Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How can I run a SEP scan as SYSTEM?

Created: 01 Nov 2012 • Updated: 06 Dec 2012 | 9 comments
This issue has been solved. See solution.

I need to be able to run a SEP scan from a Windows Service, whether or not any users are logged on.  Unfortunately, any attempts to run DoScan.exe under the SYSTEM account fail (I have tried this with my service, PSExec, and Task Scheduler).  DoScan fails very quickly with exit code 2.

How can I accomplish this?  Is there another executable I can run to start a scan?  Is there a way to get DoScan to work under the SYSTEM account?

I'm using Windows 7 and SEP 12.1

Comments 9 CommentsJump to latest comment

Rafeeq's picture

Any scheduled scan will be run under System account

any user defined scan will be run under user account.

are these 32 or 64 bit boxes

http://www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=TECH104287

Eric2012's picture

I need to support both 32 and 64 bit - I've been testing on 64-bit though.  The problem is that I don't want to run scheduled scans - I need to have control of when scans are run.  I need to be able to run scans as SYSTEM outside of any predetermined schedule.

Rafeeq's picture

This is the service which runs scan.

http://www.symantec.com/business/support/index?page=content&id=TECH162901

in psexec if you do not specify any account , isn't it run under system account?

http://ss64.com/nt/psexec.html

Mithun Sanghavi's picture

Hello,

Check these Articles:

How to run a scan from a command line using Symantec Endpoint Protection using DoScan.exe

http://www.symantec.com/docs/TECH104287

How to scan in safe mode when Symantec Endpoint Protection 12.1 is installed.

http://www.symantec.com/docs/TECH176971

How to perform a full virus scan while in safe mode with command prompt

http://service1.symantec.com/SUPPORT/ent-security.nsf/b7186c7fefd6f0c3882573410063493e/d77f9ee39aac2ba7882574e80064e3fe?OpenDocument

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Eric2012's picture

Mithun, thanks for the response.  Unfortunately, that's not really my question - I already know how to run DoScan, and I'm not trying to run it in Safe Mode.  My problem is that when I run DoScan as SYSTEM, it exits immediately.  When I run DoScan as my own user account, it runs correctly.

Rafeeq, I do know how to use PSExec to run a command as SYSTEM (using the -s switch), and have used that to call DoScan.  However, when called in this way (or any time I call it in SYSTEM context) DoScan exits immediately.

Mithun Sanghavi's picture

Hello,

To Run a Scan as System, You can schedule a single scan with Doscan.exe using one of the following methods:

  • Using the Task Scheduler interface
  • Using the Scheduler Service and AT commands

Using Task Scheduler 

The following steps show how to schedule a scan by using Task Scheduler on a computer that runs Windows 2003/XP/2000 and Symantec Endpoint Protection client.

To schedule a scan

  1. In the Windows Control Panel, double-click Scheduled Tasks.
  2. In the Scheduled Tasks window, double-click Add Scheduled Task.
  3. In the Scheduled Task Wizard window, click Next.
  4. Click Browse.
  5. In the Select Program to Schedule window, find the folder where you saved the Doscan.exe file.
  6. In the Scheduled Task Wizard window, click Next.
  7. Type a name for the scheduled task, set the frequency, and then click Next.
  8. If you selected anything except "When I log on" or "When my computer starts", set the time for the scan to begin and click Next.
  9. Type the credentials for the user account under which the task should start and click Next.
  10. Check Open advanced properties for this task when I click Finish.
  11. Click Finish.
  12. On the Task tab, click the Run As field.
  13. Press the End key to move your cursor to the end of the line.
  14. Press the Space bar and then type the drive letter of the drive that you want to scan at the end of the line.
  15. Click Apply.
  16. Click OK to close the task window.

You must perform these steps for each scan that you want to run. For example, if you want to run a scan at 12:00, 1:00, and 2:00, you must create a task for each scan.

Using the Scheduler Service and AT commands

You can use the AT command to schedule scans each day. The AT command is dependent on the scheduler server; therefore the command is only available when the Task Scheduler service is started. Here is an example of the AT command that you might use: 

AT \\<Computer name> <time> /every:m,t,w,th,f,sa,su "C:\Program Files\Symantec\Symantec Endpoint Protection\doscan.exe <drive>" /s

Notes:

  • <Computer name> is the computer name.
  • <time> 
    is expressed as hours:minutes in 24-hour notation (00:00 [midnight] through 23:59).
  • <drive> is the drive to scan.
  • The path to Doscan.exe in this example is the default path for an installation of Symantec Endpoint Protection and may not match your environment. Use the correct path when you schedule scans with the AT command.

Also check this Article:

How to create extended scheduled scans.

http://www.symantec.com/docs/TECH146668

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Kedarnath Lal's picture

I agree, Using the Scheduler Service and AT commands would assist you run the Scan in System Mode.

SMLatCST's picture

Are these managed clients?  I'm a little unclear as to your requirements, as you can kick off an ad-hoc on-demand scan from the SEPM Console (which will run as the system account):

http://www.symantec.com/docs/HOWTO81057

Eric2012's picture

Mithun, That is exactly what I want to do, and the instructions you linked essentially outline what I have been doing (unsuccessfully).  Unfortunately, it doesn't work unless I configure my scheduled task to run as a normal user.  When I run it as SYSTEM (or LOCAL SERVICE or NETWORK SERVICE) it always exits with error code 2.

SMLatCST, Our requirements are more complex, and involve allowing the end user to set up a complex schedule, or run the scan manually through our interface.