Learn about and download SymDiag, the Symantec Diagnostic Tool. SymDiag helps identify common issues and gathers data for support-assisted troubleshooting.
Also available are links to SymDiag FAQs and additional support resources.
The method used to gather logs on a Linux system is dependent upon whether the SEP for Linux client or the SES Linux Agent is being used.
sudo chmod +x ./symdiag.run
sudo ./symdiag.run
Get Agent Info script can be used to collect SES Linux Agent logs. Run the following command from a terminal:
cd /opt/Symantec/sdcssagent/IPS/tools; ./getagentinfo.sh
SymDiag for macOS is not available. Instead, download one of the following:
Additional diagnostic resources are available at Diagnostic .cloud for the following Network Protection products:
The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic, and security analysis utility. SymDiag is provides self-help support for Symantec product technical issues, zero-day threat analysis, best practice recommendations, and proactive services to customers.
If you require further assistance, SymDiag lowers the level of effort and increases efficiency by automating data gathering and support case submission.
Supported products
SymDiag supports the following Symantec products:
*SymDiag includes reporting on license status for this product. See About the Licensing Dashboard in SymDiag.
SymDiag runs on the same Windows operating systems that Symantec products that function with SymDiag support.
On Windows 2008 R2 Server Core, run SymDiag with the following command-line switch:
-net2
The following x86 and x64 Linux distributions are supported.
Distribution | Minimum Version |
---|---|
RedHat Enterprise Linux | 6.5 |
CentOS | 6.5 |
Fedora | 16 |
Oracle Linux | 6.5 |
Debian | 6.0.5 |
Ubuntu | 11.10 |
SUSE | 11.0 |
Novell Open Enterprise Server | 11.0 |
SymDiag comes with many command-line parameters, and you can remotely deploy SymDiag.
Before contacting Support, you can identify Symantec product issues, licensing status and identify best-practice configurations of your Symantec product. You can also attempt to identify suspicious files and start an investigation into whether they are zero-day threats.
You can run SymDiag on computers to produce self-help solutions, as well as collect data for support cases with Symantec.
You should use SymDiag to gather data on relevant computers for support cases with Symantec. SymDiag lets you deliver that data directly into a new or existing support case.
The Symantec Diagnostic Tool (SymDiag) has been developed by Symantec over many years and has had a number of different names. The following support utilities have been a part of that history and are all now no longer used by support in favor of the improved and inclusive features maintained in SymDiag:
Build 2.1.290 (02/02/2021)
Issue key | Component | Summary |
SAD-886 | CWP | CWP: Integrate CAF data & Azure VM Extension log collection |
SAD-968 | DLP | Enforce and Detection server reports do not allow user to fix date issue |
SAD-1025 | SED | SED Service report errors if SEE is also installed |
SAD-1029 | SEE | Change SEE version from File Version to Product Version |
SAD-1008 | SEE | SEE 11.3.1 is latest version |
SAD-1032 | SEP | SEP Security Log does not show INTRUSION-URL nor X-INTRUSION-PAYLOAD-URL |
SAD-1005 | SEP | [RU1 Refresh] Symdiag reports SDS Defs are corrupt when ADVML is enabled on agent |
SAD-1056 | SEPM | SEPM Config Review has some OS entries of None which are Mac OSes |
SAD-1016 | SEPM | SEPM Config Review Finding tables show "No Data" |
SAD-1007 | SEPM | SEPM Protection Overview section 4 charts are correct, but the table below them are not correct |
SAD-1002 | SEPM | SEP Protection Overview tables empty despite having data in the graphs |
SAD-957 | SEPM | For Sep Config Review, the Log Size recommendation will show the data used to reach the conclusion |
SAD-1004 | SymDiag | Remove SHA-1 cert as SHA-1 timestamp server has shutdown on 1/1/2021 |
Build 2.1.288 (12/17/2020)
Issue Component Summary
SAD-988 SEE Encryption Desktop latest version needs to be updated
SAD-982 SEP WPP Reboot debugging may error that it is unable to stop wpp logging
SAD-977 WSS If select to collect additional files, then select a product to debug, you will not be prompted for the additional files
SAD-971 WSS Error dialog if no network data was captured
SAD-970 WSS When debugging the WSS Service, "Are you finished" prompt is not displayed
SAD-992 Not collecting LiveUpdate logs and settings
SAD-990 It takes 1 minute for the product plugins to load
Build 2.1.286 (12/09/2020)
SAD-959 Update for SEP 14.3 RU1
SAD-926 Command line option to update and then exit
SAD-925 Command line option to specify debug time
SAD-917 WSS Health check for network connectivity
SAD-904 Memory leak by SES Config Review during Findings review process
SAD-903 Slow collection of SES Config Review when there is a large number of clients with old IPS, AV or scans
SAD-895 Viewing a large SES Proactive Service can run the system out of memory
SAD-889 The output when running an external command is displayed
SAD-859 Add System Uptime to the System Information under information tab
SAD-858 Provide "Quick Fix" for missing SSL interception certificate
SAD-857 Collect additional files after debug tests are run
SAD-856 Ability to capture PCAPs using `net trace`
SAD-842 SymDiag will not collect SEP uninstall logs.
SAD-757 launch64.exe is not signed
SAD-205 [Wss Agent] Windows licensing status
SAD-204 [WSS Agent]SymDiag Feature Request: Detect test signing mode
Build 2.1.284 (11/02/2020)
SAD-784 SES information does not show all of the exceptions created in the Exception Policy
SAD-807 The SES Service report shows an incorrect NTR/SEPWSC/ScanService status on Win7
SAD-840 SymDiag exits when trying to collect SES cloud policies when not connected to the cloud
SAD-853 On Linux, Enforce Tns Listener report has result and text issues
SAD-855 Enforce Oracle permission sql errors
SAD-847 SEPM Config Review Technology Summary does not have % symbols in the Percent column
SAD-846 SEPM Config Review has incorrect client count in 2 places of the report
SAD-870 DLP 15.7 MP1 Windows Agent vnwcd service report is a false negative
SAD-878 DLP Agent services vfsmfd and vrtam are flagged as errors when not running, but are demand start
SAD-874 SBE cloud EOL on 11/1
SAD-835 Customer ID is incorrect on WSS Agent page
SAD-837 SES update WTR to NTR in the output
SAD-877 Enforce ListAgentsLegacy sql query errors on 15.7
Build 2.1.282 (9/10/2020)
SAD-444 File upload to a case is not working
SAD-621 Update URL in Protection Overview Report
SAD-615 Integrate WSSA tool and WSS data collection into EPClient collection
SAD-677 WSS not displaying ThreatPulse
SAD-691 Sep 14.3 GA release
SAD-694 Not collecting additional files that should be collected
SAD-571 Even-though IPS is enabled , symdiag shows IPS feature is Inconclusive
SAD-450 Configuration Review String
SAD-620 Sort Security Advisories by client versions in the config review
SAD-255 Application Learning detail report appears in Configuration Review when it is OK
SAD-657 Number of SEP Clients is counting duplicate systems
SAD-707 Update to latest EO.WebBrowser to resolve exception when logging in to case management
SAD-443 Broken KB URL
SAD-708 Update missing kb links
SAD-451 Configuration Review URL update
SAD-645 Exception when collecting Cloud Policies
SAD-439 Update WSS and UnifiedAgent known versions
SAD-676 Viewer report if serial numbers are core or not
SAD-729 Remove Data Insight reports and only collect data
SAD-579 Database is locked message is sometimes displayed when saving the file
SAD-733 SymDiag not detecting DLP 15.7 on Windows
SAD-740 SymDiag can't connect to the reputation server
SAD-668 SEPM Protection Score report has Download Insight is not enabled on -x endpoints
Build 2.1.280 (5/26/2020)
SAD-424 SymDiag Viewer does not show Config Review on BCP VM
SAD-421 SEP 14.3 unexpected installation configuration report error
SAD-417 Red Hat 7.7 OS is listed as not supported
SAD-413 Unknown DriveFormat on Linux
SAD-412 Not collecting OS name on some Linux
SAD-409 Update DLP Version Checking and Remove Reference to 14.x
SAD-406 KB Click 404 Client communications might not be working
SAD-396 RHEL 7.7 not able to get list of services
SAD-373 EO.WebBrowser exceptions when Save Window is displayed
SAD-361 Version Check for Encryption is out of date
SAD-263 [SEP 14.3] Update system requirements report
SAD-249 Collect and display cloud client policies
SAD-5 Update latest version report
SAD-358 Update DLP Config Review links to Broadcom
SAD-357 Config Review report Clients with less than 1.5 GB free disk space is not correct
SAD-353 Update SEP Config Review KB links to Broadcom links
SAD-268 [PO] modify the thresholds for when the IPS and the virus "Definitions out of date" checks fail and display data
SAD-266 [PO] List group names and policies applied
SAD-265 [PO] Emphasize each of the SEP protection technologies for threats and computers
SAD-264 [PO] Top 5 IPS sigs triggered, top 5 machines with IPS events
SAD-233 Present policy version for Cloud managed client
Related terms: symhelp, symhelpexe,symantec help