This article describes steps for configuring the Communication Module logging in Symantec Endpoint Protection Client (SEP) 14.2 and later. This logging is used to troubleshoot communication issues between the SEP client and the Symantec Endpoint Protection Manager (SEPM). The communication module logging replaces Sylink logging functionality.
SEP 14.2 and later.
This article is specifically for Symantec Endpoint Protection 14.2+ on Windows.
If you have need of troubleshooting Symantec Endpoint Protection client communications on a MAC or Linux device to the Symantec Endpoint Protection Manager see How to enable SymDaemon debug logging for SEP for Mac and Overview of log and configuration files in SEP for Linux (sylink debugging).
In SEP 14.3 RU2 and later Communication Module logging can be enabled using the Client Management debug log settings.
Additional Log level settings are as follows:
This method can still be used on 14.3 RU2 and later clients in addition to the UI method mention above.
Caution: Before you begin, you should make a backup of the Windows Registry. See the Microsoft article Back up the registry.
Note: Tamper protection must be disabled before you follow this process. If you do not disable Tamper Protection, it will block the required registry key modifications. To disable Tamper Protection, see the following article: Disable Tamper Protection
HKLM\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
Note: When troubleshooting communication issues, a value of 1 is strongly recommended to ensure that all pertinent data is collected. If this value is not present or is configured to use an invalid value, the product will default to a logging level of 4.
A service restart is not required for the new settings to take effect.
Note: For Mac specific instructions please see TECH132983
1. Communication logging will be found under C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs in the following two files:
2. Additionally, opstate data will be written in the following files under C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\
For SEP 14 RU1 Mp2 and earlier versions, to enable Sylink debug logging check the below article.