Scan Endpoint Protection clients from a command-line with DoScan.exe
search cancel

Scan Endpoint Protection clients from a command-line with DoScan.exe


Article ID: 151455


Updated On:


Endpoint Protection


How to use DoScan.exe to start a Symantec Endpoint Protection (SEP) client scan from a command-line.


About DoScan.exe

DoScan.exe provides a command-line interface to start a Symantec Endpoint Protection (SEP) client scan. It can be started manually, through the Windows Task Scheduler, or by a script. By default, scans started by DoScan.exe use Quick Scan settings, which do not scan inside compressed files or Scan Memory, Common infection locations and Well-known virus and security-risk locations, also known as Scan Enhancements.  In order to scan these you would need to have DoScan.exe call a configured scan with these options configured.

Note: DoScan.exe must be run from within Windows, and relies on the SEP client for its scan functionality.

          Only the Command Line Options listed below are supported and available with the DoScan.exe


Running DoScan.exe

Run DoScan.exe using the hard link located at "C:\Program Files (x86)\Symantec Endpoint Protection\DoScan.exe" or "C:\Program Files \Symantec Endpoint Protection\DoScan.exe" . This link provides a static path to the physical file located at " C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<Version>\bin" or " C:\Program Files \Symantec\Symantec Endpoint Protection\<Version>\bin" .

The trailing \ must be omitted. You may use a \ in the path, but the final character must not be a \ to run a command properly. For example:

DoScan.exe /ScanDir D:

The /ScanDrive option is omitted. You can use /ScanDir as an alternative. For example, to scan the entire C drive:

DoScan.exe /ScanDir C:

DoScan.exe [<Scan file/folder name>] [/F[ileList] "<List file name>"]  [/ScanFile "<file name>"] [/ScanDir "<folder name>"] [/ScanName "<Configured Scan Name>"]
           [/L[ist]] [/C[mdLineScan] [/A[sync]|/Sync] [/Help]

The options available in SEP 14..x are provided below

Command Line Option Option Function
"<Scan file/folder name>"

Specifies a single file/folder to scan.

/ScanFile "<file name>" Scans the specified file. Multiple files can be specified with multiple /ScanFile switches.

For example: /ScanFile "%WinDir%\notepad.exe" /ScanFile "C:\Test"


/ScanDir "<folder name>"

 Scans the specified folder. Multiple folders can be specified with multiple /ScanDir switches.

For example: /ScanDir "%WinDir%\System32" /ScanDir "%Temp%" /ScanDir "C:\Test"

/ScanName "<Configured Scan Name>"

Runs the specified local or administrator scan.

/L[ist] Lists all the local and administrator scans configured for this computer.
/C[mdLineScan] Performs a quick scan.

Start scan asynchronously.

Give control back while the Scan run in the background


Start scan synchronously. (default)

If you run the DoScan from command line or script, the Doscan will just sit there until the scan is finished before proceeding to the next task.

/H[elp] Displays command line help
Logs performed from 14.x DoScan will be located in:
C:\Programdata\Symantec\Symantec Endpoint Protection\[SEP Version]\Data\Logs\AV\
Exit Codes:
  • Exit Code 0: Normal Execution. Means doscan completed successfully, however it does not mean nothing was detected. In order to know if a threat was detected you would need to review the scan log.
  • Exit Code 1: Invalid parameter specified.
  • Exit Code 2: Doscan.exe is already running. The second instance of doscan was aborted.
  • Exit Code -1: Could not initialize.