Endpoint Protection

Is there anyway to view the SEP support tool logs .SDBZ files before they are sent to Symantec?

Is there a reader we can download?

it is NOT available for customers.

Any information anywhere as to what information this collects from the machine?

http://www.symantec.com/business/support/index?page=content&id=TECH91280

Who is the utility designed for?
The utility is designed to assist customers and support personnel with data gathering and troubleshooting.

What does the utility do to my computer?
The support utility does not permanently alter any files on the computer. The utility is a collection of modules or scripts, each of which performs checks by gathering information regarding conditions on the local computer. These script files are copied to the temporary directory and are deleted when you exit the utility.

Because of this design, the utility does not permanently install anything on your computer when it runs.

Does this utility support remote connections?
Yes. You can run the utility over an RDP connection or by using other commercial remote administration utilities.

The link gives a good overview of the support tool itself but no information as to what data it collects from the device.

e.g. ip addresses, security logs, login/logoff reports etc

it collects the events from the machine, information of SEPM/SEP client, virus def folder. registry entry related to SEP, Auto run information, policy information etc.

The fixes in the above link should give some more pointers

also check this link

About the Load Point Analysis feature in the Symantec Endpoint Protection Support Tool

http://www.symantec.com/business/support/index?page=content&id=TECH96291

Hi GeoGeo,

Support tool viewer is required to read the SST logs.

hmmm we can always preview some data before saving it

as stated by many above support tool viewer is required... and only available for Symantec Tech

(unless your Google skill is l33t enough)

Here's what you could do :

Open the link for the SEP Support Tool

Then Click on I accept the EULA

And then Click on the highlighted option of OPEN A REPORT.

You should now be able to check you own SST logs

Currently, there's no publically available list of items that are gathered by the Support Tool (SST).  Generally speaking, it's registry information, event viewer information, logs and .dat files that are specifically related to areas our software "touches".  As an example, we may gather the information from HKEY_LOCAL_MACHINE\SOFTWARE, but we don't gather sub-keys unless we're going to be in them...so HKLM\SOFTWARE\Yahoo may show up in an SST, but nothing in that key (or sub-keys) unless there's a specific part of our software that plugs into it...which, there isn't.

If you have specific concerns about sensative information, speak with your support representative or your sales rep about it.

One thing to note, however...do *not* try to sanitize data inside an .sdbz file.  Customers have accessed the contents of these files in the past and stripped out data they felt was sensative, and because of this, the file isn't able to be opened, and isn't useful to support.

PM me and I can help you out on this.