The following is an alternative to running Sylink Watcher or Sylink Monitor.

Caution: Before continuing, please make a backup of the Windows Registry.

Note: On a SEP 12.1 client, the Tamper Protection feature needs to be disabled before following these steps. (Tamper Protection does not need to be disabled on a SEP 11 client.) If Tamper Protection is not disabled, it will block the following Registry key modifications. To disable Tamper Protection, open the SEP 12.1 client, click Change settings, click Configure Settings (next to Client Management), click Tamper Protection, remove the checkmark from "Protect Symantec security software from being tampered with or shut down", and click OK.

Enabling Sylink debug logging via the Windows Registry:

1. Click Start > Run
2. Type in: regedit and click OK
3. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
4. Double-click smc_debuglog_on
5. Change the Value data to 1 and click OK
6. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
7. Click Edit > New > String Value
8. Name the new value: DumpSylink
9. Double-click DumpSylink
10. In the Value data field, specify the file name (Sylink.log) and desired location for the log file. Example: C:\Sylink.log
11. Click OK
12. Close the Registry Editor window
13. Click Start > Run
14. Type in: smc -stop and click OK
15. Wait until the SEP icon disappears from the system tray. (Approximately thirty seconds.)
16. Click Start > Run
17. Type in: smc -start. Click OK. Sylink debug logging is now enabled; the sylink.log file will appear in the location specified in step 10.

After the necessary data has been collected, Sylink debug logging may be disabled by deleting the DumpSylink value from the Registry and by changing the value data of smc_debuglog_on back to 0. If Tamper Protection was disabled, it should be enabled again.