Command-line parameters for SymDiag
search cancel

Command-line parameters for SymDiag

book

Article ID: 155113

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange Endpoint Protection

Issue/Introduction

The Symantec Diagnostic Tool (SymDiag) needs to run without user visibility and/or with specific data collection and reporting goals in mind

Resolution

This document explains various command-line options available for use with the Symantec Diagnostic Tool (SymDiag). These include:

  • Command-line parameters featured on the help manual page (SymDiag.exe -h)
  • Command-line parameters for extracting files
  • Command-line parameters for extracting the event logs
  • Command-line parameters that control the UI and silent mode workflow

Command-line parameters featured on the help manual page

The following table contains the command-line options available for SymDiag:
 
 

Command-line parameters for debug logging Symantec Endpoint Protection

To enable and disable full debug logging for the Symantec Endpoint Protection client it is necessary to run six commands: three to enable debug logging and three to disable it.  This will include both sylink and WPP logging (as of build 2.1.214).  Here is an example of how this can be done if the client is installed in its default folder:
  • SymDiag.exe -enable
  • "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" -stop
  • "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" -start
  • SymDiag.exe -disable
  • "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" -stop
  • "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" -start
As of SymDiag v 2.1.244 there is an improved way to perform debug logging for Symantec Endpoint Protection.  See Command-line configuration of debug logging in SymDiag for Symantec Endpoint Protection
 

Command-line parameters for extracting files

The command-line parameter -x provides file extraction options.  The use of the command is as follows:
 
SymDiag.exe [options] -x sdbzfile.sdbz [filters]
 
…where [options] includes…
  • -s                 Silent mode (suppress error message boxes)
  • -dirs             Create one level of subdirs for files (default is flat)
  • -dest <dir>   Specify the output directory (default is auto-generated subdir of current working dir)
…and [filters] includes…
  • *          Matches zero or more characters in a directory or file name
  • ?         Matches exactly one character in a directory or file name
  • **        When used as the entire directory name, matches any chain of subdirectories
A filter may be relative.  For example the filter...
 
Symantec*\**\*.log
 
...will result in matching to any file with the extension .log that is a descendent of any directory that begins with "Symantec" anywhere in the file system.
 
A filter may also be absolute.  For example the filter...
 
C:\ProgramData\*\*.dat
 
...will result in any file with the extension .dat in any immediate subdirectory of C:\ProgramData
 

Command-line parameters for extracting the event logs

The command-line parameter -evt provides the following event log (.evt) extraction options:
 
SymDiag.exe -evt <full path to .sdbz file> [-dest <full path to destination>]
 
…where...
  • <full path to .sdbz file> is the drive and full path and file name of the .sdbz file the event logs are to be extracted from
  • -dest is optional: current directory is default
Extracted event logs are saved in .evt files per event log type in a folder named:
 
Eventlogs-<sdbz file name>
 

Command-line parameters that control the UI and silent mode workflow

The command-line parameter –prod provides the following SymDiag workflow control options:
 
SymDiag.exe –prod [prod1,prod2,…]
(Note:  No space between comma and products.)
 
...where prod# is one of the following (product name = prod#):
  • Authentication and Authorization Agent = bcaaa
  • Data Center Security: Server Advanced Agent = dcssaagent
  • Data Center Security: Management Server = dccsserver
  • Data Loss Prevention Detection Server = detection
  • Data Loss Prevention Endpoint Agent = edpa
  • Data Loss Prevention Enforce Server = enforce
  • Encryption Desktop = sed
  • Encryption Management Server = sems
  • Endpoint Encryption Client = seeclient
  • Endpoint Encryption Console = seeconsole
  • Endpoint Protection Client = epclient
  • Endpoint Protection Manager = epconsole
  • Information Centric Analytics = informationcentricanalytics
  • Information Centric Tagging = informationcentrictagging
  • Mail Security for Microsoft Exchange = smsmse
  • Optical Character Recognition = opticalcharacterrecognition
  • Protection Engine = pe
  • VIP Access Desktop = vipaccessdesktop
  • WSS Agent = wssagent
  • WSS Service = wssservice
  • Cloud SWG (formerly known as WSS) Auth Connector = authconnector
This switch works in both silent mode and UI mode. You can add scan specifiers in both silent mode and UI mode as well as follows:
  • -healthchk
  • -prechk
  • -logs
  • -forsupport
  • -alldata
  • -ts (exclusive: Threat Scan takes precedence over all other command-line scan options)
You can combine product and scan specifiers in the command-line with the result that...
  • Silent mode: scans run automatically (no user input) and with the specificity desired
  • UI mode: scan options are preselected and the user, after accepting the EULA, can just click the ‘Scan’ button
For example, we can use the command-line below to collect a SEP diagnostic package silently:
 
SymDiag.exe -s -prod epclient -alldata -dest C:\Temp\

 

Additional Information

The commands above are running in "silent mode" so it will not prompt for any status. 

Use tasklist at the command prompt to see running processes. Symdiagui* will run for a while after you issued the command. Commands are running usually for around 30 minutes