Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Created: 19 Feb 2013 • Updated: 21 May 2013 | 9 comments
Language Translations
Mithun Sanghavi's picture
+20 20 Votes
Login to vote

Hello,

In case if you are running the Legacy SEP Support Tool, please follow the Instructions provided in the Article:

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

SymHelp is a cross-product diagnostic utility designed for troubleshooting and identifying common issues that customers encounter.

SymHelp is designed to support the Symantec Endpoint Protection 12.1 RU2 and Windows 8 & Windows 2012 Operating Systems.

Supported Products

Currently SymHelp supports the following Symantec products:
  • Symantec Backup Exec 11d to 2012   
  • Symantec Backup Exec System Recovery 6.5 to 8.x
  • Symantec Data Loss Prevention 11.0 and later
  • Symantec Endpoint Protection 11.0 and later
  • Symantec Mail Security for Microsoft Exchange 6.5.2 and later 
  • Symantec System Recovery 2010 to 2012 

Check these Articles:

About Symantec Help (SymHelp) http://www.symantec.com/docs/TECH170735

Symantec Help (SymHelp) http://www.symantec.com/docs/TECH170752

Download Instructions
 
1.       Click Download Symantec Help from 
 
 
2.       On the File Download dialog, click Save
 
 
3.       Select the location to where you want the file saved, and click Save
 
4.       Go to the location of the downloaded file and double-click the SymHelp.exe icon.
 
Here are the Steps on how to collect the Suspicious Files and Submit the same to Symantec Security Response Team.
 
1) Once Symantec Help (SymHelp) application is Run, it would first verify with Symantec Server on the Version Status.

This Requires Internet Connection.

 
 
 
2) If there is a newer Release of SymHelp, it would download the same and update itself automatically.
 
New1_0.JPG
 
 
3) Click on "I accept the EULA" and you would see the "Symantec Help" getting launched.
 
 
 
4) You would see the Home Screen of "SymHelp". Please Select the Correct Products for which you have to submit the SymHelp Logs.
 
Check the box of "Symantec Load Point Analysis" and then click on "Click to Start Scan"
 
1_loadpoint.JPG
 
5) The Load Point Analysis window would appear.
 
 
 
6) Click on "Settings" Button to change the Load Point Scan Settings and Proxy Settings (if any) and Click OK.
 
 
 
 
7) Click on "Scan" Button as shown in Point 5 to Scan the machine with Symantec Load Point Analysis.
 
 
 
 
 
8) Once done with Scanning, the Symantec Load Point Analysis would show the Report as below:
 
 
 
 
The Report would show Suspicious files, processes which are being detected by Symantec.
 
By Clicking on the Button "Copy files to a Folder" would  let you could save the suspicious files to a particular directory of your choice.
 
 
Please zip the folder/s. Make sure that zip file does not include more than 9 files and /or 10MB of size.
 
You will want to submit these suspicious files, to the Symantec Security Response for analysis,
 
Click on this link to begin the process:
 

For Retail License Holders

https://submit.symantec.com/retail

For Essential License Holders

https://submit.symantec.com/essential

For BCS License Holders

https://submit.symantec.com/bcs

Fill out the form and upload the file(s).

Your Technical Contact ID:  (check with your Local Technical Support Representative)

You will receive a confirmation email with a tracking number, and within 24 to 48 hours you should receive an email telling you if the file is viral or not. If it is viral, you will be provided with a set of rapid release definitions. These can be installed to your system so that Symantec Endpoint Protection or Symantec AntiVirus can then detect the infected file and prevent a re-infection.
 
9) Submit the file to Threat Expert (owned by Symantec).
Automated analysis can be performed for some types of threats through http://www.threatexpert.com. This step can quickly identify the sites the threat is coded to contact so they can be blocked at the firewall. Symantec Support does not provide troubleshooting for http://www.threatexpert.com, and this step does not replace the need to submit files to Symantec Security Response.
 
10) To collect the SymHelp Load Point Analysis Logs for the Symantec Support, check this Article:
 
 
11) Once the Full Report is Saved, you may submit the Load Point Analysis and Full Data Collection Report to the Symantec Technical Support Team.
 

In case, you haven't created any support case, please follow the steps provided in the Articles below: 

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

How to update a support case and upload diagnostic files with MySupport

http://www.symantec.com/docs/TECH71023

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_t...

Hope that helps!!

 

Comments 9 CommentsJump to latest comment

yang_zhang's picture

A really useful tool!

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
+1
Login to vote
Milan_T's picture

Really useful tool and information.

We can use this easy tool for troubleshoot issue for SEP in future.

0
Login to vote
Mithun Sanghavi's picture

Hello,

The Latest version of SymHelp v2.1.12 has been released.

Primary additions include full localization support and the addition of the BE hardware troubleshooting report. With the language selection you can select your preferred language at any time. This enables gathering the information in one language and reviewing it in another language. 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

0
Login to vote
Mick2009's picture

This new article may be of interest to anyone needing to send files to Security Response for analysis:

Symantec Insider Tip: Successful Submissions!
https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions

Many thanks!

Mick

 

With thanks and best regards,

Mick

0
Login to vote