ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Download SymDiag to detect product issues


Article ID: 155115


Updated On:


Symantec Products


Download and learn about SymDiag the Symantec Diagnostic Tool which identifies common issues and gathers data / logs for support-assisted troubleshooting.


Download SymDiag

SymDiag for Windows (2.1.302)

  1. Download SymDiag for Windows.
    Save the file to the Windows desktop.
  2. On the Windows desktop, double-click the SymDiag.exe icon.
  3. Follow the on-screen instructions or consult the Table of Contents below to find further instructions for using SymDiag depending on what you want to accomplish with SymDiag

SymDiag for Linux (2.1.1109)

The method used to gather logs on a Linux system is dependent upon whether the SEP for Linux client  or the SES Linux Agent is being used.  

SEP for Linux (On-prem install)

  1. Download SymDiag for Linux.
    Right-click this link and choose "Save Target As" or "Save Link As".
  2. Save to a directory on the computer.
  3. Mark the file as executable to run as superuser.

    sudo chmod +x ./
    sudo ./

  4. Follow the on-screen instructions.

SES Linux Agent (cloud managed)

Get Agent Info script can be used to collect SES Linux Agent logs.  Run the following command from a terminal:

cd /opt/Symantec/sdcssagent/IPS/tools; ./


SymDiag for macOS

SymDiag for macOS is not available. Instead, download one of the following:

  1. Download for issues with WSS Agent or Unified Agent
  2. Download GatherSymantecInfo for issues with other Symantec products

Diagnostic .cloud for ProxySG

Additional diagnostic resources are available at Diagnostic .cloud for the following Network Protection products:

  • ProxySG

SymDiag Viewer for Windows (2.1.300)

  1. Download SymDiag Viewer for Windows.
    Save the file to the Windows desktop.
  2. On the Windows desktop, double-click the SymDiagViewer.msi icon.
  3. Follow the on-screen instructions to install the SymDiag Viewer
  4. Double click on any *.sdbz file and the file will be opened in the SymDiag Viewer

About SymDiag

The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic, and security analysis utility. SymDiag provides self-help support for Symantec product technical issues, zero-day threat analysis, best practice recommendations, and proactive services to customers.

If you require further assistance, SymDiag lowers the level of effort and increases efficiency by automating data gathering and support case submission.

Supported products

SymDiag supports the following Symantec products:

  • Advanced Threat Protection (Linux)
  • Auth Connector
  • Authentication and Authorization Agent
  • Data Center Security Management Server
  • Data Insight
  • Data Loss Prevention 11.0 and later
  • Encryption Powered by PGP
  • Endpoint Encryption
  • Endpoint Protection 11.0 and later*
  • Endpoint Protection Small Business Edition (.Cloud)
  • Endpoint Protection Cloud
  • Information Center Analytics
  • Information Centric Tagging
  • Mail Security for Microsoft Exchange 6.5.2 and later*
  • Management Platform
  • Optical Character Recognition
  • Protection Engine
  • Unified Agent/Web Security Service Agent
  • VIP Access
  • Web Cloud Protection
  • Web Security Service

*SymDiag includes reporting on license status for this product. See About the Licensing Dashboard in SymDiag.

Supported operating systems


SymDiag runs on the same Windows operating systems that Symantec products that function with SymDiag support.

On Windows 2008 R2 Server Core, run SymDiag with the following command-line switch:



The following x86 and x64 Linux distributions are supported.

Distribution Minimum Version
RedHat Enterprise Linux 6.5
CentOS 6.5
Fedora 16
Oracle Linux 6.5
Debian 6.0.5
Ubuntu 11.10
SUSE 11.0
Novell Open Enterprise Server 11.0


Command-line and remote deployment

SymDiag comes with many command-line parameters, and you can remotely deploy SymDiag.

Self-help reporting

Before contacting Support, you can identify Symantec product issues, licensing status and identify best-practice configurations of your Symantec product. You can also attempt to identify suspicious files and start an investigation into whether they are zero-day threats.

Data collection for Support

You can run SymDiag on computers to produce self-help solutions, as well as collect data for support cases with Symantec.

Delivering data to Support

You should use SymDiag to gather data on relevant computers for support cases with Symantec. SymDiag lets you deliver that data directly into a new or existing support case.

Windows Root Certificate Requirement

SymDiag requires a root certificate to be auto installed by the Windows OS and that the OS supports SHA-2 code signing certificates.  If these requirements are not met, SymDiag will display an error message of "Failed to launch Symantec Diagnostic Tool".  This issue can be resolved by following the steps in the article Failed to launch Symantec Diagnostic Tool.

Release Notes

Build 2.1.302.1109 (10/05/2021) 

Issue key Component OS Summary
SUPOPS-339 SEP Linux EP 14.3 ru2 on Linux is not detected
SUPOPS-382 SEP Windows SEP 14.0 EDR Definitions are reported as corrupt, but are not corrupt
SUPOPS-377 SEP, SEPM Windows 14.3 RU3 GA release
SUPOPS-244 SymDiag Windows After logging into Okta, a NGINX / OpenID Connect login failure is displayed
SUPOPS-385 SymDiag Windows Update Unable to launch message with Windows Root Certificate requirement
SUPOPS-384 SymDiag Windows Create KB for Windows Root Certificate Requirement

Build 2.1.300.1106 (09/01/2021) 

Issue Id Component OS Summary
SUPOPS-344 Auth Connector Windows Collect bcca.ini, saml.ini, and sso.ini in BCCA install directory
SUPOPS-316 DLP Windows Capture Microsoft Edge registry entries for ExtensionInstallForcelist and
SUPOPS-329 SEE Windows Update latest version for Encryption Management Server and Encryption Desktop
SUPOPS-345 SEP Windows Encrypted data is not exported in decrypted format
SUPOPS-352 SEP Windows Sep Security log is missing Intrusion-URL
SUPOPS-354 SEPM Config Review Windows Proactive service scan did not save clients
SUPOPS-105 SymDiag Windows Display the Google extension registry for both 32 and 64bit locations
SUPOPS-355 SymDiag Windows Crash due to null reference in RecentLogsOnly
SUPOPS-358 SymDiag Windows RootkitDetectionMode is not logged
SUPOPS-345 Viewer Windows Encrypted data is not exported in decrypted format
SUPOPS-363 WSS Windows Do not capture pcaps when collecting data for the wssservice product in silent (-s) mode
SUPOPS-337 WSS Windows "File Saved" dialog is not brought to front when shown
SUPOPS-338 WSS Windows No error displayed when saving to non-existent folder

Build (07/08/2021) 

Issue Key Component/s OS Summary
SUPOPS-223 Viewer Windows Public SymDiag Decryption Service for Partners and Customers

Build (06/30/2021) 

Issue Key Component/s OS Summary
SUPOPS-272 DLP Linux Improve detection of DLP 15.7 on Linux
SUPOPS-291 DLP Linux Linux Max CPU speed is not correct, which impacts DLP Config review
SUPOPS-292 DLP Linux DLP Config Review incorrectly checks the number of cpus
SUPOPS-275 DLP Windows, Linux DLP 15.8 support
SUPOPS-165 DLP Windows DLP Agent enable or disable ETW / ETL logging
SUPOPS-204 DLP Windows, Linux DLP Enforce Protection Score shows as a decimal in the self-help report title
SUPOPS-271 SEE Windows SEE 11.2.1 and less are EOS
SUPOPS-235 SEE Windows Sql Server Express is not supported since see 11.2.1 mp1
SUPOPS-201 SEP Windows Extra columns in Parsed AV Logs view
SUPOPS-197 SEP Windows Not collecting the MSI logs in %TEMP% from different profiles
SUPOPS-307 SEP Windows In SEP AV Logs view, the Enhanced Outbreak Mode and Action Taken columns have _LT strings
SUPOPS-306 SEP Windows In SEP AV Logs view, the First Seen column data are _LT strings
SUPOPS-110 SymDiag Windows Threat Analysis root kit scan needs to tell user that the system needs to be rebooted to remove driver
SUPOPS-172 Viewer Windows When filtering Windows Events using the description column, it can take a long time to display the pick box or will hang
SUPOPS-122 Viewer Windows Displaying 13K files in file explorer is slow and leaks 25M
SUPOPS-297 WSS Windows Remove "Unified Agent" from product selection when neither are installed
SUPOPS-294 WSS Windows -limiteddata option is not working when using -forsupport in the command line
SUPOPS-219 WSS Windows Not gathering additional files when debugging WSS Agent

Build (05/13/2021) 

Key Component/s OS Summary
SUPOPS-230 SEP Windows Collect Local GPO info
SUPOPS-242 SEP Windows EP information tab, Serial Number is not showing the serial number
SUPOPS-225 SEP Windows Proactive Threat Protection Truscan state is unknown
SUPOPS-108 SEP Windows Symdiag Reports SEP Firewall & SymTDI is not configured properly
SUPOPS-109 SEP Windows Symdiag reports IPS is inconclusive
SUPOPS-216 SEP Windows In Endpoint Protection Client Summary, the S3 Server is listed
SUPOPS-45 SEP, SEPM Windows EP 14.3 RU1 MP1 released
SUPOPS-255 SEP, SEPM Windows EP 14.3-RU2 released
SUPOPS-168 SEP, Viewer Windows Remove EpClient exceptions from Information tab and encrypt them
SUPOPS-61 SEPM Windows Incorrect Database Version in Information Report
SUPOPS-51 SymDiag Windows Error message "Failed to create temporary folder" needs more data for the failure
SUPOPS-60 SymDiag Windows Capture Device Guard settings
SUPOPS-260 SymDiag Windows Temporarily disable case attachment
SUPOPS-174 Viewer Windows SymDiag Decryption Service UI Control
SUPOPS-59 Viewer Windows Viewer indicates what information has been encrypted
SUPOPS-222 Viewer Windows Make Viewer public
SUPOPS-47 WSS Windows Update etl2pcapng to version 1.5
SUPOPS-63 WSS Windows Run "BNS Curl" command when gathering data
SUPOPS-64 WSS Windows Enable WSS Service debug logging by default

Build (03/01/2021) 

Issue Key Component OS Summary
SAD-908 DLP Windows, Linux Update DLP config review text from feedback
SAD-1109 SED Windows Encryption Desktop 10.5 MP1 released
SAD-1064 SEP Windows SMR521.SYS is installed when an EP Client scan is done
SAD-1084 SEP Windows SEP 14.3 Debug logs are not created
SAD-1098 SEP Windows Add EP 14.3 WPP Providers
SAD-967 SEPM Windows Not saving the output of exec sp_who2 on Sql Server/Express
SAD-1111 SEPM Windows SEPM Client/Server Distribution table does not list all domains 
SAD-1100 SEPM Windows SEPM Config Review Protection Technology Summary needs to be last 30 days
SAD-1082 SEPM Windows Update urls in the SEP Config Review
SAD-1081 SymDiag Windows SymDiag exits after collecting data for support with an EO.WebBrowser exception
SAD-1112 SymDiag Linux Remove the Symantec Mail Gateway (SMG) product
SAD-1078 SymDiag Windows Add Chrome Browser information for OS collection

Build 2.1.290 (02/02/2021) 

Issue key Component Summary
SAD-886 CWP CWP: Integrate CAF data & Azure VM Extension log collection
SAD-968 DLP Enforce and Detection server reports do not allow user to fix date issue
SAD-1025 SED SED Service report errors if SEE is also installed
SAD-1029 SEE Change SEE version from File Version to Product Version
SAD-1008 SEE SEE 11.3.1 is latest version
SAD-1005 SEP [RU1 Refresh] Symdiag reports SDS Defs are corrupt when ADVML is enabled on agent
SAD-1056 SEPM SEPM Config Review has some OS entries of None which are Mac OSes
SAD-1016 SEPM SEPM Config Review Finding tables show "No Data"
SAD-1007 SEPM SEPM Protection Overview section 4 charts are correct, but the table below them are not correct
SAD-1002 SEPM SEP Protection Overview tables empty despite having data in the graphs
SAD-957 SEPM For Sep Config Review, the Log Size recommendation will show the data used to reach the conclusion
SAD-1004 SymDiag Remove SHA-1 cert as SHA-1 timestamp server has shutdown on 1/1/2021

Build 2.1.288 (12/17/2020)

Issue        Component Summary
SAD-988  SEE            Encryption Desktop latest version needs to be updated
SAD-982  SEP            WPP Reboot debugging may error that it is unable to stop wpp logging
SAD-977  WSS           If select to collect additional files, then select a product to debug, you will not be prompted for the additional files
SAD-971  WSS           Error dialog if no network data was captured
SAD-970  WSS           When debugging the WSS Service, "Are you finished" prompt is not displayed
SAD-992                     Not collecting LiveUpdate logs and settings
SAD-990                     It takes 1 minute for the product plugins to load

Build 2.1.286 (12/09/2020)

SAD-959 Update for SEP 14.3 RU1
SAD-926 Command line option to update and then exit
SAD-925 Command line option to specify debug time
SAD-917 WSS Health check for network connectivity
SAD-904 Memory leak by SES Config Review during Findings review process
SAD-903 Slow collection of SES Config Review when there is a large number of clients with old IPS, AV or scans
SAD-895 Viewing a large SES Proactive Service can run the system out of memory
SAD-889 The output when running an external command is displayed
SAD-859 Add System Uptime to the System Information under information tab
SAD-858 Provide "Quick Fix" for missing SSL interception certificate
SAD-857 Collect additional files after debug tests are run
SAD-856 Ability to capture PCAPs using `net trace`
SAD-842 SymDiag will not collect SEP uninstall logs.
SAD-757 launch64.exe is not signed
SAD-205 [Wss Agent] Windows licensing status
SAD-204 [WSS Agent]SymDiag Feature Request: Detect test signing mode


Related terms: symhelp, symhelpexe,symantec help