Download SymDiag to detect product issues
Article ID: 155115
Updated On:
Products
Issue/Introduction
Download and learn about SymDiag — the Symantec Diagnostic Tool — which identifies common issues and gathers data / logs for support-assisted troubleshooting.
Resolution
- Download SymDiag
- About SymDiag
- Command-line and remote deployment
- Self-help reporting
- Proactive Services
- Threat Analysis Scan
- Licensing Dashboard
- Data collection for Support
- Delivering data to Support
- Windows Root Certificate Requirement
- Release Notes
Download SymDiag
SymDiag for Windows (2.1.310.11238)
- Download SymDiag for Windows.
Save the file to the Windows desktop. - On the Windows desktop, double-click the SymDiag.exe icon.
- Follow the on-screen instructions or consult the Table of Contents below to find further instructions for using SymDiag depending on what you want to accomplish with SymDiag
SymDiag for Linux (2.1.11224)
The method used to gather logs on a Linux system is dependent upon whether the SEP for Linux client or the SES Linux Agent is being used.
SEP for Linux (On-prem install)
- Download SymDiag for Linux.
Right-click this link and choose "Save Target As" or "Save Link As". - Save symdiag.run to a directory on the computer.
- Mark the file as executable to run as superuser.
sudo chmod +x ./symdiag.run
sudo ./symdiag.run
- Follow the on-screen instructions.
SES Linux Agent (cloud managed)
Get Agent Info script can be used to collect SES Linux Agent logs. Run the following command from a terminal:
cd /opt/Symantec/sdcssagent/IPS/tools; ./getagentinfo.sh
SymDiag for macOS
SymDiag for macOS is not available. Instead, download one of the following:
- Download wssa-diag.sh for issues with WSS Agent or Unified Agent
- Download GatherSymantecInfo for issues with other Symantec products
Diagnostic .cloud for ProxySG
Additional diagnostic resources are available at Diagnostic .cloud for the following Network Protection products:
- ProxySG
SymDiag Viewer for Windows (2.1.310.11238)
- Download SymDiag Viewer for Windows.
Save the file to the Windows desktop. - On the Windows desktop, double-click the SymDiagViewer.msi icon.
- Follow the on-screen instructions to install the SymDiag Viewer
- Double click on any *.sdbz file and the file will be opened in the SymDiag Viewer
About SymDiag
The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic, and security analysis utility. SymDiag provides self-help support for Symantec product technical issues, zero-day threat analysis, best practice recommendations, and proactive services to customers.
If you require further assistance, SymDiag lowers the level of effort and increases efficiency by automating data gathering and support case submission.
Supported products
SymDiag supports the following Symantec products:
- Advanced Threat Protection (Linux)
- Auth Connector
- Authentication and Authorization Agent
- Data Center Security Management Server
- Data Insight
- Data Loss Prevention 11.0 and later
- Encryption Powered by PGP
- Endpoint Encryption
- Endpoint Protection 11.0 and later*
- Endpoint Protection Small Business Edition (.Cloud)
- Endpoint Protection Cloud
- Information Center Analytics
- Information Centric Tagging
- Mail Security for Microsoft Exchange 6.5.2 and later*
- Management Platform
- Optical Character Recognition
- Protection Engine
- Unified Agent/Web Security Service Agent
- VIP Access
- Web Cloud Protection
- Web Security Service
*SymDiag includes reporting on license status for this product. See About the Licensing Dashboard in SymDiag.
Supported operating systems
Windows
SymDiag runs on the same Windows operating systems that Symantec products that function with SymDiag support.
On Windows 2008 R2 Server Core, run SymDiag with the following command-line switch:
-net2
Linux
The following x86 and x64 Linux distributions are supported.
| Distribution | Minimum Version |
|---|---|
| RedHat Enterprise Linux | 6.5 |
| CentOS | 6.5 |
| Fedora | 16 |
| Oracle Linux | 6.5 |
| Debian | 6.0.5 |
| Ubuntu | 11.10 |
| SUSE | 11.0 |
| Novell Open Enterprise Server | 11.0 |
Command-line and remote deployment
SymDiag comes with many command-line parameters, and you can remotely deploy SymDiag.
- SymDiag command-line parameters
- Run SymDiag for Linux on Symantec Appliance
- Remotely Deploy SymDiag
- Deploy SymDiag using the Client Deployment Wizard in Endpoint Protection Manager
Self-help reporting
Before contacting Support, you can identify Symantec product issues, licensing status and identify best-practice configurations of your Symantec product. You can also attempt to identify suspicious files and start an investigation into whether they are zero-day threats.
- Self-Help Reporting
- Proactive Services - Best Practice Reporting
- Threat Analysis Scan
- Licensing Dashboard
Data collection for Support
You can run SymDiag on computers to produce self-help solutions, as well as collect data for support cases with Symantec.
- Data Collection for Support
- Debug Logging
- How can I collect debug logging data for a Symantec Support case?
- How can I use a wizard to collect debug logging data for a Symantec Support case?
- How can I use advanced debug logging options for the Symantec Endpoint Protection client?
- How can I configure command-line debug logging in SymDiag for Symantec Endpoint Protection?
Delivering data to Support
You should use SymDiag to gather data on relevant computers for support cases with Symantec. SymDiag lets you deliver that data directly into a new or existing support case.
- Data Delivery
Windows Root Certificate Requirement
SymDiag requires a root certificate to be auto installed by the Windows OS and that the OS supports SHA-2 code signing certificates. If these requirements are not met, SymDiag will display an error message of "Failed to launch Symantec Diagnostic Tool". This issue can be resolved by following the steps in the article Failed to launch Symantec Diagnostic Tool.
Release Notes
Build 2.1.310.11238 (08/11/2022)
| Key | Component/s | OS | Summary |
| SUPOPS-538 | SEP | Windows | Exception if Cloud Server connection, but no cloud policies |
| SUPOPS-533 | SEP | Windows | SEP 14.3 RU5 Cloud API to get policies fails |
| SUPOPS-551 | SEP | Windows | SymDiag does not collect debug and wpp logs when using the -s -enable command line options |
| SUPOPS-530 | SEP, SEPM | Windows | Add 14.3 RU5 refresh as new version for SEP |
| SUPOPS-503 | SEPM | Windows | Error converting data type nvarchar to numeric when collecting information about a sep client |
| SUPOPS-527 | SPE | Windows | Update SPE OS requirements for System Requirements report |
| SUPOPS-542 | SPE | Windows | Collect Stargate logs for v8.2 |
| SUPOPS-543 | SPE | Windows | For service report, remove symcmicrodefsmgr if 8.2 or greater |
| SUPOPS-544 | SPE | Windows | Remove 7.8 from install requirement strings |
| SUPOPS-545 | SPE | Windows | Remove excess spaces from PE's file version |
| SUPOPS-546 | SPE | Windows | Collect Common Agent Framework files |
| SUPOPS-528 | SPE | Windows | Update SPE supported versions for latest version report |
| SUPOPS-532 | SymDiag | Windows | Collect Internet Settings from the registry |
| SUPOPS-550 | WSS | Windows | The WSS SSL Root Certificate report incorrectly reports that the certificate is not installed if more than 1 certificate is installed |
Build 2.1.308.11236 (06/21/2022)
| Key | Component/s | OS | Summary |
| SUPOPS-530 | SEP, SEPM | Windows | Add 14.3 RU5 as new version for SEP. NOTE: 2.1.308 is required for full support of SEP 14.3 RU5. Earlier versions may not collect all SEP data, have report errors and not enable SEP debugging. |
Build 2.1.308.11235 (06/07/2022)
| Key | Component/s | OS | Summary |
| SUPOPS-153 | DLP | Windows | DLP Agent enable / disable FINEST logging |
| SUPOPS-484 | DLP | Windows | Add etw guids for vrtam.sys and vnwcd.sys |
| SUPOPS-520 | DLP, Viewer | Windows | Update Enforce Oracle Server version information in config review |
| SUPOPS-510 | SED | Windows | Latest versions of Endpoint Encryption and Encryption Desktop |
| SUPOPS-525 | SEE | Windows | Win Server 2019 is reported as not supported for see |
| SUPOPS-524 | SEE | Windows | Endpoint Encryption Management Server reports CLRtypes not installed when they are. |
| SUPOPS-470 | SEP | Windows | Collect additional hardening files for RU4 |
| SUPOPS-513 | SEP | Windows | Unexpected installation report error |
| SUPOPS-526 | SEP | Windows | SymDiag exits while running ScCloudPolicyVersions script command |
| SUPOPS-495 | SEP | Windows | Change how SEP Information Features are displayed. Now shown as Features and as Protections |
| SUPOPS-489 | SEP | Windows | Parse SEP 14.3 RU4 Application Hardening log (AsrMan.log) |
| SUPOPS-488 | SEPM | Windows | Proactive and Config Review report an error when checking on the latest version |
| SUPOPS-494 | SymDiag | Windows | MSI Applications missing apps that are only in Uninstall key |
| SUPOPS-485 | SymDiag | Windows | When Sql Server is not installed, try to collect install log files |
| SUPOPS-511 | SymDiag | Windows | Update 3rd party software |
| SUPOPS-506 | WSS | Windows | WSS Pac file is not downloaded |
Build 2.1.306.11230 (02/07/2022)
| Issue key | Component | OS | Summary |
| SUPOPS-478 | DLP | Windows | Update DLP Version |
| SUPOPS-173 | DLP | Windows | Collect Debug Output Strings for DLP |
| SUPOPS-447 | DLP | Windows | Unable to identify Enforce version when installed to a custom directory |
| SUPOPS-459 | SED | Windows | SED 10.5 MP3 released |
| SUPOPS-479 | SEE | Windows | Update SEE version |
| SUPOPS-458 | SEP | Windows | Could not find a part of the path after saving the SBDZ |
| SUPOPS-464 | SEP | Windows | SymDiag can crash if try to delete an invalid Common Client value |
| SUPOPS-476 | SEP, SEPM | Windows | Update EP 14.3 RU4 version |
| SUPOPS-480 | SMSMSE | Windows | Update SMSMSE Version |
| SUPOPS-477 | SymDiag | Windows | Update Sql Server Versions |
Build 2.1.304.11227 (01/27/2022)
| Issue key | Component | OS | Summary |
| SUPOPS-468 | Viewer | Windows | EO WebBrowser license error when using public decrypt server |
| SUPOPS-475 | SymDiag, Viewer | Windows | Not able to connect with reputation server |
Build 2.1.304.11224 (12/01/2021)
| Issue key | Component | OS | Summary |
| SUPOPS-420 | SEPM, Viewer | Windows | Recommended Log Retention table not displayed if there is a 'Not Available' value in the Recommended Entries column |
| SUPOPS-401 | SymDiag | Windows | Log the WPP ids when starting and stopping WPP logging |
| SUPOPS-402 | SEP | Windows | Capture the WPP Providers that SEP supports for that version |
| SUPOPS-419 | SED | Windows | Update system requirements kb link and version in string |
| SUPOPS-403 | SEP | Windows | Add missing WPP Providers |
| SUPOPS-372 | SEP, SEPM | Windows | Have a report which checks access to network services used by SEP / SEPM |
| SUPOPS-421 | SymDiag | Windows | Collect BitLocker information |
| SUPOPS-440 | SymDiag | Linux | Various errors are displayed when running SymDiag on Linux |
| SUPOPS-439 | SEP | Windows | Definition corruption report has an error for the NTRDefs for Sep 14.3 ru2 and higher |
| SUPOPS-425 | SEP | Windows | Collect Symantec Download Manager logs |
| SUPOPS-340 | SEPM | Windows | EP Proactive Service: Add Group Name to policy recommendation tables |
| SUPOPS-438 | SEPM | Windows | Capture security policy for troubleshooting ssl issues |
| SUPOPS-428 | SEP | Windows | Use SEP.ctl as source of WPP Providers |
| SUPOPS-416 | SymDiag | Windows | If set WPP's Logging's Total Drive Space > 4G, less than 4G of files will be kept |
| SUPOPS-433 | SEP, Viewer | Windows | Engines and definitions on Information page do not match SEP's troubleshooting output |
| SUPOPS-424 | SEP | Windows | Remove Symantec Endpoint Protection Cloud and Small Business Edition as they are past EOL |
| SUPOPS-446 | SEPM | Windows | Change the protection score's Antivirus text to Auto-Protect |
| SUPOPS-430 | SymDiag | Windows | Allow an opened .sdbz file to be attached to a case |
Build 2.1.302.1109 (10/05/2021)
| Issue key | Component | OS | Summary |
| SUPOPS-339 | SEP | Linux | EP 14.3 ru2 on Linux is not detected |
| SUPOPS-382 | SEP | Windows | SEP 14.0 EDR Definitions are reported as corrupt, but are not corrupt |
| SUPOPS-377 | SEP, SEPM | Windows | 14.3 RU3 GA release |
| SUPOPS-244 | SymDiag | Windows | After logging into Okta, a NGINX / OpenID Connect login failure is displayed |
| SUPOPS-385 | SymDiag | Windows | Update Unable to launch message with Windows Root Certificate requirement |
| SUPOPS-384 | SymDiag | Windows | Create KB for Windows Root Certificate Requirement |
Build 2.1.300.1106 (09/01/2021)
| Issue Id | Component | OS | Summary |
| SUPOPS-344 | Auth Connector | Windows | Collect bcca.ini, saml.ini, and sso.ini in BCCA install directory |
| SUPOPS-316 | DLP | Windows | Capture Microsoft Edge registry entries for ExtensionInstallForcelist and com.symantec.dlp |
| SUPOPS-329 | SEE | Windows | Update latest version for Encryption Management Server and Encryption Desktop |
| SUPOPS-345 | SEP | Windows | Encrypted data is not exported in decrypted format |
| SUPOPS-352 | SEP | Windows | Sep Security log is missing Intrusion-URL |
| SUPOPS-354 | SEPM Config Review | Windows | Proactive service scan did not save clients |
| SUPOPS-105 | SymDiag | Windows | Display the Google extension registry for both 32 and 64bit locations |
| SUPOPS-355 | SymDiag | Windows | Crash due to null reference in RecentLogsOnly |
| SUPOPS-358 | SymDiag | Windows | RootkitDetectionMode is not logged |
| SUPOPS-345 | Viewer | Windows | Encrypted data is not exported in decrypted format |
| SUPOPS-363 | WSS | Windows | Do not capture pcaps when collecting data for the wssservice product in silent (-s) mode |
| SUPOPS-337 | WSS | Windows | "File Saved" dialog is not brought to front when shown |
| SUPOPS-338 | WSS | Windows | No error displayed when saving to non-existent folder |
Build 2.1.298.1102 (07/08/2021)
| Issue Key | Component/s | OS | Summary |
| SUPOPS-223 | Viewer | Windows | Public SymDiag Decryption Service for Partners and Customers |
Build 2.1.298.1101 (06/30/2021)
| Issue Key | Component/s | OS | Summary |
| SUPOPS-272 | DLP | Linux | Improve detection of DLP 15.7 on Linux |
| SUPOPS-291 | DLP | Linux | Linux Max CPU speed is not correct, which impacts DLP Config review |
| SUPOPS-292 | DLP | Linux | DLP Config Review incorrectly checks the number of cpus |
| SUPOPS-275 | DLP | Windows, Linux | DLP 15.8 support |
| SUPOPS-165 | DLP | Windows | DLP Agent enable or disable ETW / ETL logging |
| SUPOPS-204 | DLP | Windows, Linux | DLP Enforce Protection Score shows as a decimal in the self-help report title |
| SUPOPS-271 | SEE | Windows | SEE 11.2.1 and less are EOS |
| SUPOPS-235 | SEE | Windows | Sql Server Express is not supported since see 11.2.1 mp1 |
| SUPOPS-201 | SEP | Windows | Extra columns in Parsed AV Logs view |
| SUPOPS-197 | SEP | Windows | Not collecting the MSI logs in %TEMP% from different profiles |
| SUPOPS-307 | SEP | Windows | In SEP AV Logs view, the Enhanced Outbreak Mode and Action Taken columns have _LT strings |
| SUPOPS-306 | SEP | Windows | In SEP AV Logs view, the First Seen column data are _LT strings |
| SUPOPS-110 | SymDiag | Windows | Threat Analysis root kit scan needs to tell user that the system needs to be rebooted to remove driver |
| SUPOPS-172 | Viewer | Windows | When filtering Windows Events using the description column, it can take a long time to display the pick box or will hang |
| SUPOPS-122 | Viewer | Windows | Displaying 13K files in file explorer is slow and leaks 25M |
| SUPOPS-297 | WSS | Windows | Remove "Unified Agent" from product selection when neither are installed |
| SUPOPS-294 | WSS | Windows | -limiteddata option is not working when using -forsupport in the command line |
| SUPOPS-219 | WSS | Windows | Not gathering additional files when debugging WSS Agent |
Build 2.1.296.1094 (05/13/2021)
| Key | Component/s | OS | Summary |
| SUPOPS-230 | SEP | Windows | Collect Local GPO info |
| SUPOPS-242 | SEP | Windows | EP information tab, Serial Number is not showing the serial number |
| SUPOPS-225 | SEP | Windows | Proactive Threat Protection Truscan state is unknown |
| SUPOPS-108 | SEP | Windows | Symdiag Reports SEP Firewall & SymTDI is not configured properly |
| SUPOPS-109 | SEP | Windows | Symdiag reports IPS is inconclusive |
| SUPOPS-216 | SEP | Windows | In Endpoint Protection Client Summary, the S3 Server is listed |
| SUPOPS-45 | SEP, SEPM | Windows | EP 14.3 RU1 MP1 released |
| SUPOPS-255 | SEP, SEPM | Windows | EP 14.3-RU2 released |
| SUPOPS-168 | SEP, Viewer | Windows | Remove EpClient exceptions from Information tab and encrypt them |
| SUPOPS-61 | SEPM | Windows | Incorrect Database Version in Information Report |
| SUPOPS-51 | SymDiag | Windows | Error message "Failed to create temporary folder" needs more data for the failure |
| SUPOPS-60 | SymDiag | Windows | Capture Device Guard settings |
| SUPOPS-260 | SymDiag | Windows | Temporarily disable case attachment |
| SUPOPS-174 | Viewer | Windows | SymDiag Decryption Service UI Control |
| SUPOPS-59 | Viewer | Windows | Viewer indicates what information has been encrypted |
| SUPOPS-222 | Viewer | Windows | Make Viewer public |
| SUPOPS-47 | WSS | Windows | Update etl2pcapng to version 1.5 |
| SUPOPS-63 | WSS | Windows | Run "BNS Curl" command when gathering data |
| SUPOPS-64 | WSS | Windows | Enable WSS Service debug logging by default |
Build 2.1.292.876 (03/01/2021)
| Issue Key | Component | OS | Summary |
| SAD-908 | DLP | Windows, Linux | Update DLP config review text from feedback |
| SAD-1109 | SED | Windows | Encryption Desktop 10.5 MP1 released |
| SAD-1064 | SEP | Windows | SMR521.SYS is installed when an EP Client scan is done |
| SAD-1084 | SEP | Windows | SEP 14.3 Debug logs are not created |
| SAD-1098 | SEP | Windows | Add EP 14.3 WPP Providers |
| SAD-967 | SEPM | Windows | Not saving the output of exec sp_who2 on Sql Server/Express |
| SAD-1111 | SEPM | Windows | SEPM Client/Server Distribution table does not list all domains |
| SAD-1100 | SEPM | Windows | SEPM Config Review Protection Technology Summary needs to be last 30 days |
| SAD-1082 | SEPM | Windows | Update urls in the SEP Config Review |
| SAD-1081 | SymDiag | Windows | SymDiag exits after collecting data for support with an EO.WebBrowser exception |
| SAD-1112 | SymDiag | Linux | Remove the Symantec Mail Gateway (SMG) product |
| SAD-1078 | SymDiag | Windows | Add Chrome Browser information for OS collection |
Build 2.1.290 (02/02/2021)
| Issue key | Component | Summary |
| SAD-886 | CWP | CWP: Integrate CAF data & Azure VM Extension log collection |
| SAD-968 | DLP | Enforce and Detection server reports do not allow user to fix date issue |
| SAD-1025 | SED | SED Service report errors if SEE is also installed |
| SAD-1029 | SEE | Change SEE version from File Version to Product Version |
| SAD-1008 | SEE | SEE 11.3.1 is latest version |
| SAD-1032 | SEP | SEP Security Log does not show INTRUSION-URL nor X-INTRUSION-PAYLOAD-URL |
| SAD-1005 | SEP | [RU1 Refresh] Symdiag reports SDS Defs are corrupt when ADVML is enabled on agent |
| SAD-1056 | SEPM | SEPM Config Review has some OS entries of None which are Mac OSes |
| SAD-1016 | SEPM | SEPM Config Review Finding tables show "No Data" |
| SAD-1007 | SEPM | SEPM Protection Overview section 4 charts are correct, but the table below them are not correct |
| SAD-1002 | SEPM | SEP Protection Overview tables empty despite having data in the graphs |
| SAD-957 | SEPM | For Sep Config Review, the Log Size recommendation will show the data used to reach the conclusion |
| SAD-1004 | SymDiag | Remove SHA-1 cert as SHA-1 timestamp server has shutdown on 1/1/2021 |
Build 2.1.288 (12/17/2020)
Issue Component Summary
SAD-988 SEE Encryption Desktop latest version needs to be updated
SAD-982 SEP WPP Reboot debugging may error that it is unable to stop wpp logging
SAD-977 WSS If select to collect additional files, then select a product to debug, you will not be prompted for the additional files
SAD-971 WSS Error dialog if no network data was captured
SAD-970 WSS When debugging the WSS Service, "Are you finished" prompt is not displayed
SAD-992 Not collecting LiveUpdate logs and settings
SAD-990 It takes 1 minute for the product plugins to load
Build 2.1.286 (12/09/2020)
SAD-959 Update for SEP 14.3 RU1
SAD-926 Command line option to update and then exit
SAD-925 Command line option to specify debug time
SAD-917 WSS Health check for network connectivity
SAD-904 Memory leak by SES Config Review during Findings review process
SAD-903 Slow collection of SES Config Review when there is a large number of clients with old IPS, AV or scans
SAD-895 Viewing a large SES Proactive Service can run the system out of memory
SAD-889 The output when running an external command is displayed
SAD-859 Add System Uptime to the System Information under information tab
SAD-858 Provide "Quick Fix" for missing SSL interception certificate
SAD-857 Collect additional files after debug tests are run
SAD-856 Ability to capture PCAPs using `net trace`
SAD-842 SymDiag will not collect SEP uninstall logs.
SAD-757 launch64.exe is not signed
SAD-205 [Wss Agent] Windows licensing status
SAD-204 [WSS Agent]SymDiag Feature Request: Detect test signing mode
Related terms: symhelp, symhelpexe,symantec help
Feedback
