How to run a scan from a command line using Symantec Endpoint Protection using DoScan.exe

Article:TECH104287  |  Created: 2008-01-28  |  Updated: 2012-05-25  |  Article URL http://www.symantec.com/docs/TECH104287
Article Type
Technical Solution


Issue



How to run a SEP Antivirus Scan from Command Prompt?

 


Solution



You can run DoScan.exe from a DOS prompt or script to scan common risk locations (like Active or Quick Scan) or scan all drives on any 32-bit version of Windows.

NOTE: From RU6-MP1 release DoScan.exe has more features and can launch scans to custom directories see below.

 Doscan.exe is typically found inside the SEP (Symantec Endpoint Protection) client installation folder, by default:


"%programfiles%\Symantec\Symantec Endpoint Protection"

 

The options can be viewed by double clicking on the file. These options are case sensitive.

  DoScan Help

 DoScan.exe /cmdlinescan [/LOGFILE="<log file path and filename>"] [/SCANALLDRIVES]

This will create a log file, called DoScan.log. The log will be located by default in:


 "%ALLUSERSPROFILE%\Application Data\Symantec\Symantec Endpoint Protection\Logs"

or inside the location you specify in the command-line.

 

From SEP 11 RU6-MP1 release, there are new features available in DoScan.exe.

You can see the new features from the help window of DoScan.exe on RU6-MP1, running “Doscan.exe /help” command line:  

DoScan RU6-MP1 Help

 More information about the new features and their usage:

1) DoScan.exe /ScanName "Weekly Scheduled Scan"

  • Only one scan is allowed to pass in as of now. The name of a local scan or admin scan can be passed in as a parameter.

  • Scan options are the same as from the named scan in the command line.

 2) DoScan.exe /List

  • Lists all the admin and local scans present in the system.

  • Attaches to the same console if launched from a console or creates a new console to display the output if launched from a Windows GUI.  

Notes:
Before run the command 'DoScan.exe /ScanName "Weekly Scheduled Scan', you need to run the 'DoScan.exe /List' to find out what scan name can be used.

 

Below is the example of the 'DoScan.exe /List':

 DoScan list

 3) DoScan.exe /ScanDrive "A-C,E,V-S,Z"

  • You can leave spaces in between drive letters but the entire string should be within quotes. This example will scan drives A, B, C, E, S, T, U, V, Z.

  • Scan options will be taken from the default quick scan options.

 4) DoScan.exe /ScanDir "%WinDir%\System32" /ScanDir "%Temp%" /ScanDir "C:\Test"

  • Multiple directories can be passed in with multiple /ScanDir switches.

  • Relative paths or Environment strings are permitted in the path. Internally these will be converted to fully qualified names.

  • Scan options will be taken from the default quick scan options.

 5) DoScan.exe /ScanFile "C:\Test.log" /ScanFile "%WinDir%\Notepad.exe"

  • Same as the /ScanDir switch. Multiple filenames can be passed with multiple /ScanFile switches.

  • Relative paths or Environment strings are permitted in the path. Internally these will be converted to fully qualified names.

  • Scan options will be taken from the default quick scan options.

NOTES: DoScan.exe is not a DOS-based scanner. You cannot run DoScan.exe from a bootable disk. Because DoScan.exe makes a call to Rtvscan.exe and uses the current local virus definitions, Auto-Protect must be enabled.

Doscan.exe options in SEP 12.1

Notes:

- Previous funtionality to create a log file with doscan.exe (switch /LOGFILE=) known from SEP 11 is completely gone. Log files for scans started with doscan.exe are by default created in C:\Programdata\Symantec\Symantec Endpoint Protection\[SEP Version]\Data\Logs\AV\



Legacy ID



2008022809230648


Article URL http://www.symantec.com/docs/TECH104287


Terms of use for this information are found in Legal Notices