4.7. Custom Command Line Script

How To Configure

Post-processing scripts can be configured via the "Run custom command line script" option.
Variables from the table below can be used in post-processing scripts.

For example, the following command line will copy the file that was analyzed by Kiosk to "E:\MD_POST_ACTION_BY_PAC" folder and delete after the copy.

copy /y %%%file_path%%% E:\MD_POST_ACTION_BY_PAC
del /q %%%file_path%%%

After entering your scripts, click Apply .


Be sure to test the script before configuring with Kiosk as the script is not validated.

Using Pre-defined Variables in Command Line Scripts





The absolute path of the file scanned



The name of the threat found by the engines

This variable only applies to infected scan results (“1”)


The time when the scan was finished

Local time of the kiosk system


A random number assigned to each Kiosk session



The scan outcome return type. The scan outcome return types are listed below:

  • 0 - No threat found: No threat detection or the file is empty

  • 1 - Infected/Known: Threat is found

  • 2 - Suspicious: Classified as possible threat but not identified as specific threat

  • 3 - Failed To Scan: Scanning is not fully performed (for example, invalid file or no read permission)

  • 4 - Cleaned: Threat is found and file is cleaned (repaired or deleted)

  • 5 - Unknown: Unknown scan result

  • 6 - Quarantined: File is quarantined

  • 7 - Skipped Clean: Scan is skipped because this file type is in whitelist

  • 8 - Skipped Dirty: Scan is skipped because this file type in in blacklist

  • 9 - Exceeded Archive Depth: Threat is not found but there are more archive levels which were not extracted

  • 10 - Not Scanned: Scan is skipped due to an engine update or other engine specific reason or the file was not sent to Core

  • 11 - Aborted: All ongoing scans are purged by StopScan API call

  • 12 - Encrypted Archive: Archive is not scanned because it is detected as encrypted

  • 13 - Exceeded Archive Size: The extracted archive is larger than set in the maximum file size for archive

  • 14 - Exceeded Archive File Number: There are more files in the archive than set in the maximum number of files extracted

  • 15 - Password Protected Document: File is not scanned because it is detected as password protected

  • 16 - Exceeded Archive Timeout: The time to scan the archive took longer than the time set for scanning an archive

  • 17 - Filetype Mismatch: The detected filetype does not match filetype attached to the file

  • 18 - Potentially Vulnerable File: The file is known to have some potential vulnerabilities



The process outcome

  • Allowed

  • Blocked


Running a Powershell script

To execute a Powershell script as a post action, the corresponding group policy needs to be set.
Enable "Turn on Script Execution" -> select "Allow all scripts"