Scan Endpoint Protection clients from a command-line with DoScan.exe
Article ID: 151455
Updated On:
Products
Issue/Introduction
Use DoScan.exe to start a Symantec Endpoint Protection (SEP) client scan from a command-line.
Resolution
About DoScan.exe
DoScan.exe provides a command-line interface to start a Symantec Endpoint Protection (SEP) client scan. It can be started manually, through the Windows Task Scheduler, or by a script. By default, scans started by DoScan.exe use Quick Scan settings, which do not scan inside compressed files or Scan Memory, Common infection locations and Well-known virus and security-risk locations, also known as Scan Enhancements. In order to scan these you would need to have DoScan.exe call a configured scan with these options configured.
Note: DoScan.exe must be run from within Windows, and relies on the SEP client for its scan functionality.
Only the Command Line Options listed below are supported and available with the DoScan.exe
Running DoScan.exe
Run DoScan.exe using the hard link located at "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\DoScan.exe" (32-bit client) or "C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe" (64-bit client). This link provides a static path to the physical file located at " C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<Version>\bin" (32-bit client) or " C:\Program Files\Symantec\Symantec Endpoint Protection\<Version>\Bin64" (64-bit client).
The trailing \ must be omitted. You may use a \ in the path, but the final character must not be a \ to run the command properly. For example:
DoScan.exe /ScanDir D:
The /ScanDrive option is omitted. You can use /ScanDir as an alternative. For example, to scan the entire C drive:
DoScan.exe /ScanDir C:
DoScan.exe [<Scan file/folder name>] [/F[ileList] "<List file name>"] [/ScanFile "<file name>"] [/ScanDir "<folder name>"] [/ScanName "<Configured Scan Name>"]
[/L[ist]] [/C[mdLineScan] [/A[sync]|/Sync] [/Help]
Command line options available in SEP 14.x:
| Command Line Option | Option Function |
| "<Scan file/folder name>" |
Specifies a single file/folder to scan. |
| /ScanFile "<file name>" | Scans the specified file. Multiple files can be specified with multiple /ScanFile switches.
For example: /ScanFile "%WinDir%\notepad.exe" /ScanFile "C:\Test"
|
| /ScanDir "<folder name>" |
Scans the specified folder. Multiple folders can be specified with multiple /ScanDir switches. For example: /ScanDir "%WinDir%\System32" /ScanDir "%Temp%" /ScanDir "C:\Test" |
| /ScanName "<Configured Scan Name>" |
Runs the specified local or administrator scan. |
| /L[ist] | Lists all the local and administrator scans configured for this computer. |
| /C[mdLineScan] | Performs a quick scan. |
| /A[sync] |
Start scan asynchronously. Give control back while the Scan run in the background |
| /Sync |
Start scan synchronously. (default) If you run the DoScan from command line or script, the Doscan will just sit there until the scan is finished before proceeding to the next task. |
| /H[elp] | Displays command line help |
- Exit Code 0: Indicates the doscan completed successfully, however it doesn’t mean there were no detections. In order to know if a threat was detected, you would need to review the scan logs.
- Exit Code 1: Invalid parameter specified.
- Exit Code 2: Doscan.exe is already running. The second instance of doscan was aborted.
- Exit Code -1: Could not initialize.
Additional Information
Information for using doscan with the cloud-based Symantec Endpoint Protection (SEP 16) client, is detailed in this document: Symantec Endpoint Protection product Windows Command-Line Options
Feedback
