You would like more information about and best practices for using the Symantec Offline Image Scanner tool.
Symantec Offline Image Scanner (SOIS) is a stand-alone tool that can be used to scan .vmdk files using Symantec Endpoint Protection (SEP) 12, Symantec Endpoint Protection (SEP) 11, or Symantec AntiVirus (SAV) 10 virus definitions.
- Can be run on Windows to scan FAT32 and NTFS file-systems in the guest operating system
- Can scans offline VMware images (.vmdk files only)
- Has no dependency on any other Symantec solutions beyond virus definitions
- Has command-line options for silent and automated operation
- Provides detailed logging/reporting capabilities
- Runs as a portable application and doesn't require a traditional installation
- Does not support scanning snapshots, suspended images or memory dumps (.vmem files)
- Does not support nested .vmdk files
- Only supports scanning FAT32 and NTFS file systems
- Is an English-only tool, but it can scan VMs with an operating system in any language
- Runs with the privileges of the currently logged-in user, and can only scan images located in folders that the logged in user has access to; for example, SOIS is unable to scan folders such as "System Volume Information" and "Recycle Bin," which have permissions only for the SYSTEM user
- Is compatible with virus definitions from SEP 12, 11 and SAV 10 only
- SOIS is not a substitute for a regularly updated Symantec Endpoint Protection client; install and configure a Symantec Endpoint Protection client on all virtual machines.
- Due to limitations of SOIS, the VMWare image must be offline when the scan is run.
- Ensure SOIS is run with the latest available virus definitions.
- The scan is read-only and is not capable of remediating any threats detected on the VMWare image.
- The tool can be run from a command-line or GUI as part of normal virtual machine maintenance, or in case of an outbreak.
- Include SOIS as a part of regularly scheduled maintenance scripts/routines on offline virtual machines.
- Isolate any infected offline virtual machines to a protected network segment (or disable networking altogether) before starting the image and performing a full scan with the installed Symantec Endpoint Protection client.
VMDK from the following VMware platforms are supported:
- ESX/ESXi - 3.5 or later
- VMware workstation - 4.0 or later