How to use the Symantec Offline Image Scanner tool (SOIS)

Article:TECH164012  |  Created: 2011-07-06  |  Updated: 2014-03-07  |  Article URL
Article Type
Technical Solution


You want to know how to use the Symantec Offline Image Scanner.


Symantec Offline Image Scanner (SOIS) is a stand-alone tool for Symantec Endpoint Protection (SEP) users to scan and detect threats in offline VMware disk images.  SOIS runs on Windows and is capable of scanning VMWare virtual disks (.vmdk files) using Windows guest operating systems created with VMware products.

How to use the Symantec Offline Image Scanner (SOIS)

SOIS is located on the second disk (Part 2) of the Symantec Endpoint Protection download. If you do not have Disk 2, you must download it first from FileConnect. See Related Articles for obtaining Symantec Endpoint Protection downloads.

  1. After you download and extract the contents of Part 2, navigate to \Tools\OfflineImageScanner, and then double-click SOIS.exe.
  2. Click Accept to accept the license agreement.
  3. Under Folders to Scan, click Add folder to add the folders to be scanned. You can include multiple folders, but you must add one folder at a time.
    To remove a folder from the list, click the folder, and then click Remove.
  4. To modify the default path for the log file location, click Browse and select the folder where you want to save the log file (SOIS_yyyy-mm-dd.xml).
  5. Under Scan using current settings is a list of the default settings for virus definitions, excluded file types, compressed file scanning and the heuristics level used for the scan. If you want to change the defaults, click Settings, choose from the following options, and then click OK when finished:
    • AV definitions: Click Use AV definitions from this location and then click Browse to select an alternate location for virus definitions.
    • Compressed files options: Click Scan files inside compressed files to disable the compressed file scanning that is enabled by default, or modify the number levels of compression to expand for scanning.
      Note: The higher this number is, the longer the scan takes.
    • File Exclusion: Click Exclude these file types (e.g. .zip, .rar) to list the file extensions to exclude during the scan.
    • Heuristic Scanning: Click Enable BloodHound™ heurisitc virus detection to disable the heuristic virus detection that is enabled by default, or to modify the sensitivity level from Default to Minimum or Maximum.
    • Telemetry: Click Send usage information to Symantec to disable the telemetry reporting that is enabled by default, or click Include debug/diagnostic information to send additional telemetry.
  6. Click Begin Scan.
  7. While the scan runs, click Abort Scan to stop the scan.
    When the scan is complete, you can click View Log to view the results, or Close to close the scan window.
  8. Click Exit to close the Symantec Offline Image Scanner.


Article URL

Terms of use for this information are found in Legal Notices