How to use DoScan.exe to start a Symantec Endpoint Protection (SEP) client scan from a command-line.
About DoScan.exe
DoScan.exe provides a command-line interface to start a Symantec Endpoint Protection (SEP) client scan. It can be started manually, through the Windows Task Scheduler, or by a script. By default, scans started by DoScan.exe use Quick Scan settings, which do not scan inside compressed files or Scan Memory, Common infection locations and Well-known virus and security-risk locaitons, also known as Scan Enhancements. In order to scan these you would need to have DoScan.exe call a configured scan with these options configured.
Note: DoScan.exe must be run from within Windows, and relies on the SEP client for its scan functionality.
Running DoScan.exe
Run DoScan.exe using the hard link located at C:\Program Files (x86)\Symantec Endpoint Protection\DoScan.exe. This link provides a static path to the physical file located at C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<Vesion>\bin.
The trailing \ must be omitted. You may use a \ in the path, but the final character must not be a \ to run a command properly. For example:
DoScan.exe /ScanDir D:
The /ScanDrive option is omitted. You can use /ScanDir as an alternative. For example, to scan the entire C drive:
DoScan.exe /ScanDir C:
DoScan.exe [<Scan file/folder name>] [/F[ileList] "<List file name>"] [/ScanFile "<file name>"] [/ScanDir "<folder name>"] [/ScanName "<Configured Scan Name>"]
[/L[ist]] [/C[mdLineScan] [/A[sync]|/Sync] [/Help]
The options available in SEP 14..x are provided below
Command Line Option | Option Function |
"<Scan file/folder name>" |
Specifies a single file/folder to scan. |
/ScanFile "<file name>" | Scans the specified file. Multiple files can be specified with multiple /ScanFile switches.
For example: /ScanFile "%WinDir%\notepad.exe" /ScanFile "C:\Test"
|
/ScanDir "<folder name>" |
Scans the specified folder. Multiple folders can be specified with multiple /ScanDir switches. For example: /ScanDir "%WinDir%\System32" /ScanDir "%Temp%" /ScanDir "C:\Test" |
/ScanName "<Configured Scan Name>" |
Runs the specified local or administrator scan.
|
/L[ist] | Lists all the local and administrator scans configured for this computer. |
/C[mdLineScan] | Performs a quick scan. |
/A[sync] | Start scan asynchronously. |
/Sync |
Start scan synchronously. (default) |
/H[elp] | Displays command line help |