This article details commonly used command line parameters for Sophos Clean. The following sections are covered:
Applies to the following Sophos products and versions Sophos Clean
Sophos Clean is supported on the following 32-bit and 64-bit operating systems:
This table lists the commonly used Sophos Clean command line options, parameters, and meanings.
Immediately initiates a scan on the computer and the program will be visible to the user. The EULA is automatically accepted.
Example: SophosClean.exe /scan
Implies /scan but immediately initiates a silent scan on the computer. Sophos Clean system tray icon becomes visible and a notification balloon is displayed, notifying the user that the computer is being scanned. When threats are found, the program pops up for interaction with the user. The EULA is automatically accepted.
Example: SophosClean.exe /quiet
Immediately initiates a silent scan on the computer. Project Splash becomes visible in the system tray but does not show a notification balloon. The program will not be installed on the local computer (implies /noinstall). The EULA is automatically accepted.
Example: SophosClean.exe /scanonly
<file or folder>
Scans a single file or all files in a folder. However, it does not scan subfolders. The EULA is automatically accepted.
SophosClean.exe C:\Windows\Explorer.exe SophosClean.exe C:\Windows\System32\
The fastest scan that only examines load point locations and memory objects. It is typically performed to check whether a malware is active on the computer.
Example: SophosClean.exe /scanonly /quick
Applies a license to Sophos Clean and activate afterwards.
<logfile> or <logfile folder>
Silently scans a system and exports the results to an xml log file to the specified folder (typically a network location). No dialogs are displayed to the user.
SophosClean.exe /scanonly /log="Z:\%USERNAME%.xml" SophosClean.exe /scanonly /log="Z:\%COMPUTERNAME%.xml" SophosClean.exe /scanonly /log="\\Server\Share\Logs\"
In these examples Z: is a typical shared folder on a file server. Users (or a user group) must have the write permission on this folder and share.
When logging to a folder, the file name is constructed using the computer name and a date/time stamp.
Only uploads unknown but suspicious files to the scan cloud for virus scanning by our malware analysis systems. If uploading any files to the Scan Cloud is undesired, (because of privacy issues or government policies) this command line option can be specified.
Example: SophosClean.exe /scanonly /noupload /log="Z:\ThreatLogs\"
Note: The /noupload option will cripple the detection of unique, zero- day or early-life malware.
Disables automatic update of Sophos Clean
Example: SophosClean.exe /scanonly /noupdate /log="Z:\ThreatLogs\"
Disables copying of Sophos Clean and creation of shortcuts on the local computer.
Example: SophosClean.exe /scan /noinstall
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.