Weird SEP Log Files on the C drive.
Hello-
We are running SEP 11.0.4202.75. About 30% of our clients have weird file names like:
t1b0
t1b0.1
t1b0.2
etc... etc...
The files contain information like this:
00000073 01ca1f3143fadac0 12070218 00000000 00000000 00000000 Symantec Management Client has been activated. Smc
d. Smc
000000000073 01ca1f3143fde920 12070218 00000000 00000000 00000000 Symantec Management Client has been activated. Smc
000000da 01ca1f314671f330 12070201 00000000 00000000 00000000 Network Threat Protection -- Engine version: 11.0.51
Windows Version info:
Operating System: Windows XP (5.1.2600 Service Pack 3)
Network info:
Smc
00000071 01ca1f314671f330 12070202 00000000 00000000 00000000 Symantec Management Client has been started. Smc
00000081 01ca1f31b04671a0 12070301 00000000 00000000 00000000 Connected to Symantec Endpoint Protection Manager (glfapp14) Smc
00000181 01ca1f31b60397e2 12070202 00000002 00000000 000000f0 Symantec Endpoint Protection services startup was successful. Symantec AntiVirus 2707110B3513,14,2,8,GLF160012,SYSTEM,,,,,,,16777216,"Symantec Endpoint Protection services startup was successful.
The problem is that thiese files tend to grow to over 5GB a piece and fill up the users C drive. They are not in any folder other than the root of C.
Any idea why these are being generated? It seems to be random and occur once or twice a month.
Thank You,
Eric
Comments
These look like SEP debug
These look like SEP debug logs.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
How would I stop them?
How would I stop them?
http://service1.symantec.com
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090611252048
Make sure debug on is turned off.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Edit Debug Logs
http://service1.symantec.com/SUPPORT/ent-security....
http://service1.symantec.com/SUPPORT/ent-security....
Thanks & Regards Sandip C Sali
Debug Logs
Hello-
I thought this was over but the debug log settings did nothing to stop this. The log files are showing up randomly on the root of C:\ not in their designated folders. Has anyone ever seen this before?
Thanks for the information!
-Eric
hi
can you check what is the value under curlocation string
on the right hand side of this key
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
it should be default..check if thats pointing to your c root.
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
It is set to default.
It is set to default.
is it happening on few
is it happening on few clients or all of them ?
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
With the amount of calls
With the amount of calls coming in I would say this is more wide spread than a few. Could there be a setting in the management server that is doing this?
Thanks,
Eric
Check this doc How to debug
Check this doc
How to debug the Symantec Endpoint Protection 11.x client
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
I've looked into this before
I've looked into this before and just double checked. I don't have any of those enabled. I am going to call support. I will post my findings when we have an answer.
Just so everyone is aware - I
Just so everyone is aware - I had opened a ticket with syamntec about this topic. It took around 14 weeks to go over this with them. It went away after upgrading to 11.0.5
Thanks for all of your help.
-Eric
Would you like to reply?
Login or Register to post your comment.