Hello Everyone
Today we will see how to use Symantec Offline Image Scanner tool (SOIS).
Symantec Offline Image Scanner (SOIS) is a stand-alone tool that can be used to scan .vmdk files using Symantec AntiVirus (SAV) 10, Symantec Endpoint Protection (SEP) 11, or Symantec Endpoint Protection (SEP) 12 definitions.
Option
Description
--file [filename]
file to scan
--dir [folder]
folder to scan
--avedefs [folder]
use AV definitions from this location
--tempPath [folder]
folder for temporary files
--extExclude [extensions]
exclude specified filetypes from being scanned (example: ".mp3")
--heurLevel [level]
Heuristic BloodHound(TM) level: 0, 1, 2, or 3
--scanDepth [depth]
number of levels to expand in compressed files
--log [filename]
output scan results to the specified log file
--debugLog [filename]
output debugging info to the specified log file
--stopOnError
Stop scanning if errors occur
--silent
silent execution with no output to the console
--skipCompressedFiles
skip extraction of compressed or container files
--disableTelemetry
do not submit usage statistics
--enableDiagnostics
submit diagnostics information
--noGUI
run in command-line mode
--acceptEULA
accept EULA before proceeding to scan
No, it's not similar to SERT.
This one is design specifically to scan offline images. SERT tool can do many other things.
Great article. Is this tool similar to the SERT tool?