You would like more information about and best practices for using the Symantec Offline Image Scanner tool.
Symantec Offline Image Scanner (SOIS) is a stand-alone tool that can be used to scan .vmdk files using Symantec Endpoint Protection (SEP) 12, Symantec Endpoint Protection (SEP) 11, or Symantec AntiVirus (SAV) 10 virus definitions.
The functionality of the current version of the tool:
Can be run on Windows to scan FAT32 and NTFS file-systems in the guest operating system
Can scans offline VMware images (.vmdk files only)
Has no dependency on any other Symantec solutions beyond virus definitions
Has command-line options for silent and automated operation
Provides detailed logging/reporting capabilities
Runs as a portable application and doesn't require a traditional installation
The caveats for the current version of the SOIS tool:
Does not support scanning snapshots, suspended images or memory dumps (.vmem files)
Does not support nested .vmdk files
Only supports scanning FAT32 and NTFS file systems
Is an English-only tool, but it can scan VMs with an operating system in any language
Runs with the privileges of the currently logged-in user, and can only scan images located in folders that the logged in user has access to; for example, SOIS is unable to scan folders such as "System Volume Information" and "Recycle Bin," which have permissions only for the SYSTEM user
Is compatible with virus definitions from SEP 12, 11 and SAV 10 only
SOIS is not a substitute for a regularly updated Symantec Endpoint Protection client; install and configure a Symantec Endpoint Protection client on all virtual machines.
Due to limitations of SOIS, the VMWare image must be offline when the scan is run.
Ensure SOIS is run with the latest available virus definitions.
The scan is read-only and is not capable of remediating any threats detected on the VMWare image.
The tool can be run from a command-line or GUI as part of normal virtual machine maintenance, or in case of an outbreak.
Include SOIS as a part of regularly scheduled maintenance scripts/routines on offline virtual machines.
Isolate any infected offline virtual machines to a protected network segment (or disable networking altogether) before starting the image and performing a full scan with the installed Symantec Endpoint Protection client.
VMDK from the following VMware platforms are supported:
ESX/ESXi - 3.5 or later
VMware workstation - 4.0 or later
Imported Document ID: TECH146500
Subscribing will provide email updates when this Article is updated. Login is required.