Finding the current info, including definition dates, for Endpoint Protection in the registry
search cancel

Finding the current info, including definition dates, for Endpoint Protection in the registry

book

Article ID: 181033

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 Registry location and information regarding the "Public-Opstate" registry key.

Resolution

To provide better support for a set of registry keys that are commonly used for client monitoring, the following subkeys have been moved in Symantec Endpoint Protection. If you run custom scripts against the Symantec Endpoint Protection registry, or if you have written a remote monitoring solution for an earlier release, you will need to revise them when you upgrade to this release.

All new registry subkeys are placed in the following locations:

  • On 32-bit systems: HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
  • On 64-bit systems: (agent versions earlier than 14.3 RU5): HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
  • On 64-bit systems: (agent version 14.3 RU5 or later): HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate

Note: This list includes only registry subkeys that were moved in this release. New subkeys are documented elsewhere.

Warning: All registry subkeys and values for Symantec Endpoint Protection should be treated as read-only.

 
 
Subkey name
Previous location
New location
Used for
ProductVersion
--
 
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\ProductVersion
Checking the installed SEP version. (in 32-bit OS or 14.3 RU5+ 64-bit)
ProductVersion
--
HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\ProductVersion
Checking the installed SEP version. (in 64-bit OS for 14.3 RU4 or older)
ASRunningStatus
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Registers whether Virus and Spyware Protection is enabled or disabled.
Note: This subkey appears to be redundant with the following subkey.
AVRunningStatus
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Registers whether Virus and Spyware Protection is enabled or disabled.
ComputerID   HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate ComputerID
DeployPreviousVersion
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\OpState\
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Registers the four-part version number of the Symantec Endpoint Protection client software that was previously installed on the client computer.
DeployRunningVersion
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\OpState\
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Registers the four-part version number of the Symantec Endpoint Protection client software that is currently installed on the client computer.
DeployStatus
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\OpState\
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Registers details about the status of client software download, installation, upgrade, or patch. See table below for possible values.
DeployTargetVersion
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\OpState\
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Registers the four-part version number of the Symantec Endpoint Protection client software that is planned for future installation on the client computer.
FWRunningStatus
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Registers whether firewall protection is enabled or disabled.
Infected
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\AV\
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Registers whether the client computer is infected with one or more risks that are detected by Virus and Spyware Protection.
InstallType   HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate Registers the type of installed client.
0=Standard
1=Embedded or VDI
2=Dark network
LastConnectedTime
 
\HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
Date and Time of last successful connection to a Symantec Endpoint Protection management server
LastServerIP
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Registers the IP address of the most recent Symantec Endpoint Protection management server that the client connected to.
LastSuccessfulScanDateTime   HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate Date and Time of last successful scan
LatestVirusDefsDate   HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate Virus Definition date in use by client
LatestVirusDefsRevision   HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate Virus Definition Revision number in use by client
RebootReason
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\OpState\
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Registers the reason for a restart of the client computer. See table below for possible values.
snac_enabled
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SMC\
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Registers whether Symantec Network Access Control is enabled or disabled.
Note: HKLM is synonymous with HKEY_LOCAL_MACHINE.

Table: Possible values for DeployStatus registry subkey

Value

Meaning

Client communication codes

 

0x12070100

SEPM indicated an upgrade package for the client

0x12070101

Client decided to accept the upgrade package

0x12070102

Client decided to reject the upgrade package

0x12070200

Client has requested package information for the upgrade

0x12070300

Client hasn't allowed to start the download of upgrade package

0x12070301

Client has successfully downloaded & verified the upgrade package

0x12070400

Client failed to apply the upgrade package

0x12070401

Client failed to patch the delta

0x12070402

Client failed to launch the upgrade installer

0x12070403

Client successfully launched the final upgrade installer

0x12070500

Client requesting Full version of the upgrade package on Delta's failure

0x12070501

Cient is already at or above the version

Install operation codes

 

0x12072000

General install success

0x12072001

Files have been copied to the SILO folder; this status is also to be sent on a fresh install before reboot

0x12073000

General repair success

0x12074000

General uninstall success

0x12075000

General install failure

0x12075001

Not enough space to complete install

0x12075002

Launch condition not met

0x12075003

Incompatible consumer version found

0x12075004

Machine is in a pending reboot state

0x12075005

Legacy incompatible enterprise product found

0x12075006

No elevated installation privileges

0x12075007

Incompatible operating system detected

0x12075008

User cancel

0x12075009

Install package is corrupted

0x1207500A

CleanWipe failed to remove existing product

0x1207500B

CleanWipe is about to reboot the machine

0x1207500C

AppRemover failed to remove existing, 3rd party products

0x1207500D

Client switches management mode to cloud

 

Table: Possible values for RebootReason registry subkey

Value

Meaning

0

No reboot required.

1

Reboot required for threat remediation.

2

Reboot required for product patch.

3

Reboot required for content update.

4

Reboot required for install completion.

5

Reboot required by SEP manager command.

6

Reboot required due to catastrophic install failure.

7

Reboot required for driver config change.