Video Screencast Help

Sylink Debugging

Created: 23 Apr 2014 | 4 comments
MarceloCtba's picture
0 Agree
0 Disagree
0 0 Votes
Login to vote

I got the instructions below to gather some logs for a problem I've troubleshooting and I'd like to ask Symantec to develop a tool that will collect the sylink.log.

Since we have Tamper Protection enabled in our environment, I need to create a new group, without Tamper Protection and move the impacted machine to it, so I can change the reg keys required.

Also, can this be incorporated into SymHelp(Former SST)?

Instructions received from Symantec below:

Thanks!!

The only way to enable Sylink Debugging is through the registry:

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry
http://www.symantec.com/docs/TECH104758

Enabling Sylink debug logging via the Windows Registry:

  1. Click Start > Run
  2. Type in: regedit and click OK
  3. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
  4. Double-click smc_debuglog_on
  5. Change the Value data to 1 and click OK
  6. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
  7. Click Edit > New > String Value
  8. Name the new value: DumpSylink
  9. Double-click DumpSylink
  10. In the Value data field, specify the file name (Sylink.log) and desired location for the log file. Example: C:\Sylink.log
  11. Click OK
  12. Close the Registry Editor window
  13. Click Start > Run
  14. Type in: smc -stop and click OK
  15. Wait until the SEP icon disappears from the system tray. (Approximately thirty seconds.)
  16. Click Start > Run
  17. Type in: smc -start. Click OK. Sylink debug logging is now enabled; the sylink.log file will appear in the location specified in step 10.

Comments 4 CommentsJump to latest comment

sealchan's picture

Note that it is necessary to run smc -stop and smc -start to aid SymHelp with the enabling and disabling of this log.  We are actually working now on adding a dialog to indicate this as part of the debug logging workflow in SymHelp.

0
Login to vote
MarceloCtba's picture

Awesome! Thanks sealchan!

0
Login to vote
sealchan's picture

Actually, we are now working on allowing SymHelp to automatically start and stop smc.  SymHelp is able to be recognized by SEP as a safe application to make system changes normally blocked by Tamper Protection.

This capability should be available in about a month from now.

0
Login to vote