Video Screencast Help

SEP 12.1 policy file download name and stored location

Created: 18 Sep 2012 • Updated: 18 Sep 2012 | 9 comments
This issue has been solved. See solution.

When I update a policy in SEPM 12.1, what is the name of the file and location where it will be stored on a SEP 12.1 client when the client gets a policy update?

I'm trying to troubleshoot some policy issues.

Thanks.

Comments 9 CommentsJump to latest comment

Ashish-Sharma's picture

Hi,

policy file (serdef.dat)

These files are located in

It is stored in serdef.dat file. The default path is for SEP 11.x:

\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection

for SEP 12.1x:

\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.xxx.yyy.zzz\Data\Config

 

What settings are stored in each of the .DAT files in the Symantec Endpoint Protection 11.x folder?

http://www.symantec.com/docs/TECH102410

Thanks In Advance

Ashish Sharma

 

 

Dr. Unk's picture

But is this also for changes made to policies such as the AV, IPS, or Exceptions policy?

From the article, serdef.dat stores communication settings by location. Doesn't really say if it applies to policies as well.

Ashish-Sharma's picture

 

Server.dat Temporary holding place for policies downloaded from SEPM Policies are stored here before being applied to serdef.dat

 

Thanks In Advance

Ashish Sharma

 

 

_Brian's picture

The file that would be downloaded by the client is called Server.dat, not serdef.dat

Ashish-Sharma's picture

As per Artical Says

SerDef.dat
An encrypted file that stores communication settings by location. Each time the user changes locations, the SerDef.dat file is read and the appropriate communication settings for the new location are applied to the client

Where Communication Settings are stored on the Client Computer

http://www.symantec.com/business/support/index?page=content&id=TECH98049&locale=en_US

Check this thread.

http://www.symantec.com/connect/forums/sep-policy-location-local-client

Thanks In Advance

Ashish Sharma

 

 

Dr. Unk's picture

Yea sorry should've clarified. I'm doing packet captures so I'm watching the policy updates. So I need the file that would be downloaded.

_Brian's picture

Than you should look for server.dat. Serdef.dat comes in after the fact.

SOLUTION
Ashish-Sharma's picture

If you want to packet Captures (Just Sharing good artical)

Check this artical

Capturing network communication packets with Wireshark Utility

http://www.symantec.com/connect/articles/capturing-network-communication-packets-wireshark-utility

Thanks In Advance

Ashish Sharma

 

 

_Brian's picture

Assuming you're using Wireshark, you can build a display filter to look for .dat files. Here's one I use:

(frame matches "\.(?i)(dat)") && (tcp.flags.push == 1) && (ip.src==10.x.x.x) && (tcp.port==8014)

Edit as you see fit but this should help you in troubleshooting.