Video Screencast Help

SEP Policy update

Created: 07 Mar 2014 • Updated: 07 Mar 2014 | 5 comments
This issue has been solved. See solution.


at each heartbeat, SEP contacts the SEPM for a lot of things.. On e is the policy refresh if needed.

What file or regkey is check to compare the local policy applied and the one available for the client on its group ?

thanks in advance for your help,


Operating Systems:

Comments 5 CommentsJump to latest comment

Rafeeq's picture

You can check this at the sepm end ,rather than at the client, I do not see any reg key where policy details are stored

  1. t the Symantec Endpoint Protection Manager machine launch Windows Explorer and navigate to the directory who's name starts with the same four characters as the policy serial number. 
    Example: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\E0C43443C0A80964013FC4377115FBFB
  2. Open index2.xml in Internet Explorer, Notepad, or your favorite XML viewer.
  3. Near the top of the XML is a section that looks similar to the following:
    <Profile Checksum="28A37EBF3507C2F727064B9975122592" SerialNumber="E0C4-01/09/2008 14:39:16 311" LastModifiedTime="09/01/2008 14:39:38" />
  4. The SerialNumber attribute should match the serial number that you obtained from the console.
SMLatCST's picture

On the client end, it's in the below key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink]

You're looking for the entry called "SerialNumber", though I'd question why you're looking at this level.  If investigating why a client would fail to update its policy, I'd normally recommend taking a look at the below articles:

Xtof's picture


So it seems I have the 2 keys checked on each side, perfect !

Thanks a lot !

Xtof's picture

Humm.. seems the local regkey is not the one used when contacting the SEPM.... I cleaned it, did a heartbeat and nothing happened (no policy update, no regkey fill...). Ther must have another thing checked when comparing policy status...

SMLatCST's picture

What's your aim here?  Perhaps if we had a better idea of what you want to accomplish, we can offer alternatives?

For example, if you really wanted to get a client to re-download all the policies, you could just delete the serdef.dat file as described in the below article:

Which is located in the below path in 12.1:

C:\ProgramData\Symantec\Symantec Endpoint Protection\<VersionNumber>\Data\Config