Configuring Endpoint Protection Communication Module Logging in 14.2
search cancel

Configuring Endpoint Protection Communication Module Logging in 14.2


Article ID: 173184


Updated On:


Endpoint Protection


This article describes steps for configuring the Communication Module logging in Symantec Endpoint Protection (SEP) 14.2. This logging is used to troubleshoot communication issues between the SEP client and the Symantec Endpoint Protection Manager (SEPM). Communication module logging replaces Sylink logging.


SEP 14.2 and later.


This article is for SEP on Windows. See otherwise How to enable SymDaemon debug logging for SEP for Mac and Overview of log and configuration files in SEP for Linux (sylink debugging).

Caution: Before you begin, you should make a backup of the Windows Registry. See the Microsoft article Back up the registry.

Note: Tamper protection must be disabled before you follow this process. If you do not disable Tamper Protection, it will block the required registry key modifications. To disable Tamper Protection, see the following article: Disable Tamper Protection

To configure Communication Module logging:

1. To open the Registry Editor, click Start. In the Search programs and files field, enter regedit, and then click regedit.exe from the list of results.

Alternately, click Start > Run, enter regedit, and then click OK.

2. Navigate to the following registry subkey

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink

Note: On 32-bit Windows this location will be HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Production\SMC\SYLINK\SyLink

3. Find or create the CVELogLevel (REG_DWORD) value and edit it to set the desired logging level. Supported values are:

  • 1 = Debug
  • 2 = Info
  • 3 = Warn
  • 4 = Error
  • 5 = Fatal

Note: When troubleshooting communication issues, a value of 1 is strongly recommended to ensure that all pertinent data is collected. If this value is not present or is configured to use an invalid value, the product will default to a logging level of 4.

4. To adjust the maximum size of the logs, locate or create the CVELogSizeMB (REG_DWORD) value and edit it to set the maximum size of the logs in MB. The default size is 250 MB.

A service restart is not required for the new settings to take effect.

Note: For Mac specific instructions please see TECH132983

Log and Data Location:

1. Communication logging will be found under C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs in the following two files:

  • cve.log
  • cve-actions.log

2. Additionally, opstate data will be written in the following files under C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\

  • Registrationinfo.xml
  • Registration.xml
  • State.xml