Video Screencast Help

Sylink file in 12.1

Created: 23 May 2011 • Updated: 10 Jul 2011 | 13 comments
Symantec World's picture
This issue has been solved. See solution.

Dear Team,

Just started working on 12.1 in my lab...

Installed unmanaged SEP -> given command in RUN to stop smc service and located installable directory (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin) and launched sylink drop utility to replace with new file, but I observer here is NO sylink.xml file found before replace and after replacing also didn't found where it can be saved sylink data.

Any ideas on this?



Comments 13 CommentsJump to latest comment

Symantec World's picture

After replaced the SMC service doesn't seem to be started.

I donno whether I gone through the proper way to replace communication file.

I only stop service through RUN by typing smc -stop and launch the sylinkdrop utility and update the sylink.

After a minute automatically Windows installer launched and SMC services seem to be stopped.

Tried many times to start manually but not work also restarted system but same as it is.

Any suggestions?

Regards, M.R

Rafeeq's picture

sylink file is also inside BIn folder

Symantec World's picture

Hi Rafeeq,

I checked but did not found any sylink.xml file in Bin folder.

Regards, M.R

Maciej Oszutowski's picture

Sylink is currently stored in "C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config\" (or "C:\Documents And Settings\All Users\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config\" on pre-Vista OS).

The preferred way of importing communication settings is to click Help button in Client UI -> Troubleshooting -> Hit "Import" button in Communication Settings section.

You can also use SyLinkDrop.exe which is located in Bin folder in your SEP install dir.

Symantec World's picture

Thanks Maciej,

But that means now in this release there is NO manual process to replace sylink.xml file right?

Before we follow below steps to manage clients:

Stop services of Symantec Management Client: Start -> RUN -> type smc -stop.

Delete below files listed from installation folder located: \Program Files\Symantec\Symantec Endpoint Protection


Start services of Symantec Management Client: Start -> RUN -> type smc -start.

And now (in 12.1) as per your comment, only two things we can do to manage:

1. By GUI

2. Using SylinkDrop.

Regards, M.R

Maciej Oszutowski's picture

You can try the same in Config folder, but before stopping SEP services (smc -stop) make sure you've disabled Tamper Protection. Otherwise you won't be able to copy .xml and/or delete any files from that folder. I'm not 100% sure but it may actually work.

Symantec World's picture

Hi Maciej,

Created group and exported new sylink.xml file.

Replaced sylink.xml of defferent group but unable to change the group,

The client still in the same group were previously reported.

Any suggestion?

Regards, M.R

Symantec World's picture

Yeah I follow the proper steps.

Deleted all three files,




Regards, M.R

Symantec World's picture

Unable to change the group with sylink replacer with manual prcedure.

Is there any other manual process to do instead of sylinkdrop or GUI?

Regards, M.R

Mick2009's picture

Hi Symantec World,,

Just FYI: you may find some additional assistance with SEP 12.1 here in its dedicated connect forum:

Thanks and best regards,


With thanks and best regards,


Symantec World's picture

Thanks Mic..

I have already subscibed with the same goup.

But having some chalages which I clearing here.

Regards, M.R

Paul Murgatroyd's picture

The SEPM knows which group your client is in - thats a feature from RU6 onwards and will always place it back into the same group, unless you disable the registry keys.

If you must do this manually, then you should be able to achieve it by deleting the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\CurrentGroup

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\CurrentMode

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\PreferredGroup

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\PreferredMode

Changing sylink or using sylinkdrop is not the best way to move a client between groups - you should do it from the SEPM.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: