4.7. Custom Command Line Script

How To Configure

Post-processing scripts can be configured via the "Run custom command line script" option.
Variables from the table below can be used in post-processing scripts.

For example, the following command line will copy the file that was analyzed by Kiosk to "E:\MD_POST_ACTION_BY_PAC" folder and delete after the copy.

copy /y %%%file_path%%% E:\MD_POST_ACTION_BY_PAC
del /q %%%file_path%%%

After entering your scripts, click Apply .

images/download/attachments/29948986/command_line_script.png

Be sure to test the script before configuring with Kiosk as the script is not validated.

Using Pre-defined Variables in Command Line Scripts

Variable

Description

Notes

%%%file_path%%%

The absolute path of the file scanned

 

%%%threat_name%%%

The name of the threat found by the engines

This variable only applies to infected scan results (“1”)

%%%scan_finished%%%

The time when the scan was finished

Local time of the kiosk system

%%%ticket_id%%%

A random number assigned to each Kiosk session

 

%%%scan_results%%%

The scan outcome return type. The scan outcome return types are listed below:

  • 0 - No threat found: No threat detection or the file is empty

  • 1 - Infected/Known: Threat is found

  • 2 - Suspicious: Classified as possible threat but not identified as specific threat

  • 3 - Failed To Scan: Scanning is not fully performed (for example, invalid file or no read permission)

  • 4 - Cleaned: Threat is found and file is cleaned (repaired or deleted)

  • 5 - Unknown: Unknown scan result

  • 6 - Quarantined: File is quarantined

  • 7 - Skipped Clean: Scan is skipped because this file type is in whitelist

  • 8 - Skipped Dirty: Scan is skipped because this file type in in blacklist

  • 9 - Exceeded Archive Depth: Threat is not found but there are more archive levels which were not extracted

  • 10 - Not Scanned: Scan is skipped due to an engine update or other engine specific reason or the file was not sent to Core

  • 11 - Aborted: All ongoing scans are purged by StopScan API call

  • 12 - Encrypted Archive: Archive is not scanned because it is detected as encrypted

  • 13 - Exceeded Archive Size: The extracted archive is larger than set in the maximum file size for archive

  • 14 - Exceeded Archive File Number: There are more files in the archive than set in the maximum number of files extracted

  • 15 - Password Protected Document: File is not scanned because it is detected as password protected

  • 16 - Exceeded Archive Timeout: The time to scan the archive took longer than the time set for scanning an archive

  • 17 - Filetype Mismatch: The detected filetype does not match filetype attached to the file

  • 18 - Potentially Vulnerable File: The file is known to have some potential vulnerabilities

 

%%%process_result%%%

The process outcome

  • Allowed

  • Blocked

 

Running a Powershell script

To execute a Powershell script as a post action, the corresponding group policy needs to be set.
See About Execution Policies under USE GROUP POLICY TO MANAGE EXECUTION POLICY.
Enable "Turn on Script Execution" -> select "Allow all scripts"