Perform a full virus scan while in safe mode with command prompt
Last Updated May 23, 2018
How do I start a Windows XP or Windows Server 2003 machine into Safe Mode with Command Prompt so that I may perform a full virus scan? How do I start a Windows 7 or Windows Server 2008 computer into Safe Mode with Command Prompt so that I may perform a full virus scan?
Virus scans in Normal and regular "Safe" mode have not been able to remove a detected threat from a machine.
Some infectious threats tie themselves to critical system processes (E.G., Explorer.exe), thus becoming resident in a system's memory. Because of this, virus scans may be ineffective at removing the threat while a machine is started in either normal or regular "safe" mode.
Starting a computer into the mode Safe Mode with Command Prompt may also prove to be more successful when removing an infectious threat since the explorer.exe process does not run in this mode.
For Symantec Endpoint Protection (SEP):
Isolate (disconnect) all affected machines from the network
Restart these machines into Safe Mode with Command Prompt. Immediately press F8 prior to the operating system load screen. This will display a startup menu with an option for Safe Mode with Command Prompt. Select this option.
After the computer has loaded into this mode, close the Command Prompt window that appears
Press CTRL+ALT+DEL to bring up task manager
Click File > New Task (Run...)
Browse to the install directory for Symantec Endpoint Protection. By default, this is C:\program files\symantec\symantec endpoint protection\
Select SymCorpUI.EXE and click Open
In the Create New Task window, click OK to run the application. This will open Symantec Endpoint Protection
On the left-hand side, click Scan For Threats.
Click Run Full Scan. This will start the scanning process immediately.
Note: Upon running SymCorpUI.EXE, a window may appear with the following message: "It appears that the Symantec Management Client service is not running. You will not be able to manage network protection settings through the main user interface until it is running. Do you want to start the service now?" Click No to this message
If there are problems running Symantec Endpoint Protection in this startup mode, or if the suspected threat is not being found, please contact Technical Support for further assistance.
Symantec Endpoint Protection 11.x and earlier.
Imported Document ID: TECH106310
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe