Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Sylink Debugging

Created: 23 Apr 2014 | 4 comments
MarceloCtba's picture
0 Agree
0 Disagree
0 0 Votes
Login to vote

I got the instructions below to gather some logs for a problem I've troubleshooting and I'd like to ask Symantec to develop a tool that will collect the sylink.log.

Since we have Tamper Protection enabled in our environment, I need to create a new group, without Tamper Protection and move the impacted machine to it, so I can change the reg keys required.

Also, can this be incorporated into SymHelp(Former SST)?

Instructions received from Symantec below:

Thanks!!

 

The only way to enable Sylink Debugging is through the registry:

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry
http://www.symantec.com/docs/TECH104758

 

Enabling Sylink debug logging via the Windows Registry:

 

  1. Click Start > Run
  2. Type in: regedit and click OK
  3. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
  4. Double-click smc_debuglog_on
  5. Change the Value data to 1 and click OK
  6. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
  7. Click Edit > New > String Value
  8. Name the new value: DumpSylink
  9. Double-click DumpSylink
  10. In the Value data field, specify the file name (Sylink.log) and desired location for the log file. Example: C:\Sylink.log
  11. Click OK
  12. Close the Registry Editor window
  13. Click Start > Run
  14. Type in: smc -stop and click OK
  15. Wait until the SEP icon disappears from the system tray. (Approximately thirty seconds.)
  16. Click Start > Run
  17. Type in: smc -start. Click OK. Sylink debug logging is now enabled; the sylink.log file will appear in the location specified in step 10.

Comments 4 CommentsJump to latest comment

.Brian's picture

I believe symhelp will auto collect this info

About Symantec Help (SymHelp)

How to use the advanced debug logging options for the Symantec Endpoint Protection client in SymHelp

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
sealchan's picture

Note that it is necessary to run smc -stop and smc -start to aid SymHelp with the enabling and disabling of this log.  We are actually working now on adding a dialog to indicate this as part of the debug logging workflow in SymHelp.

 

0
Login to vote
MarceloCtba's picture

Awesome! Thanks sealchan!

0
Login to vote
sealchan's picture

Actually, we are now working on allowing SymHelp to automatically start and stop smc.  SymHelp is able to be recognized by SEP as a safe application to make system changes normally blocked by Tamper Protection.

This capability should be available in about a month from now.

0
Login to vote