How to use DoScan.exe to start a Symantec Endpoint Protection (SEP) client scan from a command-line.
DoScan.exe provides a command-line interface to start a Symantec Endpoint Protection (SEP) client scan. It can be started manually, through the Windows Task Scheduler, or by a script. By default, scans started by DoScan.exe use Quick Scan settings, which do not scan inside compressed files or Scan Memory, Common infection locations and Well-known virus and security-risk locaitons, also known as Scan Enhancements. In order to scan these you would need to have DoScan.exe call a configured scan with these options configured.
Note: DoScan.exe must be run from within Windows, and relies on the SEP client for its scan functionality.
Run DoScan.exe using the hard link located at C:\Program Files (x86)\Symantec Endpoint Protection\DoScan.exe. This link provides a static path to the physical file located at C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<Vesion>\bin.
The trailing \ must be omitted. You may use a \ in the path, but the final character must not be a \ to run a command properly. For example:
DoScan.exe /ScanDir D:
The /ScanDrive option is omitted. You can use /ScanDir as an alternative. For example, to scan the entire C drive:
DoScan.exe /ScanDir C:
DoScan.exe [<Scan file/folder name>] [/F[ileList] "<List file name>"] [/ScanFile "<file name>"] [/ScanDir "<folder name>"] [/ScanName "<Configured Scan Name>"]
[/L[ist]] [/C[mdLineScan] [/A[sync]|/Sync] [/Help]
The options available in SEP 14..x are provided below
|Command Line Option||Option Function|
|"<Scan file/folder name>"||
Specifies a single file/folder to scan.
|/ScanFile "<file name>"||Scans the specified file. Multiple files can be specified with multiple /ScanFile switches.
For example: /ScanFile "%WinDir%\notepad.exe" /ScanFile "C:\Test"
|/ScanDir "<folder name>"||
Scans the specified folder. Multiple folders can be specified with multiple /ScanDir switches.
For example: /ScanDir "%WinDir%\System32" /ScanDir "%Temp%" /ScanDir "C:\Test"
|/ScanName "<Configured Scan Name>"||
Runs the specified local or administrator scan.
|/L[ist]||Lists all the local and administrator scans configured for this computer.|
|/C[mdLineScan]||Performs a quick scan.|
|/A[sync]||Start scan asynchronously.|
Start scan synchronously. (default)
|/H[elp]||Displays command line help|