2.5. On-demand CLI

The on-demand MetaAccess agents expose a command-line interface that allows a user to control how the on-demand agent is run.

Your solution can trigger our agent to run onetime and get device status to grant a device access to your resources. Pulse Secure integration is an example.

Windows Usage

1. Open a command prompt (as administrator if using admin version)

2. Navigate to the directory containing the On-demand MetaAccess executable

3. Run the executable with one or more options (license_key and server_code must be provided either in the executable name or in the options), for example:

OPSWAT_GEARS_Client_Admin.exe /key [license_key] /host [server_code] [options]

or

OPSWAT_GEARS_Client_Admin _[server_code]-[license_key].exe [options]

macOS Usage

1. Open a terminal
2. Navigate to the directory containing the on-demand MetaAccess zip file3. Navigate into the compressed archive: $ cd OPSWAT\ GEARS.app/Contents/Resources/4. Run the executable with one or more options (server_code is required; license_key will be read from the config in the zip file unless provided as an option), for example:$ ./opswat-gears-od /host [server_code] [options]

Options

/silent

Silent mode. No dialog pop-ups are shown.

/log 0 or 1

0 - Disable logging.
1 - Enable logging. (Windows: Creates log in executable’s directory. macOS: Creates a log on the current user’s desktop except when running as root).

/key license_key

Specify a MetaAccess license key (overrides the license key in the executable file name if present; required if not present in the file name).

/host server_url

Specify a server where the OPSWAT Client should connecting to. This argument will overwrite the server url in the executable file name if it is presented. This argument is required if the server url is not presented in the file name.

It should be in HEXA format. You can use any tool to convert a string to a HEXA string. For example: if your server URL is https://ocm.yourdomain.com, you should use /host 68747470733a2f2f6f636d2e796f7572646f6d61696e2e636f6d

If your devices are connecting to MetaAccess US tenant, you can use "3445" as a server URL magic code, for example /host 3445

/mkey metadefender_cloud_key

Specify a MetaDefender Cloud key to use for malware scanning (overrides the MetaDefender Cloud key associated with the specified account_license_key).

/quick

Exclude DLLs and libraries during malware scan

/runonce [run_option]

Indicate how you want the client run and exit. Run_option can be one of the below values. If this option does not exist, the agent will continuously run until the device is restarted or a user exits the agent
1 - Run once and exit
2 - Run once and exit and open the remediation page in a default browser
3 - Run once and exit and open the remediation page in a default browser if threats are detected
4 - Run once and exit and open the remediation page in a default browser if the device is non-compliant

/runwhile <conditions>

Run while conditions are still met.

Conditions format is "condition [</o[perator]:<and|or> <condition 1> <condition 2> ...]"

Supported conditions include:
/p[rocess]:<process_name> - Run while process_name is running
/s[tasus]:<0|1> Run while status is compliant (1) or is non-compliant (0)

/rempage <0|1>

Showing rempage (1) or not (0). This configuration override /runonce option

/h or /help

Show the help menu.

Exit Codes:

0 No errors.
2 Manual exit.
4 Condition meets: Device status is non-compliant.
5 Condition meets: Device status is compliant.
8 Condition meets: Monitored process exiting.
12 Condition meets: Monitored process exiting and Device status is non-compliant
13 Condition meets: Monitored process exiting and Device status is compliant

Example

Note: all below examples are using the OPSWAT MetaAccess US instance (/host 3445). If your account is connecting to MetaAccess EU or OPSWAT Central Management server, you can use any tools to convert the full URL to a HEXA string. For example

  • your account is set up in https://gears-eu.opswat.com, you should use /host 68747470733a2f2f67656172732d6564752e6f70737761742e636f6d

  • You use OPSWAT Central Management to manage your devices, and its URL is https://ocm.yourdomain.com, you should use /host 68747470733a2f2f6f636d2e796f7572646f6d61696e2e636f6d

Case 1: Run the OPSWAT Client in silent mode while Horizon Client is running and device status is compliant.

OPSWAT_GEARS_Client.exe /silent /key your_license_key /host 3445 /runwhile /p: vmware.exe /o: and /s: 1