Endpoint Protection

 View Only
Back to Library

How to use Symantec Offline Image Scanner tool (SOIS) 

Jun 30, 2013 02:07 PM

Hello Everyone

Today we will see how to use Symantec Offline Image Scanner tool (SOIS).

1. From https://symantec.flexnetoperations.com download the archive Symantec_Endpoint_Protection_12.1_Tools_and_Documents_EN.exe
 
2. Launch the Symantec_Endpoint_Protection_12.1_Tools_and_Documents_EN.exe and give a destination path
 
You will see there Symantec offline Image scanner tool listed here
 
 
1st_3.JPG
 
3. Inside folder you will see SOIS.exe, launch SOIS.exe
 
2nd_2.JPG
4. After successful extraction, Accept the license agreement
 
3rd_1.JPG
 
 
3RD1_0.JPG
 
This is the main screen from where you can perform scan of .vmdk files. 

Symantec Offline Image Scanner (SOIS) is a stand-alone tool that can be used to scan .vmdk files using Symantec AntiVirus (SAV) 10, Symantec Endpoint Protection (SEP) 11, or Symantec Endpoint Protection (SEP) 12 definitions.

 
4th_0.JPG
 
This product does not ship with AntiVirus (AV) definitions nor does it download them from Symantec's servers. If you have SEP/SAV installed on your computer, SOIS uses those definitions.
 
Also, you have other options.
  • Compressed files options - By default it's set to 3
  • File exclusion - By default no files are excluded from scanning.
  • Heuristic scanning- By default this option is checked.
 
5th_0.JPG
 
Command line options
 

Option

Description

--file [filename]

 file to scan

--dir [folder]                

 folder to scan

--avedefs [folder]

 use AV definitions from this location

--tempPath [folder]

 folder for temporary files

--extExclude [extensions]

 exclude specified filetypes from being scanned (example: ".mp3")

--heurLevel [level]

 Heuristic BloodHound(TM) level: 0, 1, 2, or 3

--scanDepth [depth]

 number of levels to expand in compressed files

--log [filename]

 output scan results to the specified log file

--debugLog [filename]

 output debugging info to the specified log file

--stopOnError

 Stop scanning if errors occur

--silent

 silent execution with no output to the console

--skipCompressedFiles

 skip extraction of compressed or container files

--disableTelemetry  

 do not submit usage statistics

--enableDiagnostics

 submit diagnostics information

--noGUI

 run in command-line mode

--acceptEULA

 accept EULA before proceeding to scan
 
The functionality of the current version of the tool is:
  • Can be run on Windows to scan FAT32 and NTFS file-systems in the guest OS
  • Scans offline VMware images (.vmdk files only)
  • No dependency on any other Symantec solutions beyond AV defs 
  • Command-line options for silent and automated operation
  • Detailed logging/reporting capabilities
  • Runs as a portable application and doesn’t require a traditional install
 
The Caveats for the current version of the tool are:
  • SOIS does not support scanning snapshots, suspended images or memory dumps (.vmem files)
  • SOIS does not support nested VMDKs
  • SOIS only supports FAT32 and NTFS file systems
  • Tool is English only but it can scan VMs having a OS in any language 
  • SOIS runs with the privileges of the currently logged-in user. It is unable to scan folders such as “System Volume Information” and “Recycle Bin” which have permissions only for the SYSTEM user.
  • SOIS is compatible with AV defs of SEP 11, 12 and SAV 10 only
 
Reference Articles:
 
How to use the Symantec Offline Image Scanner tool (SOIS)
 
 
About the Symantec Offline Image Scanner tool
 
 

Statistics
0 Favorited
8 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Chetan Savade
Sep 12, 2013 02:08 PM

No, it's not similar to SERT.

This one is design specifically to scan offline images. SERT tool can do many other things.

 

 

nwranich
Sep 12, 2013 01:47 PM

Great article.  Is this tool similar to the SERT tool?

Related Entries and Links

No Related Resource entered.