Download SymDiag to detect product issues
Article ID: 155115
Updated On:
Products
Issue/Introduction
Download and learn about SymDiag — the Symantec Diagnostic Tool — which identifies common issues and gathers data / logs for support-assisted troubleshooting.
Resolution
- Download SymDiag
- About SymDiag
- Command-line and remote deployment
- Self-help reporting
- Proactive Services
- Threat Analysis Scan
- Licensing Dashboard
- Data collection for Support
- Delivering data to Support
- Windows Root Certificate Requirement
- Release Notes
Download SymDiag
SymDiag for Windows (2.1.304.11227)
- Download SymDiag for Windows.
Save the file to the Windows desktop. - On the Windows desktop, double-click the SymDiag.exe icon.
- Follow the on-screen instructions or consult the Table of Contents below to find further instructions for using SymDiag depending on what you want to accomplish with SymDiag
SymDiag for Linux (2.1.11224)
The method used to gather logs on a Linux system is dependent upon whether the SEP for Linux client or the SES Linux Agent is being used.
SEP for Linux (On-prem install)
- Download SymDiag for Linux.
Right-click this link and choose "Save Target As" or "Save Link As". - Save symdiag.run to a directory on the computer.
- Mark the file as executable to run as superuser.
sudo chmod +x ./symdiag.run
sudo ./symdiag.run
- Follow the on-screen instructions.
SES Linux Agent (cloud managed)
Get Agent Info script can be used to collect SES Linux Agent logs. Run the following command from a terminal:
cd /opt/Symantec/sdcssagent/IPS/tools; ./getagentinfo.sh
SymDiag for macOS
SymDiag for macOS is not available. Instead, download one of the following:
- Download wssa-diag.sh for issues with WSS Agent or Unified Agent
- Download GatherSymantecInfo for issues with other Symantec products
Diagnostic .cloud for ProxySG
Additional diagnostic resources are available at Diagnostic .cloud for the following Network Protection products:
- ProxySG
SymDiag Viewer for Windows (2.1.304.11227)
- Download SymDiag Viewer for Windows.
Save the file to the Windows desktop. - On the Windows desktop, double-click the SymDiagViewer.msi icon.
- Follow the on-screen instructions to install the SymDiag Viewer
- Double click on any *.sdbz file and the file will be opened in the SymDiag Viewer
About SymDiag
The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic, and security analysis utility. SymDiag provides self-help support for Symantec product technical issues, zero-day threat analysis, best practice recommendations, and proactive services to customers.
If you require further assistance, SymDiag lowers the level of effort and increases efficiency by automating data gathering and support case submission.
Supported products
SymDiag supports the following Symantec products:
- Advanced Threat Protection (Linux)
- Auth Connector
- Authentication and Authorization Agent
- Data Center Security Management Server
- Data Insight
- Data Loss Prevention 11.0 and later
- Encryption Powered by PGP
- Endpoint Encryption
- Endpoint Protection 11.0 and later*
- Endpoint Protection Small Business Edition (.Cloud)
- Endpoint Protection Cloud
- Information Center Analytics
- Information Centric Tagging
- Mail Security for Microsoft Exchange 6.5.2 and later*
- Management Platform
- Optical Character Recognition
- Protection Engine
- Unified Agent/Web Security Service Agent
- VIP Access
- Web Cloud Protection
- Web Security Service
*SymDiag includes reporting on license status for this product. See About the Licensing Dashboard in SymDiag.
Supported operating systems
Windows
SymDiag runs on the same Windows operating systems that Symantec products that function with SymDiag support.
On Windows 2008 R2 Server Core, run SymDiag with the following command-line switch:
-net2
Linux
The following x86 and x64 Linux distributions are supported.
| Distribution | Minimum Version |
|---|---|
| RedHat Enterprise Linux | 6.5 |
| CentOS | 6.5 |
| Fedora | 16 |
| Oracle Linux | 6.5 |
| Debian | 6.0.5 |
| Ubuntu | 11.10 |
| SUSE | 11.0 |
| Novell Open Enterprise Server | 11.0 |
Command-line and remote deployment
SymDiag comes with many command-line parameters, and you can remotely deploy SymDiag.
- SymDiag command-line parameters
- Run SymDiag for Linux on Symantec Appliance
- Remotely Deploy SymDiag
- Deploy SymDiag using the Client Deployment Wizard in Endpoint Protection Manager
Self-help reporting
Before contacting Support, you can identify Symantec product issues, licensing status and identify best-practice configurations of your Symantec product. You can also attempt to identify suspicious files and start an investigation into whether they are zero-day threats.
- Self-Help Reporting
- Proactive Services - Best Practice Reporting
- Threat Analysis Scan
- Licensing Dashboard
Data collection for Support
You can run SymDiag on computers to produce self-help solutions, as well as collect data for support cases with Symantec.
- Data Collection for Support
- Debug Logging
- How can I collect debug logging data for a Symantec Support case?
- How can I use a wizard to collect debug logging data for a Symantec Support case?
- How can I use advanced debug logging options for the Symantec Endpoint Protection client?
- How can I configure command-line debug logging in SymDiag for Symantec Endpoint Protection?
Delivering data to Support
You should use SymDiag to gather data on relevant computers for support cases with Symantec. SymDiag lets you deliver that data directly into a new or existing support case.
- Data Delivery
Windows Root Certificate Requirement
SymDiag requires a root certificate to be auto installed by the Windows OS and that the OS supports SHA-2 code signing certificates. If these requirements are not met, SymDiag will display an error message of "Failed to launch Symantec Diagnostic Tool". This issue can be resolved by following the steps in the article Failed to launch Symantec Diagnostic Tool.
Release Notes
Build 2.1.304.11227 (01/27/2022)
| Issue key | Component | OS | Summary |
| SUPOPS-468 | Viewer | Windows | EO WebBrowser license error when using public decrypt server |
| SUPOPS-475 | SymDiag, Viewer | Windows | Not able to connect with reputation server |
Build 2.1.304.11224 (12/01/2021)
| Issue key | Component | OS | Summary |
| SUPOPS-420 | SEPM, Viewer | Windows | Recommended Log Retention table not displayed if there is a 'Not Available' value in the Recommended Entries column |
| SUPOPS-401 | SymDiag | Windows | Log the WPP ids when starting and stopping WPP logging |
| SUPOPS-402 | SEP | Windows | Capture the WPP Providers that SEP supports for that version |
| SUPOPS-419 | SED | Windows | Update system requirements kb link and version in string |
| SUPOPS-403 | SEP | Windows | Add missing WPP Providers |
| SUPOPS-372 | SEP, SEPM | Windows | Have a report which checks access to network services used by SEP / SEPM |
| SUPOPS-421 | SymDiag | Windows | Collect BitLocker information |
| SUPOPS-440 | SymDiag | Linux | Various errors are displayed when running SymDiag on Linux |
| SUPOPS-439 | SEP | Windows | Definition corruption report has an error for the NTRDefs for Sep 14.3 ru2 and higher |
| SUPOPS-425 | SEP | Windows | Collect Symantec Download Manager logs |
| SUPOPS-340 | SEPM | Windows | EP Proactive Service: Add Group Name to policy recommendation tables |
| SUPOPS-438 | SEPM | Windows | Capture security policy for troubleshooting ssl issues |
| SUPOPS-428 | SEP | Windows | Use SEP.ctl as source of WPP Providers |
| SUPOPS-416 | SymDiag | Windows | If set WPP's Logging's Total Drive Space > 4G, less than 4G of files will be kept |
| SUPOPS-433 | SEP, Viewer | Windows | Engines and definitions on Information page do not match SEP's troubleshooting output |
| SUPOPS-424 | SEP | Windows | Remove Symantec Endpoint Protection Cloud and Small Business Edition as they are past EOL |
| SUPOPS-446 | SEPM | Windows | Change the protection score's Antivirus text to Auto-Protect |
| SUPOPS-430 | SymDiag | Windows | Allow an opened .sdbz file to be attached to a case |
Build 2.1.302.1109 (10/05/2021)
| Issue key | Component | OS | Summary |
| SUPOPS-339 | SEP | Linux | EP 14.3 ru2 on Linux is not detected |
| SUPOPS-382 | SEP | Windows | SEP 14.0 EDR Definitions are reported as corrupt, but are not corrupt |
| SUPOPS-377 | SEP, SEPM | Windows | 14.3 RU3 GA release |
| SUPOPS-244 | SymDiag | Windows | After logging into Okta, a NGINX / OpenID Connect login failure is displayed |
| SUPOPS-385 | SymDiag | Windows | Update Unable to launch message with Windows Root Certificate requirement |
| SUPOPS-384 | SymDiag | Windows | Create KB for Windows Root Certificate Requirement |
Build 2.1.300.1106 (09/01/2021)
| Issue Id | Component | OS | Summary |
| SUPOPS-344 | Auth Connector | Windows | Collect bcca.ini, saml.ini, and sso.ini in BCCA install directory |
| SUPOPS-316 | DLP | Windows | Capture Microsoft Edge registry entries for ExtensionInstallForcelist and com.symantec.dlp |
| SUPOPS-329 | SEE | Windows | Update latest version for Encryption Management Server and Encryption Desktop |
| SUPOPS-345 | SEP | Windows | Encrypted data is not exported in decrypted format |
| SUPOPS-352 | SEP | Windows | Sep Security log is missing Intrusion-URL |
| SUPOPS-354 | SEPM Config Review | Windows | Proactive service scan did not save clients |
| SUPOPS-105 | SymDiag | Windows | Display the Google extension registry for both 32 and 64bit locations |
| SUPOPS-355 | SymDiag | Windows | Crash due to null reference in RecentLogsOnly |
| SUPOPS-358 | SymDiag | Windows | RootkitDetectionMode is not logged |
| SUPOPS-345 | Viewer | Windows | Encrypted data is not exported in decrypted format |
| SUPOPS-363 | WSS | Windows | Do not capture pcaps when collecting data for the wssservice product in silent (-s) mode |
| SUPOPS-337 | WSS | Windows | "File Saved" dialog is not brought to front when shown |
| SUPOPS-338 | WSS | Windows | No error displayed when saving to non-existent folder |
Build 2.1.298.1102 (07/08/2021)
| Issue Key | Component/s | OS | Summary |
| SUPOPS-223 | Viewer | Windows | Public SymDiag Decryption Service for Partners and Customers |
Build 2.1.298.1101 (06/30/2021)
| Issue Key | Component/s | OS | Summary |
| SUPOPS-272 | DLP | Linux | Improve detection of DLP 15.7 on Linux |
| SUPOPS-291 | DLP | Linux | Linux Max CPU speed is not correct, which impacts DLP Config review |
| SUPOPS-292 | DLP | Linux | DLP Config Review incorrectly checks the number of cpus |
| SUPOPS-275 | DLP | Windows, Linux | DLP 15.8 support |
| SUPOPS-165 | DLP | Windows | DLP Agent enable or disable ETW / ETL logging |
| SUPOPS-204 | DLP | Windows, Linux | DLP Enforce Protection Score shows as a decimal in the self-help report title |
| SUPOPS-271 | SEE | Windows | SEE 11.2.1 and less are EOS |
| SUPOPS-235 | SEE | Windows | Sql Server Express is not supported since see 11.2.1 mp1 |
| SUPOPS-201 | SEP | Windows | Extra columns in Parsed AV Logs view |
| SUPOPS-197 | SEP | Windows | Not collecting the MSI logs in %TEMP% from different profiles |
| SUPOPS-307 | SEP | Windows | In SEP AV Logs view, the Enhanced Outbreak Mode and Action Taken columns have _LT strings |
| SUPOPS-306 | SEP | Windows | In SEP AV Logs view, the First Seen column data are _LT strings |
| SUPOPS-110 | SymDiag | Windows | Threat Analysis root kit scan needs to tell user that the system needs to be rebooted to remove driver |
| SUPOPS-172 | Viewer | Windows | When filtering Windows Events using the description column, it can take a long time to display the pick box or will hang |
| SUPOPS-122 | Viewer | Windows | Displaying 13K files in file explorer is slow and leaks 25M |
| SUPOPS-297 | WSS | Windows | Remove "Unified Agent" from product selection when neither are installed |
| SUPOPS-294 | WSS | Windows | -limiteddata option is not working when using -forsupport in the command line |
| SUPOPS-219 | WSS | Windows | Not gathering additional files when debugging WSS Agent |
Build 2.1.296.1094 (05/13/2021)
| Key | Component/s | OS | Summary |
| SUPOPS-230 | SEP | Windows | Collect Local GPO info |
| SUPOPS-242 | SEP | Windows | EP information tab, Serial Number is not showing the serial number |
| SUPOPS-225 | SEP | Windows | Proactive Threat Protection Truscan state is unknown |
| SUPOPS-108 | SEP | Windows | Symdiag Reports SEP Firewall & SymTDI is not configured properly |
| SUPOPS-109 | SEP | Windows | Symdiag reports IPS is inconclusive |
| SUPOPS-216 | SEP | Windows | In Endpoint Protection Client Summary, the S3 Server is listed |
| SUPOPS-45 | SEP, SEPM | Windows | EP 14.3 RU1 MP1 released |
| SUPOPS-255 | SEP, SEPM | Windows | EP 14.3-RU2 released |
| SUPOPS-168 | SEP, Viewer | Windows | Remove EpClient exceptions from Information tab and encrypt them |
| SUPOPS-61 | SEPM | Windows | Incorrect Database Version in Information Report |
| SUPOPS-51 | SymDiag | Windows | Error message "Failed to create temporary folder" needs more data for the failure |
| SUPOPS-60 | SymDiag | Windows | Capture Device Guard settings |
| SUPOPS-260 | SymDiag | Windows | Temporarily disable case attachment |
| SUPOPS-174 | Viewer | Windows | SymDiag Decryption Service UI Control |
| SUPOPS-59 | Viewer | Windows | Viewer indicates what information has been encrypted |
| SUPOPS-222 | Viewer | Windows | Make Viewer public |
| SUPOPS-47 | WSS | Windows | Update etl2pcapng to version 1.5 |
| SUPOPS-63 | WSS | Windows | Run "BNS Curl" command when gathering data |
| SUPOPS-64 | WSS | Windows | Enable WSS Service debug logging by default |
Build 2.1.292.876 (03/01/2021)
| Issue Key | Component | OS | Summary |
| SAD-908 | DLP | Windows, Linux | Update DLP config review text from feedback |
| SAD-1109 | SED | Windows | Encryption Desktop 10.5 MP1 released |
| SAD-1064 | SEP | Windows | SMR521.SYS is installed when an EP Client scan is done |
| SAD-1084 | SEP | Windows | SEP 14.3 Debug logs are not created |
| SAD-1098 | SEP | Windows | Add EP 14.3 WPP Providers |
| SAD-967 | SEPM | Windows | Not saving the output of exec sp_who2 on Sql Server/Express |
| SAD-1111 | SEPM | Windows | SEPM Client/Server Distribution table does not list all domains |
| SAD-1100 | SEPM | Windows | SEPM Config Review Protection Technology Summary needs to be last 30 days |
| SAD-1082 | SEPM | Windows | Update urls in the SEP Config Review |
| SAD-1081 | SymDiag | Windows | SymDiag exits after collecting data for support with an EO.WebBrowser exception |
| SAD-1112 | SymDiag | Linux | Remove the Symantec Mail Gateway (SMG) product |
| SAD-1078 | SymDiag | Windows | Add Chrome Browser information for OS collection |
Build 2.1.290 (02/02/2021)
| Issue key | Component | Summary |
| SAD-886 | CWP | CWP: Integrate CAF data & Azure VM Extension log collection |
| SAD-968 | DLP | Enforce and Detection server reports do not allow user to fix date issue |
| SAD-1025 | SED | SED Service report errors if SEE is also installed |
| SAD-1029 | SEE | Change SEE version from File Version to Product Version |
| SAD-1008 | SEE | SEE 11.3.1 is latest version |
| SAD-1032 | SEP | SEP Security Log does not show INTRUSION-URL nor X-INTRUSION-PAYLOAD-URL |
| SAD-1005 | SEP | [RU1 Refresh] Symdiag reports SDS Defs are corrupt when ADVML is enabled on agent |
| SAD-1056 | SEPM | SEPM Config Review has some OS entries of None which are Mac OSes |
| SAD-1016 | SEPM | SEPM Config Review Finding tables show "No Data" |
| SAD-1007 | SEPM | SEPM Protection Overview section 4 charts are correct, but the table below them are not correct |
| SAD-1002 | SEPM | SEP Protection Overview tables empty despite having data in the graphs |
| SAD-957 | SEPM | For Sep Config Review, the Log Size recommendation will show the data used to reach the conclusion |
| SAD-1004 | SymDiag | Remove SHA-1 cert as SHA-1 timestamp server has shutdown on 1/1/2021 |
Build 2.1.288 (12/17/2020)
Issue Component Summary
SAD-988 SEE Encryption Desktop latest version needs to be updated
SAD-982 SEP WPP Reboot debugging may error that it is unable to stop wpp logging
SAD-977 WSS If select to collect additional files, then select a product to debug, you will not be prompted for the additional files
SAD-971 WSS Error dialog if no network data was captured
SAD-970 WSS When debugging the WSS Service, "Are you finished" prompt is not displayed
SAD-992 Not collecting LiveUpdate logs and settings
SAD-990 It takes 1 minute for the product plugins to load
Build 2.1.286 (12/09/2020)
SAD-959 Update for SEP 14.3 RU1
SAD-926 Command line option to update and then exit
SAD-925 Command line option to specify debug time
SAD-917 WSS Health check for network connectivity
SAD-904 Memory leak by SES Config Review during Findings review process
SAD-903 Slow collection of SES Config Review when there is a large number of clients with old IPS, AV or scans
SAD-895 Viewing a large SES Proactive Service can run the system out of memory
SAD-889 The output when running an external command is displayed
SAD-859 Add System Uptime to the System Information under information tab
SAD-858 Provide "Quick Fix" for missing SSL interception certificate
SAD-857 Collect additional files after debug tests are run
SAD-856 Ability to capture PCAPs using `net trace`
SAD-842 SymDiag will not collect SEP uninstall logs.
SAD-757 launch64.exe is not signed
SAD-205 [Wss Agent] Windows licensing status
SAD-204 [WSS Agent]SymDiag Feature Request: Detect test signing mode
Related terms: symhelp, symhelpexe,symantec help
Feedback
