Using Symantec Endpoint Recovery Tool and want to bypass the PIN requirement ?


Note: This post is nothing to do with ConfigMgr and I’m only posting it for those of you who happen to want to automate getting NBRT to run without having to do manual things.

If you are doing offline antivirus scanning using Symantec’s Endpoint Recovery Tool (NBRT) you’ll probably be very familiar with the annoying need to enter a 13 character PIN.


Symantec themselves document that requirement here and that’s been pretty much debunked by Chris here.


Having to enter a 13 character PIN every time you run the tool seems counterintuitive, having a switch to bypass it would be great, except there’s no documented switches for NBRT anywhere and NBRT.EXE /? does not reveal any switches.


My colleague Magnus suggested we open the EXE in notepad and see if it revealed anything. So that’s exactly what we did. By renaming NBRT.EXE to NBRT.TXT and searching through the text file in notepad the following was revealed.

switches hiddenAnd those hidden switches are revealed below

/undo   /key:{value}   /lang:{value}   /skipglp   /ignorenorton   /fixlowrisk   /apply   /OnReboot   /uninstall   /install   /usedefs:{value}   /help   /?   /dontautoremediate   /dontremediate   /skipdefupdates   /skipallupdates   /reportfile:{value}   /silent   /scan-file:{value}   /scan-none   /scan-quick   /scan-full

so there you have it, launching nbrt with the following switch (where XXXXXXXXXXXXX is your PIN supplied by Symantec) will bypass the need to enter the pin.

nbrt.exe /key:XXXXXXXXXXXXX

you can also bypass the language selection screen with /lang:1033

until next time, adios !

This entry was posted in Uncategorized. Bookmark the permalink.