How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

Article:TECH104758  |  Created: 2008-01-18  |  Updated: 2014-09-29  |  Article URL
Article Type
Technical Solution


Sylink debugging is used for troubleshooting communication issues between Symantec Endpoint Protection (SEP) 11.x and 12.1 clients and their Symantec Endpoint Protection Manager (SEPM).

This document explains the steps for enabling Sylink debug logging using the Windows Registry.


The following is an alternative to running Sylink Watcher or Sylink Monitor.

Caution: Before continuing, please make a backup of the Windows Registry.

Note: On a SEP 12.1 client, the Tamper Protection feature needs to be disabled before following these steps. (Tamper Protection does not need to be disabled on a SEP 11 client.) If Tamper Protection is not disabled, it will block the following Registry key modifications. To disable Tamper Protection, see the following article: How to disable Tamper Protection in Symantec Endpoint Protection 12.1

Enabling Sylink debug logging via the Windows Registry:

  1. Click Start > Run
  2. Type in: regedit and click OK
  3. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC
    1. Note: If you are running a version of SEP 12.1 which is version 12.1 RU4 MP1 or older or if you are running SEP 11, navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
  4. Double-click smc_debuglog_on
  5. Change the Value data to and click OK
  6. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
    1. Note: If you are running a version of SEP 12.1 which is version 12.1 RU4 MP1 or older or if you are running SEP 11, navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
  7. Click Edit > New > String Value
  8. Name the new value: DumpSylink
  9. Double-click DumpSylink
  10. In the Value data field, specify the name and location for the log file. Example: C:\Sylink.log
  11. Click OK
  12. Close the Registry Editor window
  13. Click Start Run
  14. Type in: smc -stop and click OK
  15. Wait until the SEP icon disappears from the system tray. (Approximately thirty seconds.)
  16. Click Start > Run
  17. Type in: smc -start. Click OK. Sylink debug logging is now enabled; the sylink.log file will appear in the location specified in step 10.

After the necessary data has been collected, Sylink debug logging may be disabled by deleting the DumpSylink value from the Registry and by changing the value data of smc_debuglog_on back to 0. If Tamper Protection was disabled, it should be enabled again.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices