Scan Endpoint Protection clients from a command-line with DoScan.exe
Last Updated May 24, 2019
How to use DoScan.exe to start a Symantec Endpoint Protection (SEP) client scan from a command-line.
DoScan.exe provides a command-line interface to start a Symantec Endpoint Protection (SEP) client scan. It can be started manually, through the Windows Task Scheduler, or by a script. By default, scans started by DoScan.exe use Quick Scan settings, which do not scan inside compressed files or Scan Memory, Common infection locations and Well-known virus and security-risk locaitons, also known as Scan Enhancements. In order to scan these you would need to have DoScan.exe call a configured scan with these options configured.
Note: DoScan.exe must be run from within Windows, and relies on the SEP client for its scan functionality.
Run DoScan.exe using the hard link located at C:\Program Files (x86)\Symantec Endpoint Protection\DoScan.exe. This link provides a static path to the physical file located at C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<Vesion>\bin.
The trailing \ must be omitted. You may use a \ in the path, but the final character must not be a \ to run a command properly. For example:
DoScan.exe /ScanDir D:
The /ScanDrive option is omitted. You can use /ScanDir as an alternative. For example, to scan the entire C drive: