How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

Article:TECH104758  |  Created: 2008-01-18  |  Updated: 2013-02-26  |  Article URL
Article Type
Technical Solution



Sylink debugging is used for troubleshooting communication issues between Symantec Endpoint Protection (SEP) 11.x and 12.1 clients and their Symantec Endpoint Protection Manager (SEPM).

This document explains the steps for enabling Sylink debug logging using the Windows Registry.


The following is an alternative to running Sylink Watcher or Sylink Monitor.

Caution: Before continuing, please make a backup of the Windows Registry.

Note: On a SEP 12.1 client, the Tamper Protection feature needs to be disabled before following these steps. (Tamper Protection does not need to be disabled on a SEP 11 client.) If Tamper Protection is not disabled, it will block the following Registry key modifications. To disable Tamper Protection, open the SEP 12.1 client, click Change settings, click Configure Settings (next to Client Management), click Tamper Protection, remove the checkmark from "Protect Symantec security software from being tampered with or shut down", and click OK.

Enabling Sylink debug logging via the Windows Registry:

  1. Click Start > Run
  2. Type in: regedit and click OK
  3. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
  4. Double-click smc_debuglog_on
  5. Change the Value data to and click OK
  6. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
  7. Click Edit > New > String Value
  8. Name the new value: DumpSylink
  9. Double-click DumpSylink
  10. In the Value data field, specify the file name (Sylink.log) and desired location for the log file. Example: C:\Sylink.log
  11. Click OK
  12. Close the Registry Editor window
  13. Click Start Run
  14. Type in: smc -stop and click OK
  15. Wait until the SEP icon disappears from the system tray. (Approximately thirty seconds.)
  16. Click Start > Run
  17. Type in: smc -start. Click OK. Sylink debug logging is now enabled; the sylink.log file will appear in the location specified in step 10.

After the necessary data has been collected, Sylink debug logging may be disabled by deleting the DumpSylink value from the Registry and by changing the value data of smc_debuglog_on back to 0. If Tamper Protection was disabled, it should be enabled again.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices