| --abcount | Show name and hash antibody counts |
| --abstate arg | Modify data AB state |
| --add arg | <type> [args] Add generic data |
| --analyze | Analyze counters for potential problems, generate analysis.bt9 |
| --bookmark arg | Bookmark a cache for ClientEmulation |
| --checkcache arg | [level [flags]]|[abort] Instruct the agent to correct cache problems |
| --configlist | Get current configuration list version |
| --configlistrefresh | Force config list refresh from server |
| --connect | Allow connection to server |
| --countevents arg | Event counts (All|Sent|Unsent) |
| --countreports arg | File reports counts (All|Sent|Unsent) |
| --disconnect | Disconnect and prevent connection to server |
| --configprops | Display active config properties |
| --debuglevel arg | [0-4] Report or set agent debug message level |
| --devices | Shows attached devices (or all devices ever seen) |
| --uniquedevices | Shows unique set of devices |
| --devicerules | Shows server device control rules |
| --delete arg | <type> [args] Removes generic data |
| --dump arg | <agent|system|config> Generate a crash dump, or config dump options |
| --find arg | <filename> Find file by filename |
| --filequeue | Display file analysis queue |
| --flushlingering | Flush DABs with no corresponding NABs |
| --flushlogs | Flush CbProtection log files |
| --grouptest arg | <group> <user> Tests whether user is a member of group |
| --get arg | <type> [args] Retrieve generic data from agent |
| --healthcheck | Checks to see if agent is healthy |
| --hash arg | <filename> Hash a file |
| --hostgroup | Get current host group identifier |
| --importconfiglist arg | <file> [full] [now] Loads configlist |
| --installs arg | <active|trust> Display install events |
| --isconnected | Is the agent connected to the server |
| --isinsession | Is the agent in session with the server |
| --issleeping | Is the agent sleeping |
| --kernelconfig arg | <name> <value> Send a name/value property to the kernel |
| --kerneltrace arg | [level [flags]] Enable tracing in kernel (0 disables) |
| --knormalize arg | <file> Show the normalized kernel filename |
| --lingering | Show lingering file hashes |
| --links arg | <file> Show the hardlinks for file |
| --localapprovals | Show local hash approvals |
| --md5 arg | <hash> Find file by MD5 hash |
| --nettrace arg | [0|1] Turn network tracing off or on, or report state |
| --notifier | Run CLI version of the notifier |
| --prioritize arg | [0|1] (De-)Prioritize sending events and file reports |
| --process arg | <pid> Show process information by process id |
| --processchain arg | <pid> Show process lineage by process id |
| --processes | Show process list |
| --resetcounters | Reset counters back to their initial state |
| --enforcement arg | <#> Report or change the enforcement level |
| --disconnectedenforcement arg | [#] Report or change the offline enforcement level |
| --sha1 arg | <hash> Find file by hash |
| --sha256 arg | <hash> Find file by hash |
| --showscriptpolicies arg | [1] Show script rules (unexpanded) |
| --showmempolicies arg | [1] Show memory rules (unexpanded) |
| --shownamebans arg | [1] Show name ban rules (unexpanded) |
| --showpapaths | Show crawl paths |
| --showpathpolicies arg | [1] Show name custom rules (unexpanded) |
| --showtrusted | Show trusted process list |
| --showupgrades | Show version history of CbProtection Agent |
| --sysinfo | Displays system information |
| --sslmode arg | [#] Set SSL mode (1:Basic, 2:Strong), or report mode |
| --tamperprotect arg | [0|1] Set tamper protection off or on, or report state |
| --testpattern arg | <pattern> <test> Tests whether a given pattern matches a filename |
| --trustedusers | Shows trusted users and user groups |
| --unittest arg | [subsystem[subsystem,...]] Execute kernel subsystem tests |
| --tags | Get current classification assignments |
| --uploaddiagnostics | Upload diagnostics files to server |
| --users | Shows logged on users |
| --volumes | Displays volume information |
