Antivirus Scheduled Scans

All Windows PC owners need to run some kind of basic antivirus protection. For that, users have plenty of options but Malwarebytes Anti-Malware Free isn t one of.

antivirus scheduled scans

Do you regularly open your antivirus program and run scans. Microsoft Security Essentials and other antivirus programs think you need to, warning you that your.

Probably not everyone is familiar that there is a quite easy way to run quick or scheduled SEP client scans from command prompt, batch scripts or the windows task scheduled with the SEP tool – DoScan. DoScan is not a separate scanner – it does use the same scan engine build-in in SEP – for it to run Autoprotect on the SEP client needs to be enabled.

DoScan.exe is located directly in the SEP installation folder:

C: Program Files Symantec Symantec Endpoint Protection Doscan.exe – 32bit OS

C: Program Files x86 Symantec Symantec Endpoint Protection Doscan.exe – 64bit OS

Important note: Using a direct call to the doscan.exe binary with a SYSTEM account may not work in SEP 12.1. For script usage it is recommended to call the doscan.exe from the following location:

C: Program Files x86 Symantec Symantec Endpoint Protection SEPVersion Bin doscan.exe example: C: Program Files x86 Symantec Symantec Endpoint Protection 12.1.2015.2015.105 Bin doscan.exe – for additional information please check

Here some examples in a historical overview over the options offered in Doscan.exe:

SEP 11 RU5 or earlier:

SEP 11 RU6 MP1 to RU7 MP3:

SEP 12.1 RTM – 12.1 RU2:

For the purpose of the article we will focus the latest version of DoScan.exe as it provides most features.

DoScan.exe /F ileList /Cloudscan or /O /ScanFile /ScanDir /ScanName /L ist /C mdLineScan /ScanAllDrives /A sync /Sync /Help

Let s look at those in details:

/L ist - Lists all the local and administrator scans configured for this computer.

/ScanName - Runs the specified local or administrator scan.

No additional scan options can be set – these will be taken over from the scheduled scan settings as configured in the policy

The name of the scan needs to be specified

/C mdLineScan -- Performs a quick scan.

   /ScanAllDrives -- Scans all disk drives.

/ScanDrive - Scans the specified drives with default scan options.

            For example: /ScanDrive A-C,E,V-S,Z scans drives A, B, C, E, S, T, U, V, Z.

/ScanFile - Scans the specified file with default scan options. Multiple files can be specified with multiple /ScanFile switches.

            For example: / ScanFile WinDir notepad.exe /ScanFile C: Test

/ScanDir - Scans the specified folder with default scan options. Multiple folders can be specified

            with multiple /ScanDir switches.

            For example: /ScanDrive WinDir System32 /ScanDir Temp /ScanDir C: Test

-- Specifies a single file/folder to scan.

            /O or /Cloudscan - Specifies that the item should also be sent

            to the Cloud for scanning.

            The switch will only apply to a single file item.

/F ileList -- Specifies a text file that lists full paths

            of files/folders to scan.

            The switch will only apply if filelist contains a single file item.

/A sync -- Start scan asynchronously.

/Sync -- Start scan synchronously. default

/H elp -- Displays this help dialog.

Additional notes:

Old version on DoScan.exe from SEP 11 RU5 and below did have an addition switch for scan logs location specification:

/Logfile Log file path and filename

- The file needs to be quoted

- The default log path is C: Documents and Settings All Users Application Data Symantec Symantec Endpoint Protection Logs Doscan.log if not specific path and file name was specified

This switch has been removed from the 11 RU6 MP1 version onwards and now as well in SEP 12.1 the logs default to the standard scan log location - same as for the scans from GUI on example of SEP 12.1 :

C: ProgramData Symantec Symantec Endpoint Protection 12.1.2015.2015.105 Data Logs AV date_of_scan. log

C: Documents and Settings All Users Application Data Symantec Symantec Endpoint Protection 12.1.2015.2015.105 Data Logs AV date_of_scan. log

The progress of the scan executed from command prompt will run in background and won t be reflected in the SEP client GUI at all.

As doscan is not a separate scan engine- it cannot be started from a bootable disk alone and needs Autoprotect on the SEP client to be up and running.

While a system scan has been executed by doscan, starting another scan from client GUI won t be possible and will error out with following information:

DoScan is designed as command prompt execution of SEP scans and an alternative to the scans started from GUI. For scanning large amount of data or network drives a different dedicated for this purpose Symantec Product is recommended that comes with very strong and enhanced command-line support – Symantec Scan Engine.

  • Probably not everyone is familiar that there is a quite easy way to run quick or scheduled SEP client scans from command prompt, batch scripts or the windows task.
  • The Antivirus Software category contains programs developed to detect and remove computer viruses and other virus-related software from users computers.

Antivirus scans are notorious for ruining virtual environment performance. Here are some ways to avoid that problem without forgoing antivirus scans altogether.

DoScan.exe – SEP Antivirus scans from Command Prompt – Introduction

Ata eet Key Advantages Offloads malware scanning. Instant protection with low impact on memory and processing. Prevents antivirus storms. Options include on-access.

TruScan Proactive Threat scans - Supported on Windows computers that run Symantec Endpoint Protection version 11.x. SONAR is not supported on any computers that.