How to verify the status of Application Learning for Groups and Locations

Article:TECH161484  |  Created: 2011-06-02  |  Updated: 2011-06-02  |  Article URL
Article Type
Technical Solution


How can I determine which combinations of client Groups and Locations have Application Learning enabled in my Symantec Endpoint Protection (SEP) environment? Can this be accomplished without having to manually review all policies for Group/Location combinations in the SEPM interface?


Application Learning settings are configured on the Symantec Endpoint Protection Manager (SEPM) in the Communication Settings policy. Communications Settings can be configured per client Group as well as per Location. Administrators have the option of overriding Group Communications settings for specific locations on a group-by-group basis. Group and Location policy settings are written to the SEPM's file system in an XML format. SEP client policy files are stored on the SEPM in the \Symantec Endpoint Protection Manager\data\outbox\agent\{group GUID} folders (the {group GUID corresponds to the Group ID value for a specific client Group). Group Communications Settings are recorded in the sylink.xml policy file, and Location Communications Settings are recorded in the LSProfile.xml

To verify all Group/Location combinations that are currently configured to enable Application Learning:

  1. Using a file search utility capable of searching folders for strings inside of text files (such as WinGREP, TextPad, Notepad++ etc):
    • Search all files named "Sylink.xml" and LSProfile.xml" inside the \Symantec Endpoint Protection Manager\data\outbox\agent\
    • Search for the string 'UploadLearnedApp="1"' (without single quotes)
  2. Note the GUID folders containing any of the files returned by the search
  3. For each GUID folder:
    1. Open the LSProfile.xml file for the Group
    2. The Path value in the <GroupInfo> tag is the full Group name the policy is applied to.


Article URL

Terms of use for this information are found in Legal Notices