How do I start a Windows XP or Windows Server 2003 machine into Safe Mode with Command Prompt so that I may perform a full virus scan?
How do I start a Windows 7 or Windows Server 2008 computer into Safe Mode with Command Prompt so that I may perform a full virus scan?
 

Symptoms
Virus scans in Normal and regular "Safe" mode have not been able to remove a detected threat from a machine.

Some infectious threats tie themselves to critical system processes (E.G., Explorer.exe), thus becoming resident in a system's memory. Because of this, virus scans may be ineffective at removing the threat while a machine is started in either normal or regular "safe" mode.

In most instances, a full system scan in safe mode will be sufficient to remove threats.  In case it is not, using the Power Eraser functionality of SymHelp is one preferred option. 

Starting a computer into the mode Safe Mode with Command Prompt may also prove to be more successful when removing an infectious threat since the explorer.exe process does not run in this mode.

For Symantec Endpoint Protection (SEP):
 

1. Isolate (disconnect) all affected machines from the network
2. Restart these machines into Safe Mode with Command Prompt. Immediately press F8 prior to the operating system load screen. This will display a startup menu with an option for Safe Mode with Command Prompt. Select this option.
3. After the computer has loaded into this mode, close the Command Prompt window that appears
4. Press CTRL+ALT+DEL to bring up task manager
5. Click File > New Task (Run...)
6. Browse to the install directory for Symantec Endpoint Protection. By default, this is C:\program files\symantec\symantec endpoint protection\
7. Select SymCorpUI.EXE and click Open
8. In the Create New Task window, click OK to run the application. This will open Symantec Endpoint Protection
9. On the left-hand side, click Scan For Threats.
10. Click Run Full Scan. This will start the scanning process immediately.

• • Note: Upon running SymCorpUI.EXE, a window may appear with the following message: "It appears that the Symantec Management Client service is not running. You will not be able to manage network protection settings through the main user interface until it is running. Do you want to start the service now?" Click No to this message

If there are problems running Symantec Endpoint Protection in this startup mode, or if the suspected threat is not being found, please contact Technical Support for further assistance.

Applies To

Symantec Endpoint Protection 11.x and earlier.