Fileless Attack Prevention Commands Parent topic

Configure Fileless Attack Prevention features using the Command Line Interface by typing your command in the following format:
SLCmd.exe -p <admin_password> <command>   <parameter> <value>
The following table lists the available abbreviated forms of parameters.

Abbreviations and Uses

Parameter
Abbreviation
Use
filelessattackprevention
flp
Manage Fileless Attack Prevention
filelessattackprevention-process
flpp
Manage Fileless Attack Prevention processes
filelessattackprevention-exception
flpe
Manage Fileless Attack Prevention exceptions
The following table lists the commands, parameters, and values available.

Fileless Attack Prevention Commands

Command
Parameter
Description
set filelessattackprevention
Display the current Fileless Attack Prevention status
For example, type:
SLCmd.exe -p <admin_password> set filelessattackprevention
enable
Enable Fileless Attack Prevention
For example, type:
SLCmd.exe -p <admin_password> set filelessattackprevention enable
disable
Disable Fileless Attack Prevention
For example, type:
SLCmd.exe -p <admin_password> set filelessattackprevention disable
show filelessattackprevention-process
Display the list of monitored processes
For example, type:
SLCmd.exe -p <admin_password> show filelessattackprevention-process
add filelessattackprevention-exception
<monitored_process> <Parentprocess1> <Parentprocess2> <Parentprocess3> <Parentprocess4> -a <arguments> -regex –l <label>
Add a Fileless Attack Prevention exception
For example, given the following exception:
  • Monitored Process: cscript.exe
  • Parentprocess1: a.exe
  • Parentprocess2:
  • Parentprocess3: c.exe
  • Parentprocess4:
  • Arguments: -abc –def
  • Use regular expression for arguments: No
To add the exception, type:
SLCmd.exe -p <admin_password> add flpe cscript.exe a.exe "" c.exe "" -a "-abc –def"
remove filelessattackprevention-exception
–l <label>
Remove a Fileless Attack Prevention exception
For example, type:
SLCmd.exe -p <admin_password> remove filelessattackprevention-exception –l <label>
Note
Note
  • If a monitored process is launched before SafeLock is started, SafeLock is unable to detect and block the monitored process.
  • In systems running Windows Vista x86 (no service pack installed), the Fileless Attack Prevention feature can run the process chain check without issues, but is unable to perform the command line argument check. If a process passes the process chain check on these systems, the command line argument check is skipped completely.