You need to know how to interpret AV log files for Symantec Endpoint Protection (SEP).

This article applies only to the AV logs on SEP Windows and Linux clients. The SEP Mac client uses a different log format. The recommended method for viewing these files is with the SEP client GUI, or the SEPM. The Linux client does not yet have a log viewer GUI. The AV logs folder contains a series of log files, one file for each day of log entries. The files are named MMDDYYYY.log, where MMDDYYYY indicates the date of the log entries.

Each comma-delimited log file is a plain text file that can be viewed in Notepad or Excel.

Log Location

AV logs are stored in the following locations, depending on the version and operating system:

• Endpoint Protection 14.3

                  Path - C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs\AV

• SEP Linux AV log files are kept in /var/symantec/sep/Logs

• Endpoint Protection 14.0
   

                   Windows XP/Windows 2003 - \Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Logs\AV

                   Other Windows - \ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs\AV
 

• Endpoint Protection 12.1    

                   Windows XP /Windows 2003- \Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Logs\AV

                   Other Windows - \ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs\AV

• Endpoint Protection 11
   

                  \Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Logs\AV
 

• SEP Linux AV log files are kept in /var/symantec/Logs

Viewing Logs in Excel

When opening AV log files in Excel, the attached macro-enabled workbook can be used to insert column headers that indicate what each of the columns are, and convert much of the raw fields into human-readable terms.

To run the macro against AV log files:

1. Download the attached Excel Macro-enabled Workbook file (NOTE there is a seperate macro file for SEP Linux clients).
2. Open the workbook in Excel.
3. Click File > Open.
4. Browse to the location of the SEP log file you want to open.
5. Select a log file, and click Open. The Text Import Wizard appears.
6. Under Original data type, select Delimited, and click Next.
7. Under Delimiters, check Comma. Uncheck all other options.
8. Click Finish.
9. Click View > Macros > View Macros.
10. Select the ConvertAVLogFile macro, and click Run. The log file is updated to include column headers and more readable data.

Note: You may need to enable macros in Excel for this to work. For more information on running macros, see Run a macro on support.office.com.