A system administrator may prefer to run scheduled scans or manual scans on a SEP client using doscan.exe. It is not uncommon to use a script and use a DOS CALL in the script while referencing the doscan.exe binary in the following folder:
You have observed how calls to the binary in SEP 11 work fine when using the SYSTEM account, but stopped working after migration to SEP 12.1.
The doscan.exe binary in the "C:\Program Files\Symantec\Symantec Endpoint Protection" folder on a SEP 12.1 system is a mere proxy, and calling this proxy using a call with the SYSTEM account does not work. The proper doscan.exe is located in the .\<currentversion>\bin folder. For example: