host
showscriptpolicies Show the script policies for this host
showsysteminfo Show system information
showpublisherstates Show publisher policies
showupgrades Show agent upgrade information
sidinfo user|group|sid Display information about a SID, user or group
stategroups Query the list of active state group ids
sslmode [#] Set mode (1:Basic, 2:Strong), or report mode
status Display status summary
tamperprotect [0|1] Set tamper protection, or report state
testpattern pattern name Tests whether a given pattern matches a name
timers Displays outstanding timers
trustedusers Show trusted users
updatemsiinfo Rescan MSI file groups
uploads Show outstanding uploads
uploaddiagnostics Collect and upload diagnostics to the server
users Show logged on users
version Display the software versions
volumes Display volume information
wait cond [timeout] Wait until condition is true, up to timeout seconds
windowsupdates Displays installed windows update summary
yara filename [force] Instructs agent to import yara rules
policy [add|delete|query|queryunexpanded] [xmlfilename|[path|script|object|registry]]Add, delete policies from the xml file, or query specified or all policy types
deleterule [rule ID] [path|script|object|registry]Delete the specified rule

Additional Notes

For 'Authenticated' dascli commands you must run the 'dascli password <password>' command first:
a. dascli password AFJK HNPD RSBK
b. dascli showpathpolicies

 

Labels (1)
Tags (2)
Was this article helpful? Yes No
86% helpful (6/7)
Article Information
Author:
Creation Date:
‎02-28-2019
Views:
12311
Contributors