Skip to content
Skip to search
Skip to footer

Cisco Secure Endpoint: Command Line Switches Explained

Available Languages

Download Options

PDF (22.8 KB)
View with Adobe Reader on a variety of devices
ePub (84.0 KB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (72.2 KB)
View on Kindle device or Kindle app on multiple devices

Updated:July 15, 2024

Document ID:213690

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Contents

Background Information

Cisco Secure Endpoint Command Line Switches

Secure Endpoint Installer Switches

amp_installer.exe

Secure Endpoint Support Diagnostic Tool Switches

ipsupporttool.exe

Secure Endpoint UI Switches

Secure Endpoint SFC Switches

Related Information

Introduction

This document describes the Command Line (CLI) switches available to use with Cisco Secure Endpoint.

Background Information

Cisco Secure Endpoint contains many customizable features and actions which can be performed locally on an endpoint using command line switches. This document showcases them.

Cisco Secure Endpoint Command Line Switches

Secure Endpoint Installer Switches

amp_installer.exe

Open the command prompt on Windows.
Navigate to the folder your installer is located in on the command prompt (Downloads folder used as an example below).
cd C:\Users\sysadmin\Downloads
Execute the available switches provided.
amp_protect.exe <switch>

Note: No output will be returned after executing the commands.

Tip: More than one switch can be used at once.

Command Line Switch	Command Description	Special Notes
/S	Used to put the installer into silent mode.
/temppath	Used to specify a custom temporary location for installation files to be extracted and executed.	/temppath C:\
/desktopicon 0	Used to specify that a desktop icon is not created.	This is the default configuration and does not need to be provided.
/desktopicon 1	Used to specify that a desktop icon is created.
/startmenu 0	Start Menu shortcuts are not created.
/startmenu 1	Start Menu shortcuts are created.	This is the default configuration and does not need to be provided.
/contextmenu 0	Disables Scan Now from the right-click context menu.
/contextmenu 1	Enables Scan Now in the right-click context menu.	This is the default configuration and does not need to be provided.
/remove 0	Uninstalls the connector and leaves files for later reinstallation.	XML files with the UUID remain and allow you to reuse the existing computer object when reinstalling the connector. Log files are preserved as well. If a connector protection password is in use, it must be specified using the /uninstallpassword flag.
/remove 1	Uninstalls the connector and removes all associated files.	If a connector protection password is in use, it must be specified using the /uninstallpassword flag.
/uninstallpassword	Specifies the uninstall password when using the /remove flag. Must be specified if the Connector Protection feature is enabled	Specify the uninstall password after the flag.
/skipdfc 1	Skip installation of the DFC driver.	Any connectors installed with this flag must be in a group with a policy that has the Network engine disabled.
/skiptetra 1	Skip installation of the TETRA driver.	Any connectors installed with this flag must be in a group with a policy that has the Tetra flag unchecked.
/D=[PATH]	Used to specify which directory to perform the install. For example, /D=C:\	This must be specified as the last parameter. For the /D= command line switch, the default installation directory varies from Operating System. Here are the default installation directories on Microsoft Windows XP with Service Pack 3 or later: For x86 Platforms: `C:\Program Files (x86)\Cisco\AMP` For x64 Platforms: `C:\Program Files\Cisco\AMP`
/goldenimage 1	_{Installs connector to prepare for Golden Images.}	This flag is designed to help prepare golden images in virtual environments. Using this flag prevents the connector from starting and registering during Golden Image creation. For more information, please see: How To Prepare a Golden Image with Secure Endpoints https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/214462-how-to-prepare-a-golden-image-with-amp-f.html
/skiposcheck 1	_{Skips the OS check during installation.}	This flag can be used to install Secure Endpoint on operating systems it is not compatible with.

Secure Endpoint Support Diagnostic Tool Switches

ipsupporttool.exe

Open the command prompt on Windows.
Navigate to the folder on the command prompt. Default path: C:\Program Files\Cisco\AMP\X.X.X\, theX.X.X denotes the version number).
cd C:\Program Files\Cisco\AMP\8.2.1.21612\
Execute the available switches provided.
ipsupporttool.exe <switch>

Note: On execution of switches, there will be no output returned.

Caution: Any switch that references a folder choice requires that the the folders already be present.

Command Line Switch	Command Description	Special Notes
-o <path>	Specifies the output folder for the Support Tool.	Defaults to the desktop if this option is not specified.
-d <install_path>	Specifies the folder that the Windows Support Tool can retrieve files from.	Defaults to the default installation directory of Secure Endpoint if not specified.
-t <minutes>	Runs a Timed debug level diagnostic from the Windows Support Tool for the specified time. Time duration is specified in minutes.

Secure Endpoint UI Switches

iptraytool.exe

Note: The iptraytool.exe file is only available on legacy versions of Secure Endpoint.

Open the command prompt on Windows.
Navigate to the folder at the command prompt. Default path: C:\Program Files\Cisco\AMP\X.X.X\, the X.X.X denotes the version number).
cd C:\Program Files\Cisco\AMP\7.5.3.20938\
Execute the available switches provided.
iptray.exe <switch>

Command Line Switch	Command Description	Special Notes
-f	Allows for Client User Interface to be made active from command line.	This is only necessary if an endpoint has GUI turned off via Policy with Start Client User Interface unchecked.

Secure Endpoint SFC Switches

sfc.exe

Open the command prompt on Windows.
Navigate to the folder at the command prompt. Default path: C:\Program Files\Cisco\AMP\X.X.X\, the X.X.X denotes the version number).
cd C:\Program Files\Cisco\AMP\8.2.1.21612\
Execute the available switches provided
sfc.exe <switch>

Command Line Switch	Command Description	Special Notes
-s	_{Start Immunet Protect (Windows Connector) service. The service must already have been registered with SCM to be started.}
-k	_{Stop Immunet Protect (Windows Connector) service.}	_{If Connector Protection is enabled, input the password after -k in order to successfully stop the service.}
-u	_{Uninstall Immunet Protect (Windows Connector) service. De-register service with Windows Service Control Manager (SCM). This option is used by the de-installer to uninstall the Windows connector service.}
-r	_{Resets Immunet Protect (Windows Connector) service. This is very similar to -i option but does not install the service. This is useful to fix local.xml corruption.}
-l start	_{Toggle debug and kernel logging dynamically (The trigger is a lowercase L).}	_{This state remains until toggled off, the service is restarted, or a new policy is configured to change the logging level.}
-l stop	_{Turn off debug and kernel logging dynamically (The trigger is a lowecase L).}
-unblock SHA_of_file	This option unblocks a process from execution. After this command switch is run, the Application can be removed from the local kernel cache of the application blocking list.	_{This command can be used when an application is blocked because of false positive or mistake, and you want to quickly unblock the application without waiting for 30 minutes or rebooting the machine.}
-reregister	This option can clear the uuid and certs from local.xml and registry while the service is running, and triggers a re-enrollment. Local.xml and registry is updated with new values. However, this is blocked if ID Sync is enabled, and the connector gets existing UUID again. This can place the connector in the default group / policy after reregistration if the installation package used for initial install has been modified.	_{If Connector Protection is enabled, you need to enter the following:}_{sfc.exe -reregister _password_}
-forceupdate	This option forces the connector to update the TETRA definitions.
-forceapdeupdate	This option forces the connector to update the behavioral protection definitions.	_{You can check the current behavioral protection definitions installed on the endpoint in device trajectory in the Secure Endpoint dashboard.}

Related Information

Revision History

Revision	Publish Date	Comments
8.0	15-Jul-2024	Changed title and introduction slightly, SME made some updates to technical information, formatting and spelling changes.
7.0	05-Feb-2024	Format Correction
6.0	24-Mar-2023	Added switch for IPTray use. Updated Title, Introduction, SEO, Machine Translation, Style Requirements and Formatting.
5.0	28-Feb-2022	Added switch for IPTray use.
4.0	03-Feb-2022	Updated information relating to reregistration switch.
3.0	12-Jan-2022	Removed switch options that are no longer supported.
2.0	03-Nov-2021	Rebranding updates.
1.0	18-Sep-2018	Initial Release

Contributed by Cisco Engineers

Caly Hess
Cisco AMP Escalation Engineer
Andrew Koelbel
Cisco TAC Engineer

Was this Document Helpful?

Feedback

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

This Document Applies to These Products

Secure Endpoint Private Cloud