Scribd
Upload
784 views8 pages

McAfee MOVE AntiVirus 4.8.0 Client Command Line Interface Reference Guide - CLP9421

Uploaded by

Sérgio Locatelli Júnior
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
784 views8 pages

McAfee MOVE AntiVirus 4.8.0 Client Command Line Interface Reference Guide - CLP9421

Uploaded by

Sérgio Locatelli Júnior
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

McAfee MOVE AntiVirus 4.8.

0 Client Command Line


Interface Reference Guide

Client command line interface


You can access the McAfee MOVE AntiVirus (Multi-Platform) client command line interface (CLI) on the managed
virtual machine to perform basic maintenance tasks.
The CLI is a series of commands that you can issue to the mvadm utility. Each command has arguments and
parameters that can be added to the command to change its behavior. This reference lists each command in
mvadm, and all argument variations.

Access the CLI


During installation, a shortcut to the Multi-Platform command line interface (CLI) is added to the Windows Start
menu.

Task
• From the Start menu, select Programs | McAfee | MOVE AV Client Command Prompt.

Make sure you run this command as an administrator.

At this command prompt, you can type commands to perform administration tasks on the VM.

config
Display and edit the configuration settings that are applied to the current installation.

mvadm config set NAME=VALUE

mvadm config show

1
Arguments Description
set NAME=VALUE Sets the value of the configuration argument NAME to VALUE.
show Lists the configuration settings.

Parameter Value Description


AllowNetworkScan 0 (off) or 1 (on). Default = 0. Enables or disables scanning of files residing
on a network path.
ConnTimeout A positive integer value. Default = 0 Sets the connection timeout in milliseconds.
(no timeout).
EventSink An integer between 0 (no Determines where threat events are sent. The
notifications) and 14 (all total combines the values for Windows Event
notifications). Default = 14. Viewer log (2), McAfee ePO Threat Event Log
(4), and McAfee system tray pop-up menu (8).
IntegrityEnabled An integer between 0 (no Determines the active self-protections. The
self-protection) and 7 representing total combines the values for file (1), registry
a binary value. Default = 7 (all (2), and services (4).
self-protections).
LogFileNum A positive integer value. Default = Limits the number of log files allowed before
4. they are overwritten.
LogFileSize An integer greater than 1024. Limits the size (in KB) of an individual log file.
Default = 2048.
MaxFileSize A positive integer value. Default to Limits the size (in MB) of files where scan
40. results are cached. Files up to this size are
transferred completely to the SVM for
scanning.
QuarantineEnabled 0 (off) or 1 (on). Default = 1. Enables or disables quarantine services.
QuarantineFolder A valid file path. Default = C: Determines where quarantined files are
\Quarantine. stored. Cannot be a mapped network drive or
UNC file path.
QuarantineDays A positive integer. Default = 28. Determines the number of days quarantined
files are stored before being deleted.
Submitting a 0 turns off quarantined file
deletion.
RTEMode 0 (off) or 1 (on). Default = 0. Indicates protection status on the VM. This
value cannot be changed through the config
command.
OASStatus 0 (off) or 1 (on). Default = 0. Enables or disables the on-access scan on the
VM. On the next policy enforcement, the
settings are changed based on the
configurations in the on-access scan policy in
McAfee ePO.
ODSStatus 0 (off) or 1 (on). Default = 0. Enables or disables the on-demand scan on
the VM. On the next policy enforcement, the
settings are changed based on the
configurations in the on-demand scan policy in
McAfee ePO.
ScanAllFileTypes 0 (specific extensions) or 1 (all Determines whether to scan all files or only
files). Default = 1. specific extensions.
ODSScanAllFileTypes 0 (specific extensions) or 1 (all Determines whether to scan all files or only
files). Default = 1. specific extensions for the on-demand scan.

2
Parameter Value Description
ScanFlags An integer between 0 (no Determines which operations trigger scanning.
operations scanned) and 7 The total combines the values for Read (1),
representing a binary value. Write (2), and Backup (4).
Default = 7 (all operations
scanned).
ScanTimeout A positive integer. Default = 45000. Limits the time (in milliseconds) allowed for file
scans after which the file can be accessed.
ODS ScanTimeout A positive integer. Default = 45000. Limits the time (in milliseconds) allowed for an
on-demand scan after which the file can be
accessed.
ServerAddress1 An IPv4 address or FQDN. No Specifies the IPv4 address or FQDN of the
default. primary SVM used by the VM.
ServerAddress2 An IPv4 address or FQDN. No Specifies the IPv4 address or FQDN of the
default. secondary SVM used by the VM.
ServerPort1 Between 1024 and 65535. Default = Specifies the port used to communicate with
9053. the primary SVM.
ServerPort2 Between 1024 and 65535. Default = Specifies the port used to communicate with
9053. the secondary SVM.
ThreatAction1 0 (delete) or 1 (deny access). Determines the primary action taken when a
Default = 0. threat is detected.
ThreatAction2 0 (delete) or 1 (deny access). Determines the secondary action taken when a
Default = 1. threat is detected.
ODS ThreatAction1 0 (delete) or 1 (deny access). Determines the primary action taken when a
Default = 0. threat is detected during on-demand scan.
ODSThreatAction2 0 (delete) or 1 (deny access). Determines the secondary action taken when a
Default = 1. threat is detected during on-demand scan.
SVMManagerAddress An IPv4 address or FQDN. No Specifies the IPv4 address or FQDN of the SVM
default. Manager.
SVMManagerPort Between 1024 and 65535. Default = Specifies the port used to communicate with
8080. SVM Manager.

ftypes
Display and edit the list of file extensions to be sent for scanning.

mvadm ftypes add oas <extn>

mvadm ftypes remove oas <extn>

mvadm ftypes list oas

mvadm ftypes add oas exe pdf zip

mvadm ftypes add ods exe pdf zip

The ftypes command does not support wildcards, and extensions must be an exact match. For example,
issuing an mvadm ftypes add doc command does not cause .DOCX files to be scanned.

Arguments Description
add oas <extn> Adds the files with extension for anti-virus scanning.
remove oas <extn> Removes the files with extension from the list of files to be included for scanning.

3
Arguments Description
list oas Lists the file extensions to be included for on-access scanning.
add oas exe pdf zip Adds the files with extensions exe, pdf, and zip to be included for on-access
scanning.
add ods exe pdf zip Adds the files with extensions exe, pdf, and zip to be included for on-demand
scanning.

help
Display usage information for the mvadm utility.

mvadm help

mvadm help command

Arguments Description
default Lists the summary description for the McAfee MOVE AntiVirus client CLI commands.
command Lists the detailed Help for the provided command.

loglevel
View and edit the log level of the McAfee MOVE AntiVirus client.

mvadm loglevel

mvadm loglevel enable {MODULE_NAME | ALL} {TYPES... | ALL}

mvadm loglevel disable {MODULE_NAME | ALL} {TYPES... | ALL}

Arguments Description
default Lists the current log level of each module that is part of the McAfee MOVE
AntiVirus client. Use this form to get a full list of modules for use with other
forms of the loglevel command.
enable {MODULE_NAME | Sets the log level for module MODULE_NAME or all modules to the specified log
ALL} {TYPES... | ALL} level types or to all types.
disable {MODULE_NAME | Clears the specified log level types or all types for module MODULE_NAME or for
ALL} {TYPES... | ALL} all modules.

These are the supported log level types:

• Error • Detail

• Warning • Fnentry

• System • Fnexit

• Info

4
pp
Specify trusted processes. All files acted on by a trusted process are excluded from scans.
Process passthru rule supports these path formats:

• Just the process name, for example: xyz.exe

• Partial path, for example: abc\xyz.exe

• Complete path, for example: C:\abc\xyz.exe

• Windows path, for example: %windir%\abc\xyz.exe

Note these points while using the pp command to specify trusted processes:

• If %abc% does not resolve, delete it from the list.

• This format is only valid from McAfee ePO.

• This resolves the path concerning the system user.

mvadm pp list oas

mvadm pp list ods

mvadm pp add oas <process path>

mvadm pp remove oas <process path>

mvadm pp set <process path>

mvadm pp add oas <file path>

Arguments Description
list oas Displays a list of all trusted processes for on-access scanning.
list ods Displays a list of all trusted processes for on-demand scanning.
add oas <process Adds the specified process (or processes) as a trusted process. For example:
image path>
mvadm pp add userprofilemanager.exe
All files acted on by the userprofilemanager.exe file are excluded from the scan.

remove oas Removes the specified process (or processes) as a trusted process.
<process image
path>
set <process image Removes all existing trusted processes and adds the specified process (or processes)
path> as trusted processes.
add oas <file Adds the specified file path as a trusted file path for an on-access scan. For example:
path> mvadm pp add oas c:\windows\system32\notepad.exe
All file paths acted on by the c:\windows\system32\notepad.exe file path are
excluded from on-access scan.

5
exp
Specify path exclusion. All paths acted on by a trusted process are excluded from on-access scan.

mvadm exp add oas <file path>

mvadm exp list oas

Arguments Description
add oas <file Excludes the specified file path from the trusted file path during on-access scan. For
path> example:
mvadm exp add oas "3|11|c:\folder1\*.txt"
3 | 11 — Scans the specified directory only.
3 | 15 — Scans the specified directory and subdirectories.
All file paths acted on by the 3|11|c:\folder1\*.txt file path are excluded during
on-access scan.

list oas Lists excluded file paths from on-access scan.

q
Change the quarantine behavior for McAfee MOVE AntiVirus (Multi-Platform).

mvadm q list

mvadm q restore <detected as>

mvadm q remove <detected as>

Arguments Description
list Lists the currently quarantined files and their detection type.
restore <detected Restores all .VIR files from the currently configured quarantine folder with the
as> specified <detected as> category.
remove <detected as> Deletes all .VIR files from the currently configured quarantine folder with the
specified <detected as> category.

status
Display the current state of the McAfee MOVE AntiVirus client in terms of operational mode (enabled or
disabled) and its McAfee MOVE AntiVirus Multi-Platform SVM details.

mvadm status

Arguments Description
default Lists the current McAfee MOVE AntiVirus client status.
OASStatus Displays the current status of the on-access scan.
ODSStatus Displays the current status of the on-demand scan.
ODSScanAllFiletypes Lists all file types to be scanned for on-demand scanning.

6
Example
C:\Program Files\McAfee\MOVE AV client>mvadm status
Scan Configuration: Enabled
On Access Scan: Enabled
On Demand Scan: Disabled
Driver Status: Driver is loaded
Primary Server: 10.216.19.210:9053 [Active]
Secondary Server: NONE:9053 [Not Configured]
SVM Manager: 10.216.19.154:8080 [Configured]
Protection Status: Enabled

version
Display the version of the McAfee MOVE AntiVirus client installed on the VM.

mvadm version

Arguments Description
default Displays the version of the McAfee MOVE AntiVirus client installed on the VM. This is useful for
verifying that an upgrade operation is complete, or checking if an upgrade is needed.

Password-protected CLI
Set password protection through the client policy to prevent users from changing the anti-virus settings, or
disabling the anti-virus protection.
After setting the password, type the password to execute any of these commands on the mvadm command line
of the clients.

• config

• filetypes

• procpassthru

• loglevel

Set password for client CLI


Specify the password on the McAfee ePO server to prevent users from changing the anti-virus settings, or
disabling the anti-virus protection on the client.

Before you begin


You installed the McAfee MOVE AntiVirus extension on the McAfee ePO server.

Task

1 Log on to McAfee ePO as an administrator

2 Select Menu | Policy | Policy Catalog, then select MOVE AntiVirus Common 4.6.0 from the Product list.

3 From the Category list, select Options.

4 Click the name of an editable policy.

7
5 Select Enable Self-Protection for MOVE CLI, then type and confirm the password.

6 Click Save to modify the policy.

You can now verify that the commands on the client system are password-protected.

Copyright © 2018 McAfee, LLC


McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other
marks and brands may be claimed as the property of others.

8 0-00

You might also like