This article describes the steps for enabling Sylink debug logging. Sylink debugging is used for troubleshooting communication issues between the Symantec Endpoint Protection (SEP) client and the Symantec Endpoint Protection Manager (SEPM).
Versions: This document is for versions 14.0 up to 14.0 RU1 MP2. For clients running SEP 14.2 and later, please refer to article https://knowledge.broadcom.com/external/article/171445/configuring-endpoint-protection-communic.html. Registry paths are valid until version 14.3RU4. Higher versions use 32-bit path again. For more information on 14.3 refer to the dedicated article.
Caution: Before you begin, you should make a backup of the Windows Registry. See the Microsoft article Back up the registry.
Note: You must disable the Tamper Protection feature before you follow this process. If you do not disable Tamper Protection, it will block the required registry key modifications. To disable Tamper Protection, see the following article: Disable Tamper Protection.
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC
HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
smc -stop
smc -start
Sylink debug logging is now enabled. The resulting log file appears in the location you specified above.
After you have collected the necessary data, disable Sylink debug logging by navigating to the same subkeys in the Windows Registry and making the following changes:
If you do not disable Sylink debug logging, the log file may grow very large with the communication data from client to management server.