Endpoint Protection

 View Only

  • 1.  Is there a way to do a full scan from a commandline utility?

    Posted Aug 08, 2013 02:21 AM

    Hi,

    Basically I have a list of virus infected machines that I would like to run a full scan on using a batch job or a command line script.

    I've looked at SEPM but  the machiens are scattered in different groups\OU's - adding the machines to a single group is not an option.

    I've looked at DOSCAN and it appears that DOSCAN only runs active scans - I am looking for full scan option.

     

    Please help. Surely there are System Administrators out there that must be experiencing the same trouble? 

     

    SEP11RU7



  • 2.  RE: Is there a way to do a full scan from a commandline utility?

    Posted Aug 08, 2013 02:26 AM

    hi,

    check this artical

    https://www-secure.symantec.com/connect/articles/doscanexe-sep-antivirus-scans-command-prompt-introduction

    How to run a scan from a command line using Symantec Endpoint Protection using DoScan.exe

     

    Article:TECH104287  |  Created: 2008-01-28  |  Updated: 2012-05-25  |  Article URL http://www.symantec.com/docs/TECH104287

     



  • 3.  RE: Is there a way to do a full scan from a commandline utility?

    Broadcom Employee
    Posted Aug 08, 2013 02:38 AM

    DOSCAN can do a scan on the listed directories.

    check this link

    http://www.symantec.com/business/support/index?page=content&id=TECH104287

     

     



  • 4.  RE: Is there a way to do a full scan from a commandline utility?

    Posted Aug 08, 2013 03:38 AM

    Thanks but this does not answer my question. The topic here is how to run a FULL SCAN on multiple machines.

    I've already looked at the article and the commands of DOSCAN thoroughly as you can set a listed directory, a file, a drive. Can you however confirm the action performed with DOSCAN is of a FULL SCAN type?

    Unless there is a way to push out a batch of full scans using the doscan utility, this renders itself as useless to me.



  • 5.  RE: Is there a way to do a full scan from a commandline utility?

    Broadcom Employee
    Posted Aug 08, 2013 04:03 AM

    SEPM is the best way to handle this if you find pushing the batch file is additional effort.



  • 6.  RE: Is there a way to do a full scan from a commandline utility?

    Posted Aug 08, 2013 04:17 AM

    From the document above it says Active or Quick Scan or scan all drives on any 32-bit version of Windows. I haven't tried this. Here is the list of scan registry keys. we need to set these values such that missed event should occur and scan should take place immediately.

    http://www.symantec.com/connect/articles/symantec-endpoint-protection-few-registry-tweaks

    http://www.symantec.com/business/support/index?page=content&id=TECH175447



  • 7.  RE: Is there a way to do a full scan from a commandline utility?

    Posted Aug 08, 2013 04:21 AM

    HI,

    Follow the  TECH104287 it having a very good idea about this.

    Regards

    Ajin

     

     



  • 8.  RE: Is there a way to do a full scan from a commandline utility?

    Posted Aug 08, 2013 05:51 AM

    You can achieve this in two steps:

    1. Create a full admin scan on the assigned policy in SEPM (set the Scan type in the properties to FULL SCAN).

    2. Run the doscan.exe on client with the /ScanName switch

    /ScanName "<Configured Scan Name>" - Runs the specified local or administrator scan.

    • No additional scan options can be set – these will be taken over from the scheduled scan settings as configured in the policy
    • The name of the scan needs to be specified

     

    Some more reference to the Doscan tool:

    DoScan.exe – SEP Antivirus scans from Command Prompt – Introduction

    http://www.symantec.com/connect/articles/doscanexe-sep-antivirus-scans-command-prompt-introduction