The DasCLI.exe program, referred to as DASCLI, is an executable which provides Command Line Interface (CLI) access to the Carbon Black App Control Windows Agent. Messages are transmitted between DASCLI and the Agent.


By default, messages between CLI and the agent are transmitted by using port 3142. If this port is already in use or you want to use a non-predictable port for security reasons, you can set the parameter random_cli_port=1 on the agentconfig property. This will cause a new, randomly generated available port to be used on each subsequent restart.


Nearly all DASCLI commands result in the generation of an event on the Carbon Black App Control Server.

Filters and Search

Some DASCLI commands return large result sets. You can use the  filter command to limit the number of results returned for any command.  For example, dascli certificates will return all certificates for an agent. However, dascli certificates filter "*Microsoft Corporation (Europe)*" will return only those certificates which have the specified string in the result set. It is recommended to use *filter* as a pattern to search. For list output, the filter pattern is applied to each result set and only items matching the pattern are displayed. Some commands, such a DASCLI find command, have additional filtering options.

Some commands that have the file name parameter need a full or relative path and not a wildcard path. Hash-based searches cannot use wildcards and need to be specified in full because the agent uses the length of the string to determine if it is a hash-based search. Therefore, if you search for a partial or wildcarded hash string, it will be treated as a file name search and not a hash search.


In the following table:

  • In the Requirement column, Authentication means that this command can only be run if the user has authenticated access to DASCLI, either by a local or global password or by a user or group authentication.
  • In the Requirement column, Parity Service means that this command requires that the user space service should be running.
  • In the Requirement column, None means that this command can be run without any pre-requisites. 
  • In the Visible in Agent Help column, the values are accurate as of Protection v8 P6.
Command Requirement


Visible in Agent Help
? (alias for "help") No
abcount Authentication 6.0.2 Yes
abstate Authentication 6.0.2 Yes
allowuninstall Authentication 6.0.2 Yes
analysis (alias for "analyze") No
analyze Authentication 6.0.2 Yes
analyzenow Authentication 8.8.0 No
autostart Authentication No
bookmark Authentication No
capture Parity Service 7.0 Yes
certchain Authentication Yes
certfind Authentication Yes
certificates Authentication Yes
certinfo None 6.0.2 Yes
certstates Authentication Yes
certwvt None Yes
checkcache Authentication 6.0.2 Yes
classifications Authentication Yes
clcounts Authentication 7.0 Yes
comment Parity Service Yes
configlist Authentication 6.0.2 Yes
configlistrefresh Authentication 6.0.2 Yes
configprops Authentication 6.0.2 Yes
connect Authentication 6.0.2 Yes
counters Parity Service 6.0.2 Yes
crawlinfo Authentication 7.0 Yes
debuglevel Authentication 6.0.2 Yes
deleteDB Authentication
deleterule Authentication Yes
devices Authentication 7.0 Yes
dirty Authentication 7.0 Yes
disconnect Authentication 6.0.2 Yes
enforcement Authentication 7.0 Yes
fileassoc None 7.0 Yes
files Authentication 7.0 Yes
find Authentication 6.0.2 Yes
flushlogs Authentication 6.0.2 Yes
hash None 6.0.2 Yes
healthcheck Authentication 7.0 Yes
help None Yes
hostgroup Authentication 6.0.2 Yes
importconfiglist Authentication 6.0.2 Yes
info (alias for "status") No
initializationallowed Parity Service Yes
installs Authentication 7.0 Yes
isconnected Parity Service 6.0.2 Yes
isinitializing Parity Service 6.0.2 Yes
isinsession Parity Service 6.0.2 Yes
issleeping Authentication 6.0.2 Yes
kernelconfig Authentication 6.0.2 Yes
kerneltrace Authentication 6.0.2 Yes
knormalize Authentication 6.0.2 Yes
links Parity Service 7.0 Yes
logonsessions Authentication Yes
metadata None Yes
nettrace Authentication 6.0.2 Yes
password Parity Service 6.0.2 Yes
policy Authentication 8.0 Yes
prioritize Authentication 7.0 Yes
process Authentication 7.0 Yes
processes Authentication 6.0.2 Yes
queues Authentication 7.0 Yes
resetcounters Authentication 6.0.2 Yes
restoreDB Authentication Yes
resync Authentication 7.0 Yes
revertcliconfigprops Authentication Yes
ruletags Authentication No
runtimer Authentication Yes
seccon (alias for "enforcement") No
selfprotect (alias for "tamperprotect") No
server Parity Service 6.0.2 Yes
servernamecheck Authentication Yes
setconfigprop Authentication Yes
shepherd (alias for "server") No
showblist (alias for "shownamebans") No
showconfigprops (alias for "configprops") No
showcounters (alias for "counters") No
showmempolicies (alias for "showmemorypolicies") No
showmemorypolicies Authentication 6.0.2 Yes
shownamebans Authentication 7.0 Yes
showobjectpolicies (alias for "showmemorypolicies") No
showpapaths Authentication 6.0.2 Yes
showpathpolicies Authentication 6.0.2 Yes
showpublisherstates Authentication No
showregpolicies Authentication 6.0.2 Yes
showregistrypolicies (alias for "showregpolicies") No
showscriptpolicies Authentication 6.0.2 Yes
showsysteminfo (alias for 'systeminfo') 6.0.2 Yes
showtrusted Authentication No
showupgradehistory (alias for "showupgrades") No
showupgrades Authentication 7.0 Yes
sidinfo None 7.0 Yes
sslmode Authentication 6.0.2 Yes
status Parity Service 6.0.2 Yes
systeminfo Authentication No
tags (alias for "classifications") No
tamperprotect Authentication 6.0.2 Yes
testpattern Authentication 6.0.2 Yes
timers Authentication 7.0 Yes
trustedusers Authentication Yes
updatemsiinfo Authentication 6.0.2 Yes
uploaddiagnostics Authentication 7.0 Yes
users Authentication 7.0 Yes
validatecerts None Yes
version Parity Service 6.0.2 Yes
volumes Authentication 7.0 Yes
wait None 7.0 Yes
windowsupdates None Yes
yara Authentication 8.0 Yes