diff --git a/scripts/install-core.ps1 b/scripts/install-core.ps1
index e724d08..62db1ee 100644
--- a/scripts/install-core.ps1
+++ b/scripts/install-core.ps1
@@ -69,9 +69,14 @@ function Test-SecureDirectory {
         return $true  # Directory doesn't exist yet, will be created
     }
 
-    $dirInfo = Get-Item $Path -Force
+    # Primary check: use fsutil for reliable reparse point detection (matches batch script)
+    $fsutilResult = & fsutil reparsepoint query $Path 2>&1
+    if ($LASTEXITCODE -eq 0) {
+        Write-Err "Directory '$Path' is a reparse point (symlink or junction). Possible symlink attack detected."
+    }
 
-    # Check for symlinks/junctions
+    # Fallback: check .NET attributes
+    $dirInfo = Get-Item $Path -Force
     if ($dirInfo.Attributes -band [System.IO.FileAttributes]::ReparsePoint) {
         Write-Err "Directory '$Path' is a symbolic link or junction. Possible symlink attack detected."
     }
diff --git a/setup.bat b/setup.bat
index 0957006..9aed549 100644
--- a/setup.bat
+++ b/setup.bat
@@ -48,8 +48,10 @@ if !errorlevel! equ 0 (
     echo ERROR: LOCALAPPDATA contains invalid shell characters
     goto :error
 )
-echo !LOCALAPPDATA! | findstr /c:"%%" >nul
-if !errorlevel! equ 0 (
+REM Check for percent signs (both single and double)
+set "TEMP_CHECK=!LOCALAPPDATA!"
+set "TEMP_CHECK=!TEMP_CHECK:%%=!"
+if not "!TEMP_CHECK!"=="!LOCALAPPDATA!" (
     echo ERROR: LOCALAPPDATA contains percent signs
     goto :error
 )