Home / server / Questions / 443568
Accepted
Eric
Asked: 2012-10-30 20:12:51 +0800 CST

Running SEP scans with the SYSTEM account

  • 772

I need to run Symantec Endpoint Protection scans on Windows 7 systems using the SYSTEM account. I know that I can run DoScan.exe to manually run a scan, and this works fine using a regular user account. Unfortunately, when I try to run DoScan as SYSTEM, the application exits immediately (exit code: 2) without running a scan.

Is there a way that I can get this to work, or another application besides DoScan.exe that I should be using?

Note: I'm using SEP 12.1 RU1

windows-7

3 Answers

  1. Best Answer

    If you set up a scheduled scan within the SEP user interface, it should run as SYSTEM by default. This may not work in your case, because it sounds like you are trying to launch scans on demand via some kind of an external trigger.

    DoScan.exe cannot be made to run as SYSTEM.

    Fortunately, there is no particular reason why you need to run it under that account. I would suggest setting up a service account (e.g. svc_sep) with local administrator privileges. If you're on a domain, you can make svc_sep a member of the local Administrators group on each computer automatically, by using a Restricted Groups policy.

    • 4

  2. I believe PSExec has the -s switch, which allows you run the remote process as System account.

    Example:

    psexec.exe \\computer -s c:\path\to\doscan.exe /cmdlinescan /scanalldrives

    • 1

  3. Does running a scan require network access? Try running DoScan as NETWORK SERVICE instead of SYSTEM.

    • 0