Scan Endpoint Protection clients from a command-line with DoScan.exe


Article ID: 151455


Updated On:


Endpoint Protection Network Access Control Starter Edition


How to use DoScan.exe to start a Symantec Endpoint Protection (SEP) client scan from a command-line.


About DoScan.exe

DoScan.exe provides a command-line interface to start a Symantec Endpoint Protection (SEP) client scan. It can be started manually, through the Windows Task Scheduler, or by a script. By default, scans started by DoScan.exe use Quick Scan settings, which do not scan inside compressed files or Scan Memory, Common infection locations and Well-known virus and security-risk locaitons, also known as Scan Enhancements.  In order to scan these you would need to have DoScan.exe call a configured scan with these options configured.

Note: DoScan.exe must be run from within Windows, and relies on the SEP client for its scan functionality.

Running DoScan.exe

Run DoScan.exe using the hard link located at C:\Program Files (x86)\Symantec Endpoint Protection\DoScan.exe. This link provides a static path to the physical file located at C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<Vesion>\bin.

The trailing \ must be omitted. You may use a \ in the path, but the final character must not be a \ to run a command properly. For example:

DoScan.exe /ScanDir D:

The /ScanDrive option is omitted. You can use /ScanDir as an alternative. For example, to scan the entire C drive:

DoScan.exe /ScanDir C:

DoScan.exe [<Scan file/folder name>] [/F[ileList] "<List file name>"]  [/ScanFile "<file name>"] [/ScanDir "<folder name>"] [/ScanName "<Configured Scan Name>"]
           [/L[ist]] [/C[mdLineScan] [/A[sync]|/Sync] [/Help]

The options available in SEP 14..x are provided below

Command Line Option Option Function
"<Scan file/folder name>"

Specifies a single file/folder to scan.

/ScanFile "<file name>" Scans the specified file. Multiple files can be specified with multiple /ScanFile switches.

For example: /ScanFile "%WinDir%\notepad.exe" /ScanFile "C:\Test"


/ScanDir "<folder name>"

 Scans the specified folder. Multiple folders can be specified with multiple /ScanDir switches.

For example: /ScanDir "%WinDir%\System32" /ScanDir "%Temp%" /ScanDir "C:\Test"

/ScanName "<Configured Scan Name>"

Runs the specified local or administrator scan.


/L[ist] Lists all the local and administrator scans configured for this computer.
/C[mdLineScan] Performs a quick scan.
/A[sync] Start scan asynchronously.

Start scan synchronously. (default)

/H[elp] Displays command line help
Logs performed from 14.x DoScan will be located in:
C:\Programdata\Symantec\Symantec Endpoint Protection\[SEP Version]\Data\Logs\AV\