Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

How to use Symantec Offline Image Scanner tool (SOIS)

Created: 30 Jun 2013 • Updated: 19 Jul 2013 | 2 comments
Language Translations
Chetan Savade's picture
+6 6 Votes
Login to vote

Hello Everyone

Today we will see how to use Symantec Offline Image Scanner tool (SOIS).

1. From download the archive Symantec_Endpoint_Protection_12.1_Tools_and_Documents_EN.exe
2. Launch the Symantec_Endpoint_Protection_12.1_Tools_and_Documents_EN.exe and give a destination path
You will see there Symantec offline Image scanner tool listed here
3. Inside folder you will see SOIS.exe, launch SOIS.exe
4. After successful extraction, Accept the license agreement
This is the main screen from where you can perform scan of .vmdk files. 

Symantec Offline Image Scanner (SOIS) is a stand-alone tool that can be used to scan .vmdk files using Symantec AntiVirus (SAV) 10, Symantec Endpoint Protection (SEP) 11, or Symantec Endpoint Protection (SEP) 12 definitions.

This product does not ship with AntiVirus (AV) definitions nor does it download them from Symantec's servers. If you have SEP/SAV installed on your computer, SOIS uses those definitions.
Also, you have other options.
  • Compressed files options - By default it's set to 3
  • File exclusion - By default no files are excluded from scanning.
  • Heuristic scanning- By default this option is checked.
Command line options



--file [filename]

 file to scan

--dir [folder]                

 folder to scan

--avedefs [folder]

 use AV definitions from this location

--tempPath [folder]

 folder for temporary files

--extExclude [extensions]

 exclude specified filetypes from being scanned (example: ".mp3")

--heurLevel [level]

 Heuristic BloodHound(TM) level: 0, 1, 2, or 3

--scanDepth [depth]

 number of levels to expand in compressed files

--log [filename]

 output scan results to the specified log file

--debugLog [filename]

 output debugging info to the specified log file


 Stop scanning if errors occur


 silent execution with no output to the console


 skip extraction of compressed or container files


 do not submit usage statistics


 submit diagnostics information


 run in command-line mode


 accept EULA before proceeding to scan

The functionality of the current version of the tool is:
  • Can be run on Windows to scan FAT32 and NTFS file-systems in the guest OS
  • Scans offline VMware images (.vmdk files only)
  • No dependency on any other Symantec solutions beyond AV defs 
  • Command-line options for silent and automated operation
  • Detailed logging/reporting capabilities
  • Runs as a portable application and doesn’t require a traditional install
The Caveats for the current version of the tool are:
  • SOIS does not support scanning snapshots, suspended images or memory dumps (.vmem files)
  • SOIS does not support nested VMDKs
  • SOIS only supports FAT32 and NTFS file systems
  • Tool is English only but it can scan VMs having a OS in any language 
  • SOIS runs with the privileges of the currently logged-in user. It is unable to scan folders such as “System Volume Information” and “Recycle Bin” which have permissions only for the SYSTEM user.
  • SOIS is compatible with AV defs of SEP 11, 12 and SAV 10 only
Reference Articles:
How to use the Symantec Offline Image Scanner tool (SOIS)
About the Symantec Offline Image Scanner tool

Comments 2 CommentsJump to latest comment

nwranich's picture

Great article.  Is this tool similar to the SERT tool?

Login to vote
Chetan Savade's picture

No, it's not similar to SERT.

This one is design specifically to scan offline images. SERT tool can do many other things.

Chetan Savade
Social Media Support Lead
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Login to vote