How to perform a full virus scan while in safe mode with command prompt

Article:TECH106310  |  Created: 2008-01-20  |  Updated: 2013-09-17  |  Article URL http://www.symantec.com/docs/TECH106310
Article Type
Technical Solution


Environment

Issue



How do I start a Windows XP or Windows Server 2003 machine into Safe Mode with Command Prompt so that I may perform a full virus scan?
How do I start a Windows 7 or Windows Server 2008 computer into Safe Mode with Command Prompt so that I may perform a full virus scan?

 


Error



Symptoms
Virus scans in Normal and regular "Safe" mode have not been able to remove a detected threat from a machine.

 


Environment



Symantec Endpoint Protection 11.x and earlier.  


Cause



Some infectious threats tie themselves to critical system processes (E.G., Explorer.exe), thus becoming resident in a system's memory. Because of this, virus scans may be ineffective at removing the threat while a machine is started in either normal or regular "safe" mode.


Solution



In most instances, a full system scan in safe mode will be sufficient to remove threats.  In case it is not, using the Symantec Endpoint Recovery Tool (SERT) LiveCD is one preferred option. 

Starting a computer into the mode Safe Mode with Command Prompt may also prove to be more successful when removing an infectious threat since the explorer.exe process does not run in this mode.

For Symantec Endpoint Protection (SEP):
 

  1. Isolate (disconnect) all affected machines from the network
  2. Restart these machines into Safe Mode with Command Prompt. Immediately press F8 prior to the operating system load screen. This will display a startup menu with an option for Safe Mode with Command Prompt. Select this option.
  3. After the computer has loaded into this mode, close the Command Prompt window that appears
  4. Press CTRL+ALT+DEL to bring up task manager
  5. Click File > New Task (Run...)
  6. Browse to the install directory for Symantec Endpoint Protection. By default, this is C:\program files\symantec\symantec endpoint protection\
  7. Select SymCorpUI.EXE and click Open
  8. In the Create New Task window, click OK to run the application. This will open Symantec Endpoint Protection
  9. On the left-hand side, click Scan For Threats.
  10. Click Run Full Scan. This will start the scanning process immediately.
      Note: Upon running SymCorpUI.EXE, a window may appear with the following message: "It appears that the Symantec Management Client service is not running. You will not be able to manage network protection settings through the main user interface until it is running. Do you want to start the service now?" Click No to this message


For Symantec AntiVirus (SAV):
 

  1. Isolate (disconnect) all affected machines from the network
  2. Restart these machines into Safe Mode with Command Prompt. Immediately press F8 prior to the operating system load screen. This will display a startup menu with an option for Safe Mode with Command Prompt. Select this option.
  3. After the computer has loaded into this mode, close the Command Prompt window that appears
  4. Press CTRL+ALT+DEL to bring up task manager
  5. Click File > New Task (Run...)
  6. Browse to the install directory for Symantec AntiVirus (C:\Program Files\Symantec AntiVirus by default)
  7. Select VPC32.exe and click Open
  8. In the Create New Task window, click OK to run the application. This will open Symantec AntiVirus
  9. Click the Scan menu and select Full Scan
  10. Click Scan at the bottom-right corner.


If there are problems running either Symantec Endpoint Protection or Symantec AntiVirus in this startup mode, or if the suspected threat is not being found, please contact Technical Support for further assistance.

 



 




Legacy ID



2008102011220248


Article URL http://www.symantec.com/docs/TECH106310


Terms of use for this information are found in Legal Notices