Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to use Symantec Offline Image Scanner tool (SOIS)

Created: 30 Jun 2013 • Updated: 19 Jul 2013 | 2 comments
Language Translations
Chetan Savade's picture
+6 6 Votes
Login to vote

Hello Everyone

Today we will see how to use Symantec Offline Image Scanner tool (SOIS).

1. From https://symantec.flexnetoperations.com download the archive Symantec_Endpoint_Protection_12.1_Tools_and_Documents_EN.exe
 
2. Launch the Symantec_Endpoint_Protection_12.1_Tools_and_Documents_EN.exe and give a destination path
 
You will see there Symantec offline Image scanner tool listed here
 
 
1st_3.JPG
 
3. Inside folder you will see SOIS.exe, launch SOIS.exe
 
2nd_2.JPG
4. After successful extraction, Accept the license agreement
 
3rd_1.JPG
 
 
3RD1_0.JPG
 
This is the main screen from where you can perform scan of .vmdk files. 

Symantec Offline Image Scanner (SOIS) is a stand-alone tool that can be used to scan .vmdk files using Symantec AntiVirus (SAV) 10, Symantec Endpoint Protection (SEP) 11, or Symantec Endpoint Protection (SEP) 12 definitions.

 
4th_0.JPG
 
This product does not ship with AntiVirus (AV) definitions nor does it download them from Symantec's servers. If you have SEP/SAV installed on your computer, SOIS uses those definitions.
 
Also, you have other options.
  • Compressed files options - By default it's set to 3
  • File exclusion - By default no files are excluded from scanning.
  • Heuristic scanning- By default this option is checked.
 
5th_0.JPG
 
Command line options
 

Option

Description

--file [filename]

 file to scan

--dir [folder]                

 folder to scan

--avedefs [folder]

 use AV definitions from this location

--tempPath [folder]

 folder for temporary files

--extExclude [extensions]

 exclude specified filetypes from being scanned (example: ".mp3")

--heurLevel [level]

 Heuristic BloodHound(TM) level: 0, 1, 2, or 3

--scanDepth [depth]

 number of levels to expand in compressed files

--log [filename]

 output scan results to the specified log file

--debugLog [filename]

 output debugging info to the specified log file

--stopOnError

 Stop scanning if errors occur

--silent

 silent execution with no output to the console

--skipCompressedFiles

 skip extraction of compressed or container files

--disableTelemetry  

 do not submit usage statistics

--enableDiagnostics

 submit diagnostics information

--noGUI

 run in command-line mode

--acceptEULA

 accept EULA before proceeding to scan

 
The functionality of the current version of the tool is:
  • Can be run on Windows to scan FAT32 and NTFS file-systems in the guest OS
  • Scans offline VMware images (.vmdk files only)
  • No dependency on any other Symantec solutions beyond AV defs 
  • Command-line options for silent and automated operation
  • Detailed logging/reporting capabilities
  • Runs as a portable application and doesn’t require a traditional install
 
The Caveats for the current version of the tool are:
  • SOIS does not support scanning snapshots, suspended images or memory dumps (.vmem files)
  • SOIS does not support nested VMDKs
  • SOIS only supports FAT32 and NTFS file systems
  • Tool is English only but it can scan VMs having a OS in any language 
  • SOIS runs with the privileges of the currently logged-in user. It is unable to scan folders such as “System Volume Information” and “Recycle Bin” which have permissions only for the SYSTEM user.
  • SOIS is compatible with AV defs of SEP 11, 12 and SAV 10 only
 
Reference Articles:
 
How to use the Symantec Offline Image Scanner tool (SOIS)
 
 
About the Symantec Offline Image Scanner tool
 
 

Comments 2 CommentsJump to latest comment

nwranich's picture

Great article.  Is this tool similar to the SERT tool?

0
Login to vote
Chetan Savade's picture

No, it's not similar to SERT.

This one is design specifically to scan offline images. SERT tool can do many other things.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote