Enable Sylink debugging for Endpoint Protection clients
search cancel

Enable Sylink debugging for Endpoint Protection clients

book

Article ID: 151511

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This article describes the steps for enabling Sylink debug logging. Sylink debugging is used for troubleshooting communication issues between the Symantec Endpoint Protection (SEP) client and the Symantec Endpoint Protection Manager (SEPM).

Versions: This document is for versions 14.0 up to 14.0 RU1 MP2. For clients running SEP 14.2 and later, please refer to article  https://knowledge.broadcom.com/external/article/171445/configuring-endpoint-protection-communic.html. Registry paths are valid until version 14.3RU4. Higher versions use 32-bit path again. For more information on 14.3 refer to the dedicated article.

Resolution

Caution: Before you begin, you should make a backup of the Windows Registry. See the Microsoft article Back up the registry.

Note: You must disable the Tamper Protection feature before you follow this process. If you do not disable Tamper Protection, it will block the required registry key modifications. To disable Tamper Protection, see the following article: Disable Tamper Protection.

To enable Sylink debug logging via the Windows Registry

I. Enable SMC debug logging

  1. To open the Registry Editor, click Start. In the Search programs and files field, enter regedit, and then click regedit.exe from the list of results.
    Alternately, click Start > Run, enter regedit, and then click OK.
     
  2. Navigate to the following registry subkey:
    • on 32-bit systems:
      HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
    • on 64-bit systems:
      HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC
  3. On the right hand side of the Registry editor window double-click smc_debuglog_on binary value.
     
  4. Change the value to 1 and click OK.
     

II. Enable Sylink debug logging and define Sylink log location

  1. While still in the Windows Registry Editor, navigate to the following registry subkey:
    • on 32-bit systems:
      HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
    • on 64-bit systems:
      HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
  2. Highlight the "Sylink" key and click Edit > New > String Value.
     
  3. Name the new value DumpSylink.
     
  4. Double-click DumpSylink.
     
  5. In the Value data field, specify the name and location for the log file.
    For example, C:\Sylink.log would place the file Sylink.log at the root of the C: drive.
     
  6. Click Edit > New > DWORD.
     
  7. Name the new value DumpSylinkLevel.
     
  8. Double-click the DumpSylinkLevel value.
     
  9. Change the Value data to 4 and click OK.
     
  10. Close the Registry Editor.
     

III. Restart the Symantec Management Client (SMC)

  1. Click Start, and in the Search programs and files field, enter the following command:
    smc -stop

    Alternately, click Start > Run, enter the command and then click OK.
    *Wait 120 seconds*
     
  2. After the Symantec Endpoint Protection icon disappears from the notification area, repeat Step 1, but instead use the following command:
    smc -start

Sylink debug logging is now enabled. The resulting log file appears in the location you specified above.
 

To disable Sylink debug logging via the Windows Registry

After you have collected the necessary data, disable Sylink debug logging by navigating to the same subkeys in the Windows Registry and making the following changes:

  • Delete the DumpSylink string that you created.
  • Delete the DumpSylinkLevel DWORD that you created
  • Change the Value data of smc_debug_log_on back to 0.
  • Restart the Symantec Management Client.
  • Enable Tamper Protection again.

If you do not disable Sylink debug logging, the log file may grow very large with the communication data from client to management server.