Available command-line options for smc.exe

Article:TECH103048  |  Created: 2007-01-07  |  Updated: 2014-09-19  |  Article URL http://www.symantec.com/docs/TECH103048
Article Type
Technical Solution

Product(s)

Issue



You are looking for a list of the available command-line options for smc.exe.
 


Solution



With the exception of smc -start, the client process must be running to use the command-line parameters.

Note: The client does not support UNC paths.

SMC Parameters

Parameter Description Pwd Adm
smc -start Starts the client service.   x
smc -stop Stops the client service and unloads it from memory.  x
smc
-checkinstallation
Checks whether the smc client service is installed.    
smc -checkrunning Checks whether the smc client service is running.     
smc -disable -ntp Disables the Symantec Endpoint Protection firewall and Intrustion Prevention System     
smc -dismissgui Closes the client user interface.

The client still runs and protects the client computer. 
   
smc -enable -ntp Enables the Symantec Endpoint Protection firewall and Intrusion Prevention System.    
smc -exportconfig Exports the client's configuration file to an .xml file. The configuration file includes all the settings on the management server, such as policies, groups, log settings, security settings, and user interface settings.

You must specify the path name and file name. For example, you can type the following command:

smc -exportconfig C:\My Documents\MyCompanyprofile.xml
 x  x
smc -exportlog Exports the entire contents of a log to a .txt file.

To export a log, you use the following syntax:

smc -exportlog log_type 0 -1 output_file

where:

log_type is:

• 0 = System Log
• 1 = Security Log
• 2 = Traffic Log
• 3 = Packet Log
• 4 = Control Log

For example, you might type the following syntax:

smc -exportlog 2 0 -1 c:\temp\TrafficLog

Where:
0 is the beginning of the file
-1 is the end of the file

You can export only the Control log, Packet log, Security log, System log, and Traffic log.

output_file is the path name and file name that you assign to the exported file.
   
smc
-exportadvrule
Exports the client's firewall rules to a .sar file. The exported rules can only be imported into an unmanaged client or a managed client in client control mode or mixed mode. The managed client ignores these rules in server control mode.

You must specify the path name and file name. For example, you can type the following command:

smc -exportadvrule C:\myrules.sar

When you import configuration files and firewall rules, note that the following rule applies:

• You cannot import configuration files or firewall rule files directly from a mapped network drive.
 x  x
smc
-importadvrule
Adds the imported firewall rules to the client's list of existing firewall rules. These rules do not overwrite the existing rules. The client lists both existing rules and imported rules, even if each rule has the same name and parameters.

You can import only firewall rules into an unmanaged client or a managed client in client control mode or mixed mode. The managed client ignores these rules in server control mode.

To import firewall rules, you import a .sar file. For example, you can type the following command:

smc -importadvrule C:\myrules.sar

An entry is added to the System log after you import the rules.
 x
smc -importconfig Replaces the contents of the client's current configuration file with an imported configuration file and updates the client's policy. The client must run to import the configuration file's contents.

You must specify the path name and file name. For example, you can type the following command:

smc -importconfig C:\My Documents\MyCompanyprofile.xml
 x  x
smc -importsylink Imports the client communications file (sylink.exe).  x  
smc -runhi Runs a Host Integrity check.    
smc -showgui Displays the client user interface.    
smc -updateconfig Initiates a client-server communication to ensure that the client's configuration file is up-to-date.

If the client's configuration file is out-of-date, updateconfig downloads the most recent configuration file and replaces the existing configuration file, which is serdef.dat.
   

 

Pwd indicates commands that require a password if the client service is password-protected.

Adm indicates parameters that only members of the Administrators group can use if the following conditions are met:

  • The client runs Windows 2003/XP/Vista, or Windows Server 2008 and users are members of the Windows Administrators group. If the client runs Windows Vista and the User Account Control is enabled, the user automatically becomes a member of both the Administrators group and Users group.
  • The client runs Windows 2003/XP and users are members of the Power Users group.

 For more information and command error codes, see the appendices of Symantec Endpoint Protection Installation and Administration Guide.

 




Legacy ID



2007120710112848


Article URL http://www.symantec.com/docs/TECH103048


Terms of use for this information are found in Legal Notices