Unable to run doscan.exe with SEP 12.1 as part of a script using the SYSTEM account


Article ID: 157318


Updated On:


Endpoint Protection


A system administrator may prefer to run scheduled scans or manual scans on a SEP client using doscan.exe. It is not uncommon to use a script and use a DOS CALL in the script while referencing the doscan.exe binary in the following folder:

"C:\Program Files\Symantec\Symantec Endpoint Protection"

You have observed how calls to the binary in SEP 11 work fine when using the SYSTEM account, but stopped working after migration to SEP 12.1.


The doscan.exe binary in the "C:\Program Files\Symantec\Symantec Endpoint Protection" folder on a SEP 12.1 system is a mere proxy, and calling this proxy using a call with the SYSTEM account does not work. The proper doscan.exe is located in the .\<currentversion>\bin folder. For example:

"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\".


Symantec recommends calling the doscan.exe in the "C:\Program Files\Symantec\Symantec Endpoint Protection\<currentversion>\Bin" folder using scripts. Calling the proxy doscan.exe may lead to failure.