Appscan Command Syntax

Description

Scans the host computer and creates an XML file that contains a list of executable programs and their checksums. This XML file is used by the Check Point Reputation Service to create recommended rules to block or allow common applications.

Syntax

Appscan [/o <filename> /s <target directory> /x <extension strung /e /a /p
/verbose /warnings /?]

Parameters

Parameter	Description
file name	Output file name and path.
/o	Sends output to the specified file name. If no file name is specified, Appscan uses the default file name (scanfile.xml) in the current folder.
/s <target directory>	Specifies the directory, including all subdirectories, to scan. You must enclose the directory/path string in double quotes. If no directory is specified, the scan runs in the current directory only.
/x <extension string>	Specifies the file extension(s) to include in the scan. The extension string can include many extensions, each separated by a semi-colon. You must put a period before each file extension. You must enclose full extension string in double quotes. You must specify a target directory using the /s switch. If you do not use the /x parameter only .exe executable files are included in the scan
/e	Include all executable files in the specified directory regardless of the extension. Do not use /e together with /x.
/a	Includes additional file properties for each executable.
/p	Shows progress messages during the scan.
/verbose	Shows progress and error messages during the scan.
/warnings	Shows warning messages during the scan.
/? or /help	Shows the command syntax and help text.

Examples

• appscan /o scan1.xml

  This scan, by default, includes .exe files in the current directory and is saved as scan1.xml.

• appscan /o scan2.xml /x ".exe;.dll" /s "C:\"

  This scan includes all .exe and .dll files on drive C and is saved as scan2.xml.

• appscan /o scan3.xml /x ".dll" /s c:\program files

  This scan included all .dll files in c:\program files and all its subdirectories. It is saved as scan3.xml.

• appscan /s "C:\program files" /e

  This scan includes all executable files in c:\program files and all its subdirectories. It is saved as the default file name scanfile.xml.

Importing Appscan XML Files

After you generate the Appscan XML file, you import it to the Endpoint Security Management Server.

Note - You must remove all special characters, such as trademarks or copyright symbols, from the XML file before importing it.

To import an Appscan XML file:

1. In the Policy tab > Application Control rule, right click the Allowed apps list Action.
2. Select Import Programs.
3. In the Import Programs window, go to and select the applicable Appscan XML file.
4. Click Import.

   When applications included in the imported file are found on endpoint computers, they are automatically added to the Allowed or Block applications group.