This is a list of Dascli Commands that are available for the Windows Agent
capture file | Make a zip file of diagnostic data |
certinfo file [flags] [store] | Display certificate information on a file |
certwvt file [flags] | Run WVT on file |
comment | Add a comment to the diagnostic trace |
counters | Display counter information |
countevents start end | Event counts (All|Sent|Unsent) |
countreports start end | File report counts (All|Sent|Unsent) |
fileassoc file extension | Find file or protocol association string |
filetype hex | Converts hexadecimal file type into string |
hash sha1|sha256|md5|bulk fn | Hash file/path or create bulk import list |
help | Display available commands |
initializationallowed [0|1] | Allow initialization without server approval |
isconnected | Is the agent connected to the server |
isinitializing | Is the agent initializing |
isinsession | Is the agent in session with the server |
links file | Display all hard links for file |
logonsessions | Display logon sessions and interactive users |
metadata file | Displays metadata information for file |
password pwd [timeout#] | Enabled command access for timeout seconds |
server | Display the server address |
sidinfo user|group|sid | Display information about a SID, user or group |
status | Display status summary |
validatecerts | Revalidate certificates |
version | Display the software versions |
wait cond [timeout] | Wait until condition is true, up to timeout seco |
windowsupdates | Displays installed windows update summary |
abcount | Show name and hash antibody counts |
abstate state filename|hash | Modify data AB state |
allowuninstall [0|1] | Turn allow uninstall off or on, or report state |
analyze | Analyze potential issues, generate analysis.bt9 |
analyzenow [filename] | Tells the Agent to analyze a file right now |
capture file | Make a zip file of diagnostic data |
certificates | Displays cached certificate information |
certinfo file [flags] [store] | Display certificate information on a file |
certwvt file [flags] | Run WVT on file |
certchain certhash|id | Displays a certificate chain by hash or id |
certfind certhash|id|invalid | Displays files with certificate |
certstates | Displays certificate approvals + bans |
checkcache | Instruct the agent to correct cache problems |
classifications | Displays current classifications and tags |
clcounts | Get current configuration list counts |
comment | Add a comment to the diagnostic trace |
configlist | Get current configuration list version |
configlistrefresh | Force config list refresh from server |
configprops | Display active config properties |
connect | Connect to server |
copycache file | Make a safe copy of the live cache file |
counters | Display counter information |
countevents start end | Event counts (All|Sent|Unsent) |
countreports start end | File report counts (All|Sent|Unsent) |
crawlfile file | Prioritize a crawl of file |
crawlinfo file|dir | Display top-level package and file analysis |
crawljobs | Show outstanding crawl jobs |
debuglevel [#] | Set agent debug message level, or report state |
devicerules | Shows server device control rules |
devices [all] | Shows attached devices (or all devices seen) |
dirty | Displays current dirty entries |
diagnostics [+/-]Setting | Queries or enables/disables diagnostics |
disconnect | Disconnect from server |
dump agent|system|config | Generate a crash dump, or config dump options |
enforcement [high|med|low] | Show or change the enforcement level |
extdab file | Apply extdab file to local external DAB |
fileassoc file extension | Find file or protocol association string |
filereports num | Display unsent file reports |
files | Display files actively under analysis |
filetype hex | Converts hexadecimal file type into string |
find file|hash [qualifiers] | Find file(s) by filename or hash |
flushlingering | Flush DABs with no corresponding NABs |
flushlogs | Reset all agent log files to empty state |
hash sha1|sha256|md5|bulk fn | Hash file/path or create bulk import list |
healthcheck | Tests the operational health of the Agent |
help | Display available commands |
hostgroup | Get current host group identifier |
importconfiglist file [now] | Loads configlist (requires restart unless now) |
images [pid] | Displays loaded images |
importkeychain [filename] | Import the keychain.json file from the path specified. |
importservercertlist [filename] | Import the TrustedCertList.pem file from the path specified. |
initializationallowed [0|1] | Allow initialization without server approval |
installchain ieid | Displays processes by IEID |
installs [active|trusted|msi] | Displays install events |
isconnected | Is the agent connected to the server |
isinitializing | Is the agent initializing |
isinsession | Is the agent in session with the server |
issleeping | Is the agent sleeping |
kernelconfig name value | Send a name/value property to the kernel |
kerneltrace [level [flags]] | Enable tracing at level; use 0 to disable |
knormalize file | Show the normalized kernel filename |
kprocess pid | Show kernel process information |
links file | Display all hard links for file |
localapprovals | Display local hash approvals |
logonsessions | Display logon sessions and interactive users |
metadata file | Displays metadata information for file |
nettrace [0|1] | Turn network tracing off or on, or report state |
password pwd [timeout#] | Enabled command access for timeout seconds |
prioritize [0|1] | Prioritizes communication with the Cb Protection Server |
process pid | Show process information by process id |
processes | Show process list |
queues | Displays outstanding queue items |
resetcounters | Reset counters back to their initial state |
restartcrawls | Clear crawler jobs and restart them all |
restoreDB | Restores DB to backup |
deleteDB | Deletes DB |
refreshGlobalStates | Re-evaluates all global hash states |
register | Terminates the current HTTPS session and re-registers current computer with the Server using the current ClientId. |
register hostimage | Registers a new Golden Image with the Server. Agent sets the OldClientId to the same value as the current ClientId and re-registers with the Server. While processing register request, the Server detects a new Golden Image registration by comparing the reported ClientId with the OldClientId. If a new Golden Image is detected, Server creates an on-the-fly snapshot of the device to be used as a Template and directs the Template Computer to generate a new ClientId. Note: |
register clone | Registers a new Clone with the Server. Agent sets the OldClientId to a pre-defined value, "HOSTIMAGE", keeps the current ClientId unchanged and re-registers with the Server. |
register newclient | Terminates the current HTTPS session, populates OldClientId with the current ClientId. Generates a new ClientId and re-registers the computer with the Server using the new ClientId. |
resync | Resynchronize file information with server |
revertcliconfigprops | Revert all config props set from the CLI |
runtimer name | Schedules a timer to run immediately |
ruletags [add|remove] | Adds/Removes/Queries Global Rule Tags |
safeboot query|set|clear | Recover from failed boot or query blocked files |
server | Display the server address |
servernamecheck [0|1] | Display or set SSL CN validation |
setconfigprop name=value | Set agent configuration property |
setserver address [port] | Change server address/port (requires repair install) |
showmemorypolicies | Show the memory policies for this host |
shownamebans | Display the blocked by name list |
showpapaths | Show the pre-approval folders on this host |
showpathpolicies | Show the path policies for this host |
showregpolicies | Show the registry policies for this host |
showscriptpolicies | Show the script policies for this host |
showsysteminfo | Show system information |
showpublisherstates | Show publisher policies |
showupgrades | Show agent upgrade information |
sidinfo user|group|sid | Display information about a SID, user or group |
stategroups | Query the list of active state group ids |
sslmode [#] | Set mode (1:Basic, 2:Strong), or report mode |
status | Display status summary |
tamperprotect [0|1] | Set tamper protection, or report state |
testpattern pattern name | Tests whether a given pattern matches a name |
timers | Displays outstanding timers |
trustedusers | Show trusted users |
updatemsiinfo | Rescan MSI file groups |
uploads | Show outstanding uploads |
uploaddiagnostics | Collect and upload diagnostics to the server |
users | Show logged on users |
version | Display the software versions |
volumes | Display volume information |
wait cond [timeout] | Wait until condition is true, up to timeout seconds |
windowsupdates | Displays installed windows update summary |
yara filename [force] | Instructs agent to import yara rules |
policy [add|delete|query|queryunexpanded] [xmlfilename|[path|script|object|registry]] | Add, delete policies from the xml file, or query specified or all policy types |
deleterule [rule ID] [path|script|object|registry] | Delete the specified rule |
For 'Authenticated' dascli commands you must run the 'dascli password <password>' command first:
cd :\program files(x86\bit9\parityagent
dascli password <passwordhere>