Run Endpoint Protection scans from a command line using DoScan.exe

Article:TECH104287  |  Created: 2008-01-28  |  Updated: 2015-02-18  |  Article URL http://www.symantec.com/docs/TECH104287
Article Type
Technical Solution


Issue



You want to know how to run Endpoint Protection scans from from a command prompt using DoScan.exe.


Solution



You can run DoScan.exe from a DOS prompt or script to scan common risk locations (like Active or Quick Scan) or scan all drives on any 32-bit version of Windows.

NOTE:  DoScan.exe is not a DOS-based scanner. You cannot run DoScan.exe from a bootable disk. Because DoScan.exe makes a call to Rtvscan.exe and uses the current local virus definitions, Auto-Protect must be enabled. Please contact support if you require a boot-disk scanning tool.
 Doscan.exe is typically found inside the SEP client installation folder, by default:
"%programfiles%\Symantec\Symantec Endpoint Protection"
 The options can be viewed by double clicking on the file DoScan.exe application in Windows, or by using the “DoScan.exe /help” command.
The proper syntax of a DoScan.exe command is:
DoScan [/scanname <scan name>] [/scandrive <drive list>] [/scandir <directory>] [/scanfile <file path>] [/list] [/cmdlinescan] [/scanalldrives] [/startupscans] [/help]
The options available in SEP 11.0.6 MP1 and higher are provided below .

Command Line Option
Option function
/scanname "< scan name>"
Runs the scan specified.
/scandrive "<drive list>"
Runs a default quick scan with the drives specified.
Drive list example: "A-C,E,V-S,Z" scans drives A, B, C, E, S, T, U, V, Z.
/scandir "<directory>"
Runs a default quick scan with the directory specified. This option may repeat.
/scanfile "<file name>"
Runs a default quick scan with the file names specified. This option may repeat.
/list
Lists the scans in this system on a console window.
/cmdlinescan
Runs a default quick scan.
/scanalldrives
When used with /cmdlinescan, this option scans all disk drives in addition to the default quick scan options.
/startupscans
When used with /cmdlinescan, this option runs the default startup quick scan.
/help
Displays command line help.

 

Logs performed from DoScan will be located in:

"%ALLUSERSPROFILE%\Application Data\Symantec\Symantec Endpoint Protection\Logs"
In 12.1, there are have been some changes and expanded options to the DoScan program.
The proper syntax of a 12.1 DoScan.exe command is:
DoScan.exe [<Scan file/folder name>] [/F[ileList] "<List file name>"] [/Cloudscan or /O] [/ScanFile "<file name>"] [/ScanDir "<folder name>"] [/ScanName "<Configured Scan Name>"] [/L[ist]] [/C[mdLineScan] [/ScanAllDrives]] [/A[sync]|/Sync] [/Help]
The options available in SEP 11.0.6 MP1 and higher are provided below .

Command Line Option
Option function
"<Scan file/folder name>"
Specifies a single file/folder to scan.
/F[ileList] "<List file name>"
Specifies a text file that lists full paths of files/folders to scan.
/O or /Cloudscan
Specifies that the item should also be sent to the Cloud for scanning.
The switch will only apply to a single file item, or a file list containing a single item.
/ScanFile "<file name>"
Scans the specified file. Multiple files can be specified with multiple /ScanFile switches.
For example: / ScanFile "%WinDir%\notepad.exe" /ScanFile "C:\Test"
/ScanDir "<folder name>"
 Scans the specified folder. Multiple folders can be specified with multiple /ScanDir switches.
For example: /ScanDrive "%WinDir%\System32" /ScanDir "%Temp%" /ScanDir "C:\Test"
/ScanDrive "<drives>"
Scans the specified drives.
For example: /ScanDrive "A-C,E,V-S,Z" scans drives A, B, C, E, S, T, U, V, Z.
/ScanName "<Configured Scan Name>"
Runs the specified local or administrator scan.
/L[ist]
Lists all the local and administrator scans configured for this computer.
/C[mdLineScan]
Performs a quick scan.
/ScanAllDrives
Scans all disk drives.
/A[sync]
Start scan asynchronously.
/Sync
Start scan synchronously. (default)
/H[elp]
Displays command line help.

 
Logs performed from 12.1 DoScan will be located in:
C:\Programdata\Symantec\Symantec Endpoint Protection\[SEP Version]\Data\Logs\AV\
Note:  Previous functionality to create a log file with doscan.exe (switch /LOGFILE=) known from earlier versions of SEP 11 has been removed.



Legacy ID



2008022809230648


Article URL http://www.symantec.com/docs/TECH104287


Terms of use for this information are found in Legal Notices