Products

Advanced Threat Protection Platform Data Center Security Server Data Insight for DLP Data Loss Prevention Endpoint Encryption Endpoint Protection Endpoint Protection Small Business Edition (Cloud) Endpoint Protection Cloud Information Centric Tagging Protection Engine for NAS Protection Engine for Cloud Services Cloud Secure Web Gateway - Cloud SWG Symantec Identity Security Platform - IDSP (formerly VIP Authentication Hub) Generic Non Product Support Portal Global Customer Assistance

Issue/Introduction

Download and learn about SymDiag — The Symantec Diagnostic Tool — which identifies common issues and gathers data / logs for support-assisted troubleshooting.

This article contains information about Version 2 of SymDiag. For SymDiag Version 3, click here.

Environment

Use SymDiag Version 2 (v2) for products listed in this table.

Endpoint Security	Information Security	Network Security	Additional Products
Endpoint Protection 14.3.x Endpoint Security 14.3.x Endpoint Encryption Encryption Powered by PGP Enterprise Agent Data Center Security Agent Protection Engine Advanced Threat Protection (Linux)	Data Loss Prevention 11.0 and later	Web Cloud Protection Web Gateway Web Security Service Unified Agent/Web Security Service Agent	Optical Character Recognition Auth Connector Authentication and Authorization Agent Data Insight Information Center Analytics Information Centric Tagging Mail Security for Microsoft Exchange 6.5.2 and later* Management Platform VIP Access

For products listed below, visit the SymDiag Version 3 (v3) article.

Endpoint Security	Information Security	Network Security	Additional Products
Endpoint Security Agent v2.5 Endpoint Protection 16 (SEP 16) Endpoint Protection 14.3.x Endpoint Security 14.3.x Protection Engine Agent and Console	Data Loss Prevention	Cloud SWG v10 WSS

Additional Notes

Both SymDiag v2 and v3 can be used to gather data for Endpoint Protection 14.3.x and Endpoint Security 14.3.x.

Resolution

Download SymDiag

SymDiag for Windows (2.1.324.11293)

Download SymDiag for Windows.
Save the file to the Windows desktop.
On the Windows desktop, double-click the SymDiag.exe icon.
Follow the on-screen instructions or consult the Table of Contents below to find further instructions for using SymDiag depending on what you want to accomplish with SymDiag

SymDiag for Linux (2.1.11285)

DLP

Use SymDiag.run for gathering data for the DLP linux agent. For the SEP/SES/DCS Linux agent, see the next section.

Download SymDiag for Linux.
Right-click this link and choose "Save Target As" or "Save Link As".
Save SymDiag.run to a directory on the computer.
Mark the file as executable to run as superuser
sudo chmod +x ./symdiag.run
sudo ./symdiag.run
Follow the on-screen instructions

SEP/SES/DCS Linux Agent

Use the built-in Get Agent Info script to collect SEP, SES or DCS agent logs. For DLP linux agents, use SymDiag.run (above)

Run the following command from a terminal:

cd /opt/Symantec/sdcssagent/IPS/tools; ./getagentinfo.sh

SymDiag for macOS

SymDiag for macOS is not available. Instead, download one of the following:

Download wssa-diag.sh for issues with WSS Agent or Unified Agent
Download GatherSymantecInfo for issues with other Symantec products

Diagnostic .cloud for Edge Secure Web Gateway (formerly ProxySG)

Additional diagnostic resources are available at Diagnostic .cloud for the following Network Protection products:

Edge Secure Web Gateway (formerly ProxySG)

About SymDiag

The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic, and security analysis utility. SymDiag provides self-help support for Symantec product technical issues, zero-day threat analysis, best practice recommendations, and proactive services to customers.

If you require further assistance, SymDiag lowers the level of effort and increases efficiency by automating data gathering and support case submission.

Supported products

See the Environment section of this article for Supported products.

Supported operating systems

Windows

SymDiag runs on the same Windows operating systems that Symantec products that function with SymDiag support.

On Windows 2008 R2 Server Core, run SymDiag with the following command-line switch:

-net2

Command-line and remote deployment

SymDiag comes with many command-line parameters, and you can remotely deploy SymDiag.

Self-help reporting

Before contacting Support, you can identify Symantec product issues, licensing status and identify best-practice configurations of your Symantec product. You can also attempt to identify suspicious files and start an investigation into whether they are zero-day threats.

What is "Check VIP Server Connectivity with SymDiag"?

Proactive Services - Best Practice Reporting

How can I run a Proactive Services - Protection Overview report in SymDiag?

Threat Analysis Scan

Licensing Dashboard

Data collection for Support

You can run SymDiag on computers to produce self-help solutions, as well as collect data for support cases with Symantec.

How can I use SymDiag to collect data for a Symantec Support case?

Debug Logging

Delivering data to Support

Use SymDiag to gather data on relevant computers for support cases with Symantec. SymDiag lets you deliver that data directly into a new or existing support case.

Windows Root Certificate Requirement

SymDiag requires a root certificate to be auto installed by the Windows OS and that the OS supports SHA-2 code signing certificates.

If these requirements are not met, SymDiag will display an error message of "Failed to launch Symantec Diagnostic Tool".

This issue can be resolved by following the steps in the article Failed to launch Symantec Diagnostic Tool.

SymDiag Viewer for Windows

Current Version: 2.1.324.11291

Download SymDiag Viewer for Windows.
Save the file to the Windows desktop.
On the Windows desktop, double-click the SymDiagViewer.msi icon.
Follow the on-screen instructions to install the SymDiag Viewer
Double click on any *.sdbz file and the file will be opened in the SymDiag Viewer

Related terms: symhelp, symhelpexe, symantec help

Additional Information

Release Notes

Build 2.1.324.11293 (02/07/2025) - SymDiag

Key	Component/s	Summary
SUPOPS-1608	SEP	SEP SDS defs are listed twice in the definition report
SUPOPS-1610	SEP	Collect ccSettings GEH sections
SUPOPS-1581	SymDiag	Remove Licensing Overview Panel information
SUPOPS-1583	SymDiag	Identify Server 2025
SUPOPS-923	WSS	Ensure windows capture driver loaded for netsh

Build 2.1.324.11291 (02/07/2025) - Viewer

Key	Component/s	Summary
SUPOPS-1082	SEPM Config Review	Update SONAR high risk detection information
SUPOPS-1581	Viewer	Remove Licensing Overview Panel information

Build 2.1.322.11287 (08/19/2024)

Key	Component/s	Summary
SUPOPS-895	SymDiag	Remove debug message for download failure
SUPOPS-1104	SymDiag	Null value in ScDeviceGuard.SetDeviceGuard
SUPOPS-1093	SymDiag	Remove v2 reports that are not used in v3
SUPOPS-1359	WSS	Pickup new files wss-agent-routing-*.log

Build 2.1.320.11285 (10/31/2023)

Key	Component/s	OS	Summary
SUPOPS-880	SymDiag, Viewer	All	Unable to update to newer versions
SUPOPS-882	SymDiag	Windows	Remove uploading to a Wolken case
SUPOPS-869	Viewer	Windows	Change Viewer Menu location
SUPOPS-726	SEP, SEPM	Windows	Update version checking for 14.3 RU7 and RU8
SUPOPS-810	PE	Windows	Unable to detect PE if symcscan service ImagePath has -debug
SUPOPS-883	DLP	Windows	Database is locked error is logged after testing DLP Enforce password
SUPOPS-735	DLP	Windows	Incorrect version of DLP detected after upgrade

Build 2.1.318.11278 (06/14/2023)

Key	Component/s	OS	Summary
SUPOPS-423	SED	Windows	Collect the encryption status of PGP
SUPOPS-422	SEE	Windows	Collect the encryption status of SEE
SUPOPS-661	SEP	Windows	Add additional logging details to the error "Unable to validate ccSettings database"
SUPOPS-700	SEP	Windows	Add Edge Browser Extension related info
SUPOPS-725	SEP	Windows	Add SETTDAD-TRAPS wpp provider with a default of disabled
SUPOPS-664	SEPM Config Review	Windows	Protection Overview has sections that only show 52 rows. Display the full data in the Viewer.
SUPOPS-636	SymDiag	Windows	Capture native/wow64 registry key and values from ...\Windows NT\CurrentVersion\AeDebug

Build 2.1.316.11253 (01/30/2023)

Key	Component/s	OS	Summary
SUPOPS-632	DLP	Windows	Unable to parse DLP version from path that has a number in a sub directory
SUPOPS-627	DLP	Windows	Capture the Data Loss Prevention registry key and values
SUPOPS-580	DLP	Linux	Update for DLP 16 Linux release
SUPOPS-607	DLP, Viewer	Windows	Update Symantec articles in section 6.3.10 JAVA Memory Settings to a newer kb
SUPOPS-603	DLP, Viewer	Windows	Old Oracle server information
SUPOPS-604	DLP, Viewer	Windows	Remove Processor Speed findings for Enforce and Detection servers
SUPOPS-606	SEP	Windows	Update url responses for report checking if SEP Symantec servers are working.
SUPOPS-605	SEP	Windows	Remove 'Symantec Endpoint Protection (Small Business Edition)' entries from Search Kbs and Product landing sites
SUPOPS-585	SEPM	Windows	SEPM report for configured ports is incorrect for custom port
SUPOPS-619	SMSMSE	Windows	Exchange build numbers of 15.x are not mapped to correct Exchange versions
SUPOPS-608	SymDiag	Windows	Command line option debuglog filepath does not create log file in filepath
SUPOPS-631	SymDiag	Windows	Collect all reg values from Windows NT\CurrentVersion
SUPOPS-628	SymDiag	Windows	Pickup the latest etl2pcapng
SUPOPS-609	SymDiag	Windows	Null exception in SelectProductVM.CheckMatchingProducts
SUPOPS-630	SymDiag	Windows	Collect HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

Build 2.1.314.11248 (11/11/2022)

Key	Component/s	OS	Summary
SUPOPS-601	DLP	Windows	Update System requirements for supported OSes
SUPOPS-602	DLP	Windows	Update versions for 16
SUPOPS-597	SEP, SEPM	Windows	Update for 14.3 RU6 release
SUPOPS-598	SEP, SEPM	Windows	Update System Requirements for newer versions of Windows
SUPOPS-299	SEP, WSS	Windows	Collect "verbose" data for NTR by default
SUPOPS-584	SEP, WSS	Windows	NTR trace logs not included if it is disabled
SUPOPS-595	SEP, WSS	Windows	When Ntr runs collection of ipconfig and nslookup, the command does not exist
SUPOPS-590	SEP, WSS	Windows	Report RHC_ProtectionStatus is not run when NTR is enabled
SUPOPS-589	SEP, WSS	Windows	BNS Connection is not collected when NTR is enabled
SUPOPS-600	SEP, WSS	Windows	If NTR is installed and disabled, exception when checking pac file integrity is logged
SUPOPS-591	SEP, WSS	Windows	WssLatency is not collected when NTR is enabled
SUPOPS-599	SEP, WSS	Windows	If NTR is installed and disabled, exception getting NTR latency is logged
SUPOPS-593	SEP, WSS	Windows	Change Latency results from a text file to a DbVar and display in view ...\Other Data\Latency
SUPOPS-588	SEPM Config Review	Windows	Add Windows Vista to Config Review's Legacy Windows report
SUPOPS-499	SymDiag	Linux	Collect Linux commands into a table for setting up SUDO permissions

Build 2.1.312.11245 (10/04/2022)

Key	Component/s	OS	Summary
SUPOPS-583	SEP	Windows	Scan hangs if xml value is not found when running GetPolicyClientControlMode
SUPOPS-514	SEP	Windows	WPP logging fails to initialize due to existing file
SUPOPS-507	SEP	Windows	Display Final GEH exceptions from ccSettings as a list
SUPOPS-568	SEP	Windows	Add SETDAD_MINIDM_WPP_GUID to WPP list
SUPOPS-570	SEP	Windows	Collect SEPInstallTraceSession.etl for SEP Windows
SUPOPS-579	SEP	Windows	Cloud Client warns that feature is in mixed mode
SUPOPS-578	SEP	Windows	Exception in WtrInformation when accessing database in background thread
SUPOPS-582	SEP,SEPM	Windows	Update version for Sep 14.3 RU5 (Refresh 2) release
SUPOPS-365	SEPM	Windows	SEPM Top 5 intrusion query errors with an arithmetic overflow error converting expression to data type int
SUPOPS-553	SMSMSE	Windows	Collect permissions for folders and registry
SUPOPS-552	SMSMSE	Windows	Update for SMSE 7.09 and 7.10
SUPOPS-565	SMSMSE	Windows	Add SMSMSE Quar Admins to Console Permission report checks
SUPOPS-566	SMSMSE	Windows	.Net v4.8 is reported as an error for SMSMSE requirements report
SUPOPS-540	SPE	Windows	Add CSAPI logging to SPE Windows
SUPOPS-535	SPE	Windows	Add WPP logging to SPE Windows
SUPOPS-554	SymDiag	Windows	Exception in Symantec.Diag.Ui.Net3.AppUi3..cctor
SUPOPS-557	SymDiag	Windows	If SymDiag is running in silent mode and it is not able to verify the certificates, a UI error is displayed
SUPOPS-555	SymDiag	Windows	Update copyrights
SUPOPS-574	SymDiag	Windows	Exception when parsing SID names

Build 2.1.310.11238 (08/11/2022)

Key	Component/s	OS	Summary
SUPOPS-538	SEP	Windows	Exception if Cloud Server connection, but no cloud policies
SUPOPS-533	SEP	Windows	SEP 14.3 RU5 Cloud API to get policies fails
SUPOPS-551	SEP	Windows	SymDiag does not collect debug and wpp logs when using the -s -enable command line options
SUPOPS-530	SEP, SEPM	Windows	Add 14.3 RU5 refresh as new version for SEP
SUPOPS-503	SEPM	Windows	Error converting data type nvarchar to numeric when collecting information about a sep client
SUPOPS-527	SPE	Windows	Update SPE OS requirements for System Requirements report
SUPOPS-542	SPE	Windows	Collect Stargate logs for v8.2
SUPOPS-543	SPE	Windows	For service report, remove symcmicrodefsmgr if 8.2 or greater
SUPOPS-544	SPE	Windows	Remove 7.8 from install requirement strings
SUPOPS-545	SPE	Windows	Remove excess spaces from PE's file version
SUPOPS-546	SPE	Windows	Collect Common Agent Framework files
SUPOPS-528	SPE	Windows	Update SPE supported versions for latest version report
SUPOPS-532	SymDiag	Windows	Collect Internet Settings from the registry
SUPOPS-550	WSS	Windows	The WSS SSL Root Certificate report incorrectly reports that the certificate is not installed if more than 1 certificate is installed

Build 2.1.308.11236 (06/21/2022)

Key	Component/s	OS	Summary
SUPOPS-530	SEP, SEPM	Windows	Add 14.3 RU5 as new version for SEP. NOTE: 2.1.308 is required for full support of SEP 14.3 RU5. Earlier versions may not collect all SEP data, have report errors and not enable SEP debugging.

Build 2.1.308.11235 (06/07/2022)

Key	Component/s	OS	Summary
SUPOPS-153	DLP	Windows	DLP Agent enable / disable FINEST logging
SUPOPS-484	DLP	Windows	Add etw guids for vrtam.sys and vnwcd.sys
SUPOPS-520	DLP, Viewer	Windows	Update Enforce Oracle Server version information in config review
SUPOPS-510	SED	Windows	Latest versions of Endpoint Encryption and Encryption Desktop
SUPOPS-525	SEE	Windows	Win Server 2019 is reported as not supported for see
SUPOPS-524	SEE	Windows	Endpoint Encryption Management Server reports CLRtypes not installed when they are.
SUPOPS-470	SEP	Windows	Collect additional hardening files for RU4
SUPOPS-513	SEP	Windows	Unexpected installation report error
SUPOPS-526	SEP	Windows	SymDiag exits while running ScCloudPolicyVersions script command
SUPOPS-495	SEP	Windows	Change how SEP Information Features are displayed. Now shown as Features and as Protections
SUPOPS-489	SEP	Windows	Parse SEP 14.3 RU4 Application Hardening log (AsrMan.log)
SUPOPS-488	SEPM	Windows	Proactive and Config Review report an error when checking on the latest version
SUPOPS-494	SymDiag	Windows	MSI Applications missing apps that are only in Uninstall key
SUPOPS-485	SymDiag	Windows	When Sql Server is not installed, try to collect install log files
SUPOPS-511	SymDiag	Windows	Update 3rd party software
SUPOPS-506	WSS	Windows	WSS Pac file is not downloaded

Build 2.1.306.11230 (02/07/2022)

Issue key	Component	OS	Summary
SUPOPS-478	DLP	Windows	Update DLP Version
SUPOPS-173	DLP	Windows	Collect Debug Output Strings for DLP
SUPOPS-447	DLP	Windows	Unable to identify Enforce version when installed to a custom directory
SUPOPS-459	SED	Windows	SED 10.5 MP3 released
SUPOPS-479	SEE	Windows	Update SEE version
SUPOPS-458	SEP	Windows	Could not find a part of the path after saving the SBDZ
SUPOPS-464	SEP	Windows	SymDiag can crash if try to delete an invalid Common Client value
SUPOPS-476	SEP, SEPM	Windows	Update EP 14.3 RU4 version
SUPOPS-480	SMSMSE	Windows	Update SMSMSE Version
SUPOPS-477	SymDiag	Windows	Update Sql Server Versions

Build 2.1.304.11227 (01/27/2022)

Issue key	Component	OS	Summary
SUPOPS-468	Viewer	Windows	EO WebBrowser license error when using public decrypt server
SUPOPS-475	SymDiag, Viewer	Windows	Not able to connect with reputation server