The New features of the DoScan.exe on SEPM 11

As the Symantec Endpoint Protection 11.0.1000.1375 ,SEP RU6MP1  released, there are some new features of the DoScan.exe.

SEPM can scan the drive using the command line. But we don't have a choice for scanning a single file/folder in command line using SEP doscan.exe. So that we can create it in batch files for scanning specific files.

So we need an enhancement to doscan.exe so that it can scan a single file from command line.

The screenshot below shows the options on SEP RU5:

DoScan_RU5

And, the newest help and options of DoScan.exe on RU6MP1 shows as below:

DoScan_RU6MP1

Here are the mainly 5 options and their usage:

Go to C:\Program Files\Symantec\Symantec Endpoint Protection or wherever you have installed the SEP Client.

Double-click DoScan.exe for a list of Below available options.

1) DoScan.exe /Scan Name "Weekly Scheduled Scan"
   - Only one scan is allowed to pass in as of now. The name of a local scan or admin scan can be passed in as a parameter.
   - Scan options are the same as from the named scan in the command line.
2) DoScan.exe /List

   - Lists all the admin and local scans present in the system.
   - Attaches to the same console if launched from a console or creates a new console to display the output if launched from a Windows GUI.
Notes:
Before run the command 'DoScan.exe /Scan Name "Weekly Scheduled Scan', you need to run the 'DoScan.exe /List' to find out what scan name can be used. Below is the example of the 'DoScan.exe /List':

DoScan_RU6MP1_List

 

3) DoScan.exe /Scan Drive "A-C,E,V-S,Z"
   - You can leave spaces in between drive letters but the entire string should be within quotes. This example will scan drives A, B, C, E, S, T, U, V, Z.
   - Scan options will be taken from the default quick scan options.
4) DoScan.exe /ScanDir "%WinDir%\System32" /ScanDir "%Temp%" /ScanDir "C:\Test"

   - Multiple directories can be passed in with multiple /ScanDir switches.
   - Relative paths or Environment strings are permitted in the path. Internally these will be converted to fully qualified names.
   - Scan options will be taken from the default quick scan options.
5) DoScan.exe /ScanFile "C:\Test.log" /ScanFile "%WinDir%\Notepad.exe"

   - Same as the /ScanDir switch. Multiple filenames can be passed with multiple /ScanFile switches.
   - Relative paths or Environment strings are permitted in the path. Internally these will be converted to fully qualified names.
   - Scan options will be taken from the default quick scan options.

Log File…

While it appears that specifying a log file has been pulled from this version of DoScan...it should be noted that a "Log File" is created in the default location referenced by the RU5 DoScan

A single Log File is created for each "Day" DoScan is run. For example, I've run DoScan about 8 times today and there is a single Log File in the location referenced above. The file is named "03092010.log" and it contains the information for all the DoScan's I've run today.

Leave a Reply