Endpoint Protection

 View Only

  • 1.  Custom action batch or VBS script

    Posted Apr 11, 2012 08:27 PM

    Hello,

    Has anyone had any success with creating a script initiated from the actions field from the Monitor > Notifications Conditions ?

    I was wondering if any script could be created that would have the local clients SEP perform a full system scan upon virus alert ?

    Looking through the SEPM AV/AS policies, I didn't see any option to force the SEP client to run a full system scan. Just delete or quarantine the inflection.

    Thx, RK 



  • 2.  RE: Custom action batch or VBS script

    Posted Apr 11, 2012 10:43 PM

    Did you try DoScan.exe?

     

    https://www-secure.symantec.com/connect/articles/new-features-doscanexe-sep-ru6mp1



  • 3.  RE: Custom action batch or VBS script

    Posted Apr 11, 2012 11:46 PM

    Yes I did.. for some reason it doesn't perform the scan.. Example of my command - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection>DoScan.exe /ScanDir "C:\Test"

    I dont have anything inside my "test' folder and the DOS cursor just sets their (meaning it does return back after 20 minutes)

    I checked the processes and can see doscan.exe running but no processor activity.



  • 4.  RE: Custom action batch or VBS script

    Posted Apr 12, 2012 06:07 AM

    Put a zipped EICAR file in your C:\test directory and try doscan.exe again. It should do the job (can be seen later in the client risk/scan logs).

    If your problem is to get a batch file running by a notification, have a look at this document:

    "Notification Condition" action to "Run the batch or executable file" does not appear to function.

    http://www.symantec.com/docs/TECH105287