TSE debugging

To enable Extended TSE Debugging for Network Threat Protection, stop the SMC process (smc -stop) and import this registry setting.

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\TSE]
"ExtendedDebug"=dword:00000001

Start the SMC service (smc –start)

     Example from debug.log: 

01/25 16:46:17 [304:960] TSE extended debugging is turned on. Flag = 

01/25 16:48:43 [304:592] TSE2415: *********DROP PACKET*********

01/25 16:48:43 [304:592] TSE: SecurityRule = Block Local File Sharin

01/25 16:48:43 [304:592] TSE: ApplicationName = C:\WINNT\system32\ntoskrnl.ex

01/25 16:48:43 [304:592] TSE2417: *** DROP PACKET **

01/25 16:48:43 [304:592] ======== TsPacket ====== BA: 1 == protocol: 2 === === EtherII Packet=== len:92==== nic:0===== 00-0c-29-4e-d7-c7 ---> ff-ff-ff-ff-ff-ff , protocol = 0x800 ===== IP Packet==== len:78==== 192.168.20.12 --> 192.168.20.255, type: 0x11, Id: 2629, Frg: 0x0 ========= UDP datagram, len: 78==== 192.168.20.12:137 -> 192.168.20.255:137 , DataLen: 5

01/25 16:48:43 [304:592] TSE2415: *********DROP PACKET********** 

01/25 16:48:43 [304:592] TSE: SecurityRule = Block and Log Unchecked IP Packets 

01/25 16:48:43 [304:592] TSE2417: *** DROP PACKET *** 

01/25 16:48:43 [304:592] ======== TsPacket ====== BA: 1 == protocol: 2 === === EtherII Packet=== len:74==== nic:0===== 00-50-56-c0-00-02 ---> 00-0c-29-4e-d7-c7 , protocol = 0x800 ===== IP Packet==== len:60==== 192.168.20.1 --> 192.168.20.12, type: 0x1, Id: 28535, Frg: 0x0 ===== ICMP Packet==== len:40==== , type: 0x8, Code: 0, Checksum: 0x5a3a

Check this video yo will get a good view.

Symantec Endpoint Network Activity Tool

https://www-secure.symantec.com/connect/videos/symantec-endpoint-network-activity-tool