Kaspersky Threat Intelligence Portal allows you to start object execution with specific command line parameters. The Command line parameters field is optional and available only when a Microsoft Windows execution environment is selected.
You can use environment variables by placing the %
sign in front of and after the variable name, for example: %SYSTEMROOT%
. By default, the environment variables are expanded on the user's host before the object is transferred to and executed in the Sandbox. To transfer environment variables to the Sandbox as is, without expansion, use the %%
sign, for example: %%SYSTEMROOT%%
.
The command line may contain a $sample
variable that will be replaced in the Sandbox with the actual path to the object in the operating system (for example, <notepad path> /A $sample
).
A command in the command line must not exceed 1024 characters, otherwise Kaspersky Threat Intelligence Portal shortens it. Depending on the technical constraints of an operating system that is used as an execution environment in the Sandbox, the command may be further shortened.
Examples: Specify an application that you want to execute the object with:
Specify a file to write the output of the object to:
Execute an object and write the output into a file that includes the computer name as the file name:
|
Environment variables usage
Environment variables |
Microsoft Windows 10 x64 |
Microsoft Windows 7 x64 |
Microsoft Windows 7 |
Microsoft Windows XP |
---|---|---|---|---|
ALLUSERSPROFILE |
||||
APPDATA |
||||
CLIENTNAME |
. |
|||
CommonProgramFiles |
||||
CommonProgramFiles(x86) |
||||
CommonProgramW6432 |
||||
COMPLUS_ProfAPI_ProfilerCompatibilitySetting |
||||
COMPUTERNAME |
||||
ComSpec |
||||
COR_ENABLE_PROFILING |
||||
COR_PROFILER |
||||
DriverData |
||||
FP_NO_HOST_CHECK |
||||
HOME |
||||
HOMEDRIVE |
||||
HOMEPATH |
||||
LOCALAPPDATA |
||||
LOGNAME |
||||
LOGONSERVER |
||||
NUMBER_OF_PROCESSORS |
||||
OneDrive |
||||
OS |
||||
Path |
||||
PATHEXT |
||||
PROCESSOR_ARCHITECTURE |
||||
PROCESSOR_IDENTIFIER |
||||
PROCESSOR_LEVEL |
||||
PROCESSOR_REVISION |
||||
ProgramData |
||||
ProgramFiles |
||||
ProgramFiles(x86) |
||||
ProgramW6432 |
||||
PROMPT |
||||
PSModulePath |
||||
PUBLIC |
||||
PWD |
||||
SESSIONNAME |
||||
SHELL |
||||
SHLVL |
||||
SystemDrive |
||||
SystemRoot |
||||
TEMP |
||||
TERM |
||||
TMP |
||||
USER |
||||
USERDOMAIN |
||||
USERDOMAIN_ROAMINGPROFILE |
||||
USERNAME |
||||
USERPROFILE |
||||
windir |
||||
windows_tracing_flags |
||||
windows_tracing_logfile |
||||
XDG_RUNTIME_DIR |
||||
XDG_SEAT |
||||
XDG_SESSION_ID |
||||
XDG_VTNR |