You want to check whether the KCS encryption key with the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection (SEP) clients match.

Steps on how to verify KCS and certificates

1. Login to the Symantec Endpoint Protection Manager (SEPM) and click Clients.
2. Click the group whose KCS you need to verify and click the Details tab.
3. Take note of the alpha-numeric code at the beginning of the Policy Serial Number (For example 553E-12/18/2025 14:01:36 474)
4. Navigate to the outbound policy folder on the SEPM, the default location is: <SEPM_Install_dir>\data\outbox\agent\
5. Go to the file folder that starts with the same alpha numeric code as the policy you would like to apply (For example 553E862D0A003D2F019FD541B9A58BE3).
6. Open the Sylink.xml file in this folder and note the KCS value and certificate.
7. Compare this with the values in sylink.xml taken from the client.
8. Sylink.xml on the client is at "C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config"