Vpscan.exe: A command-line scanner for Symantec AntiVirus

Article:TECH99979  |  Created: 2002-01-09  |  Updated: 2006-01-27  |  Article URL http://www.symantec.com/docs/TECH99979
Article Type
Technical Solution


Environment

Issue



You want to scan a computer with Symantec AntiVirus. You do not want to use the graphical user interface to start the scan.


Solution



You can use the unsupported Vpscan.exe tool to start a scan without the graphical user interface.


Note: Symantec Technical Support does not support this tool. Symantec provides no-support tools as a convenience only. The inclusion of such tools does not imply that Symantec endorses, recommends, or accepts any responsibility for the use of these tools.



About Vpscan.exe
You can use Vpscan.exe on any 32-bit version of Windows. Vpscan.exe is not a DOS-based scanner, and you cannot run Vpscan.exe from a bootable disk. Because Vpscan.exe makes a call to Rtvscan.exe and uses the current local virus definitions, Auto-Protect must be enabled. The results of the scan are logged in the regular Symantec AntiVirus logs. For a list of log file locations, see the Technical Information section of this document.

How to use Vpscan.exe
You can find Vpscan.exe in the Tools\Nosuprt\Vpscan folder on the installation CD. Save the Vpscan.exe file to the computer that you want to scan.

Usage:

VPSCAN [X Options] [ScanTarget]

The following table shows the command-line options:


Scan Options

Description

/UI

GUI to be able to set your settings for a scan. Note: The stop scanning button has not been enabled.

/INI

Use scan options from the INI file. INI options can apply only to /USER and /ADMIN scans.

/GREYWARE

Enable scanning for greyware on machine. For Symantec AntiVirus Version
9.x and above.

/PROCESSES

Enable scanning for infected process loaded in memory on
machine. For Symantec AntiVirus Version 9.x and above.

/SECURITYRISKS

Enable scanning for security risks on machine. For Symantec AntiVirus
Version 10.x and above.

/LOADPOINTS

Enable scanning for generic load points on machine. For Symantec AntiVirus
Version 10.x and above.

/KILLSERVICE

Enable automatic termination of infected services. For Symantec AntiVirus
Version 10.x and above.

/KILLPROCESS

Enable automatic termination of infected processes. For Symantec AntiVirus
Version 10.x and above.

/SHOWSCAN

Shows scan progress dialog.

ScanType


/USER

Run a client user's scan (default, no need to specify)

/ADMIN

Run an admin scan

/SWEEP

Run virus sweep, requires the location of a GRC.DAT file

ScanTarget


/USER

Specify a directory path or file name to scan

/ADMIN

Specify a directory path or file name to scan

/SWEEP

Specify the GRC.DAT to use, as C:\TEMP\GRC1.DAT. This allows the scan to use any custom settings for scanning that you might have configured in your grc.dat.

INI Option

Do not use the following options with the previous options above.

/CREATEINI

To Create a simple INI from the current user settings.
The INI file is placed in the same directory as VPSCAN.EXE.

/ALLOPTIONS

Use with /CREATEINI; adds options that are available for users in the UI.

Examples


To scan the entire hard drive without a graphical user interface, type the following command:

vpscan.exe c:\
To create a sample INI file to modify and use for scans run the following command at the command prompt:


vpscan.exe /createini

To run a user scan (on a machine with Symantec AntiVirus 9.x or above on it) that will scan for greyware and in-memory infections, run the following command at the command prompt:

vpscan.exe /user /greyware /processes "c:\program files"

To run a sweep scan, run the following command at the command prompt:

vpscan.exe /sweep c:\temp\grc.dat

To run a user scan (on a machine with Symantec AntiVirus 10.x or above on it) that will scan for in-memory infections, generic load points, security risks, and have the action of terminating infected processes, run the following command:

vpscan.exe /user /processes /securityrisks /loadpoints /killprocess c:\



Notes: The /KILLPROCESS and /KILLSERVICE options can impact the user who is currently working on the machine being scanned. Use these options with care as they will not prompt the user before terminating the process or service. For example, if the infected process is Internet Explorer and the user has it currently open, then the process will be terminated without any way for the
user to stop it.

You can use 10.x options on previous versions of Symantec AntiVirus. The previous version will just ignore the options that it does not understand. This allows you to have a batch file or VBScript that can be run on any version of Symantec AntiVirus and you only have to maintain that one file instead of one file per Symantec AntiVirus version.





References
You can set additional options for Vpscan.exe by creating a Vpscan.ini file. For details, read How to configure Vpscan.exe by using Vpscan.ini.



Technical Information
Symantec AntiVirus Corporate Edition 10.x

For Symantec AntiVirus Corporate Edition 10.x, the default locations for the log files are as follows:

  • Windows 2000/XP/2003
    %SystemDrive%\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs

Symantec AntiVirus Corporate Edition 9.x
For Symantec AntiVirus Corporate Edition 9.x, the default locations for the log files are as follows:
  • Windows 2000/XP/2003
    %SystemDrive%\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs
  • Windows 98/Me
    %SystemDrive%\Program Files\Symantec_Client_Security\Symantec AntiVirus\Logs
  • Windows NT
    %SystemDrive%\Winnt\Profiles\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs

Symantec AntiVirus Corporate Edition 8.x
For Symantec AntiVirus Corporate Edition 8.x, the default locations for the log files are as follows:
  • Windows 2000/XP/2003
    %SystemDrive%\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Logs
  • Windows 98/Me
    %SystemDrive%\Program Files\Symantec_Client_Security\Symantec AntiVirus\Logs
  • Windows NT
    %SystemDrive%\Winnt\Profiles\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Logs




Legacy ID



2002100907421648


Article URL http://www.symantec.com/docs/TECH99979


Terms of use for this information are found in Legal Notices