The DasCLI.exe program, referred to as DASCLI, is an executable which provides Command Line Interface (CLI) access to the Carbon Black App Control Windows Agent. Messages are transmitted between DASCLI and the Agent.
Port
By default, messages between CLI and the agent are transmitted by using port 3142. If this port is already in use or you want to use a non-predictable port for security reasons, you can set the parameter random_cli_port=1 on the agentconfig property. This will cause a new, randomly generated available port to be used on each subsequent restart.
Events
Nearly all DASCLI commands result in the generation of an event on the Carbon Black App Control Server.
Filters and Search
Some DASCLI commands return large result sets. You can use the filter command to limit the number of results returned for any command. For example, dascli certificates will return all certificates for an agent. However, dascli certificates filter "*Microsoft Corporation (Europe)*" will return only those certificates which have the specified string in the result set. It is recommended to use *filter* as a pattern to search. For list output, the filter pattern is applied to each result set and only items matching the pattern are displayed. Some commands, such a DASCLI find command, have additional filtering options.
Some commands that have the file name parameter need a full or relative path and not a wildcard path. Hash-based searches cannot use wildcards and need to be specified in full because the agent uses the length of the string to determine if it is a hash-based search. Therefore, if you search for a partial or wildcarded hash string, it will be treated as a file name search and not a hash search.
Commands
In the following table:
- In the Requirement column, Authentication means that this command can only be run if the user has authenticated access to DASCLI, either by a local or global password or by a user or group authentication.
- In the Requirement column, Parity Service means that this command requires that the user space service should be running.
- In the Requirement column, None means that this command can be run without any pre-requisites.
- In the Visible in Agent Help column, the values are accurate as of Protection v8 P6.
| Command | Requirement | Availability |
Visible in Agent Help |
|---|---|---|---|
| ? (alias for "help") | No | ||
| abcount | Authentication | 6.0.2 | Yes |
| abstate | Authentication | 6.0.2 | Yes |
| allowuninstall | Authentication | 6.0.2 | Yes |
| analysis (alias for "analyze") | No | ||
| analyze | Authentication | 6.0.2 | Yes |
| analyzenow | Authentication | 8.8.0 | No |
| autostart | Authentication | No | |
| bookmark | Authentication | No | |
| capture | Parity Service | 7.0 | Yes |
| certchain | Authentication | Yes | |
| certfind | Authentication | Yes | |
| certificates | Authentication | Yes | |
| certinfo | None | 6.0.2 | Yes |
| certstates | Authentication | Yes | |
| certwvt | None | Yes | |
| checkcache | Authentication | 6.0.2 | Yes |
| classifications | Authentication | Yes | |
| clcounts | Authentication | 7.0 | Yes |
| comment | Parity Service | Yes | |
| configlist | Authentication | 6.0.2 | Yes |
| configlistrefresh | Authentication | 6.0.2 | Yes |
| configprops | Authentication | 6.0.2 | Yes |
| connect | Authentication | 6.0.2 | Yes |
| counters | Parity Service | 6.0.2 | Yes |
| crawlinfo | Authentication | 7.0 | Yes |
| debuglevel | Authentication | 6.0.2 | Yes |
| deleteDB | Authentication | ||
| deleterule | Authentication | Yes | |
| devices | Authentication | 7.0 | Yes |
| dirty | Authentication | 7.0 | Yes |
| disconnect | Authentication | 6.0.2 | Yes |
| enforcement | Authentication | 7.0 | Yes |
| fileassoc | None | 7.0 | Yes |
| files | Authentication | 7.0 | Yes |
| find | Authentication | 6.0.2 | Yes |
| flushlogs | Authentication | 6.0.2 | Yes |
| hash | None | 6.0.2 | Yes |
| healthcheck | Authentication | 7.0 | Yes |
| help | None | Yes | |
| hostgroup | Authentication | 6.0.2 | Yes |
| importconfiglist | Authentication | 6.0.2 | Yes |
| info (alias for "status") | No | ||
| initializationallowed | Parity Service | Yes | |
| installs | Authentication | 7.0 | Yes |
| isconnected | Parity Service | 6.0.2 | Yes |
| isinitializing | Parity Service | 6.0.2 | Yes |
| isinsession | Parity Service | 6.0.2 | Yes |
| issleeping | Authentication | 6.0.2 | Yes |
| kernelconfig | Authentication | 6.0.2 | Yes |
| kerneltrace | Authentication | 6.0.2 | Yes |
| knormalize | Authentication | 6.0.2 | Yes |
| links | Parity Service | 7.0 | Yes |
| logonsessions | Authentication | Yes | |
| metadata | None | Yes | |
| nettrace | Authentication | 6.0.2 | Yes |
| password | Parity Service | 6.0.2 | Yes |
| policy | Authentication | 8.0 | Yes |
| prioritize | Authentication | 7.0 | Yes |
| process | Authentication | 7.0 | Yes |
| processes | Authentication | 6.0.2 | Yes |
| queues | Authentication | 7.0 | Yes |
| resetcounters | Authentication | 6.0.2 | Yes |
| restoreDB | Authentication | Yes | |
| resync | Authentication | 7.0 | Yes |
| revertcliconfigprops | Authentication | Yes | |
| ruletags | Authentication | No | |
| runtimer | Authentication | Yes | |
| seccon (alias for "enforcement") | No | ||
| selfprotect (alias for "tamperprotect") | No | ||
| server | Parity Service | 6.0.2 | Yes |
| servernamecheck | Authentication | Yes | |
| setconfigprop | Authentication | Yes | |
| shepherd (alias for "server") | No | ||
| showblist (alias for "shownamebans") | No | ||
| showconfigprops (alias for "configprops") | No | ||
| showcounters (alias for "counters") | No | ||
| showmempolicies (alias for "showmemorypolicies") | No | ||
| showmemorypolicies | Authentication | 6.0.2 | Yes |
| shownamebans | Authentication | 7.0 | Yes |
| showobjectpolicies (alias for "showmemorypolicies") | No | ||
| showpapaths | Authentication | 6.0.2 | Yes |
| showpathpolicies | Authentication | 6.0.2 | Yes |
| showpublisherstates | Authentication | No | |
| showregpolicies | Authentication | 6.0.2 | Yes |
| showregistrypolicies (alias for "showregpolicies") | No | ||
| showscriptpolicies | Authentication | 6.0.2 | Yes |
| showsysteminfo (alias for 'systeminfo') | 6.0.2 | Yes | |
| showtrusted | Authentication | No | |
| showupgradehistory (alias for "showupgrades") | No | ||
| showupgrades | Authentication | 7.0 | Yes |
| sidinfo | None | 7.0 | Yes |
| sslmode | Authentication | 6.0.2 | Yes |
| status | Parity Service | 6.0.2 | Yes |
| systeminfo | Authentication | No | |
| tags (alias for "classifications") | No | ||
| tamperprotect | Authentication | 6.0.2 | Yes |
| testpattern | Authentication | 6.0.2 | Yes |
| timers | Authentication | 7.0 | Yes |
| trustedusers | Authentication | Yes | |
| updatemsiinfo | Authentication | 6.0.2 | Yes |
| uploaddiagnostics | Authentication | 7.0 | Yes |
| users | Authentication | 7.0 | Yes |
| validatecerts | None | Yes | |
| version | Parity Service | 6.0.2 | Yes |
| volumes | Authentication | 7.0 | Yes |
| wait | None | 7.0 | Yes |
| windowsupdates | None | Yes | |
| yara | Authentication | 8.0 | Yes |
