Hello Everyone
Today we will see how to use Symantec Offline Image Scanner tool (SOIS).
Symantec Offline Image Scanner (SOIS) is a stand-alone tool that can be used to scan .vmdk files using Symantec AntiVirus (SAV) 10, Symantec Endpoint Protection (SEP) 11, or Symantec Endpoint Protection (SEP) 12 definitions.
- Compressed files options - By default it's set to 3
- File exclusion - By default no files are excluded from scanning.
- Heuristic scanning- By default this option is checked.
Option | Description |
--file [filename] | file to scan |
--dir [folder] | folder to scan |
--avedefs [folder] | use AV definitions from this location |
--tempPath [folder] | folder for temporary files |
--extExclude [extensions] | exclude specified filetypes from being scanned (example: ".mp3") |
--heurLevel [level] | Heuristic BloodHound(TM) level: 0, 1, 2, or 3 |
--scanDepth [depth] | number of levels to expand in compressed files |
--log [filename] | output scan results to the specified log file |
--debugLog [filename] | output debugging info to the specified log file |
--stopOnError | Stop scanning if errors occur |
--silent | silent execution with no output to the console |
--skipCompressedFiles | skip extraction of compressed or container files |
--disableTelemetry | do not submit usage statistics |
--enableDiagnostics | submit diagnostics information |
--noGUI | run in command-line mode |
--acceptEULA | accept EULA before proceeding to scan |
- Can be run on Windows to scan FAT32 and NTFS file-systems in the guest OS
- Scans offline VMware images (.vmdk files only)
- No dependency on any other Symantec solutions beyond AV defs
- Command-line options for silent and automated operation
- Detailed logging/reporting capabilities
- Runs as a portable application and doesn’t require a traditional install
- SOIS does not support scanning snapshots, suspended images or memory dumps (.vmem files)
- SOIS does not support nested VMDKs
- SOIS only supports FAT32 and NTFS file systems
- Tool is English only but it can scan VMs having a OS in any language
- SOIS runs with the privileges of the currently logged-in user. It is unable to scan folders such as “System Volume Information” and “Recycle Bin” which have permissions only for the SYSTEM user.
- SOIS is compatible with AV defs of SEP 11, 12 and SAV 10 only