DoScan.exe causes high CPU usage

Article:TECH101254  |  Created: 2005-01-27  |  Updated: 2011-07-06  |  Article URL
Article Type
Technical Solution




You installed Symantec AntiVirus Corporate Edition 10.0 or Symantec Client Security 3.0. After you restart the computer, you notice that the process DoScan.exe is using a large amount of CPU and memory. After the DoScan.exe process completes, the Rtvscan.exe process is using about 40 MB of memory.




Before you begin:
If you see error messages regarding DoScan.exe, read the document Error: "Doscan.exe has generated errors and will be closed...."

This problem is fixed in Symantec AntiVirus 10.0.1 and Symantec Client Security 3.0.1. For information about how to obtain the latest build of Symantec AntiVirus or Symantec Client Security, read Obtaining an upgrade or update for Symantec AntiVirus Corporate Edition or Symantec Client Security.

If you cannot install Symantec AntiVirus 10.0.1 or Symantec Client Security 3.0.1, use the following workarounds.

You can prevent the creation of the startup Quick Scan on new Symantec AntiVirus clients by importing a registry file. Follow the directions that apply to your situation.

To remove the startup Quick Scan on Symantec AntiVirus clients

  • Stop any scans that are currently running, and then download and import the RemoveStartScan.reg file.

To prevent the creation of the startup Quick Scan before installing clients

  • Before installing or migrating managed clients, download and import the PreventStartScan.reg file onto each client.



  • Using the RemoveStartScan.reg file on a Symantec AntiVirus client removes all user-created scans. After users import the registry file, they must re-create any scans that they created.
  • Both of these files only work for the user who is currently logged on. On computers that have more than one user, each user must log on and import the files.

If the problem persists, disable the Defwatch Quick Scan.

To disable the Defwatch Quick Scan
Download and import the DefwatchQSOff.reg file.

If you need to disable the Defwatch Quick Scan on a number of managed clients, read the document Disabling the Quick Scan that runs after virus definitions update.

Technical Information
The DoScan.exe process is part of the default startup Quick Scan that runs after a user logs on. You can disable the startup Quick Scan in Symantec AntiVirus 10.0.1 or later.


Supplemental Materials

Value1-3Z5W7B; 1-3YYRM0

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices