Finding the current info, including definition dates, for Endpoint Protection in the registry
Article ID: 181033
Updated On:
Products
Issue/Introduction
Registry location and information regarding the "Public-Opstate" registry key.
Resolution
To provide better support for a set of registry keys that are commonly used for client monitoring, the following subkeys have been moved in Symantec Endpoint Protection. If you run custom scripts against the Symantec Endpoint Protection registry, or if you have written a remote monitoring solution for an earlier release, you will need to revise them when you upgrade to this release.
All new registry subkeys are placed in the following locations:
- On 32-bit systems: HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
- On 64-bit systems: (agent versions earlier than 14.3 RU5): HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
- On 64-bit systems: (agent version 14.3 RU5 or later): HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
Note: This list includes only registry subkeys that were moved in this release. New subkeys are documented elsewhere.
Warning: All registry subkeys and values for Symantec Endpoint Protection should be treated as read-only.
|
Subkey name
|
Previous location
|
New location
|
Used for
|
|
|
ProductVersion
|
--
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\ProductVersion
|
Checking the installed SEP version. (in 32-bit OS or 14.3 RU5+ 64-bit)
|
|
|
ProductVersion
|
--
|
HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\ProductVersion
|
Checking the installed SEP version. (in 64-bit OS for 14.3 RU4 or older)
|
|
|
ASRunningStatus
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
|
Registers whether Virus and Spyware Protection is enabled or disabled.
|
|
|
AVRunningStatus
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
|
Registers whether Virus and Spyware Protection is enabled or disabled.
|
|
| ComputerID | HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate | ComputerID | ||
|
DeployPreviousVersion
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\OpState\
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
|
Registers the four-part version number of the Symantec Endpoint Protection client software that was previously installed on the client computer.
|
|
|
DeployRunningVersion
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\OpState\
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
|
Registers the four-part version number of the Symantec Endpoint Protection client software that is currently installed on the client computer.
|
|
|
DeployStatus
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\OpState\
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
|
Registers details about the status of client software download, installation, upgrade, or patch. See table below for possible values.
|
|
|
DeployTargetVersion
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\OpState\
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
|
Registers the four-part version number of the Symantec Endpoint Protection client software that is planned for future installation on the client computer.
|
|
|
FWRunningStatus
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
|
Registers whether firewall protection is enabled or disabled.
|
|
|
Infected
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\AV\
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
|
Registers whether the client computer is infected with one or more risks that are detected by Virus and Spyware Protection.
|
|
| InstallType | HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate | Registers the type of installed client. 0=Standard 1=Embedded or VDI 2=Dark network |
||
|
LastConnectedTime
|
|
\HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
|
Date and Time of last successful connection to a Symantec Endpoint Protection management server
|
|
|
LastServerIP
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
|
Registers the IP address of the most recent Symantec Endpoint Protection management server that the client connected to.
|
|
| LastSuccessfulScanDateTime | HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate | Date and Time of last successful scan | ||
| LatestVirusDefsDate | HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate | Virus Definition date in use by client | ||
| LatestVirusDefsRevision | HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate | Virus Definition Revision number in use by client | ||
|
RebootReason
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\OpState\
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
|
Registers the reason for a restart of the client computer. See table below for possible values.
|
|
|
snac_enabled
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SMC\
|
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate
|
Registers whether Symantec Network Access Control is enabled or disabled.
|
Table: Possible values for DeployStatus registry subkey
|
Value |
Meaning |
|---|---|
|
Client communication codes |
|
|
0x12070100 |
SEPM indicated an upgrade package for the client |
|
0x12070101 |
Client decided to accept the upgrade package |
|
0x12070102 |
Client decided to reject the upgrade package |
|
0x12070200 |
Client has requested package information for the upgrade |
|
0x12070300 |
Client hasn't allowed to start the download of upgrade package |
|
0x12070301 |
Client has successfully downloaded & verified the upgrade package |
|
0x12070400 |
Client failed to apply the upgrade package |
|
0x12070401 |
Client failed to patch the delta |
|
0x12070402 |
Client failed to launch the upgrade installer |
|
0x12070403 |
Client successfully launched the final upgrade installer |
|
0x12070500 |
Client requesting Full version of the upgrade package on Delta's failure |
|
0x12070501 |
Cient is already at or above the version |
|
Install operation codes |
|
|
0x12072000 |
General install success |
|
0x12072001 |
Files have been copied to the SILO folder; this status is also to be sent on a fresh install before reboot |
|
0x12073000 |
General repair success |
|
0x12074000 |
General uninstall success |
|
0x12075000 |
General install failure |
|
0x12075001 |
Not enough space to complete install |
|
0x12075002 |
Launch condition not met |
|
0x12075003 |
Incompatible consumer version found |
|
0x12075004 |
Machine is in a pending reboot state |
|
0x12075005 |
Legacy incompatible enterprise product found |
|
0x12075006 |
No elevated installation privileges |
|
0x12075007 |
Incompatible operating system detected |
|
0x12075008 |
User cancel |
|
0x12075009 |
Install package is corrupted |
|
0x1207500A |
CleanWipe failed to remove existing product |
|
0x1207500B |
CleanWipe is about to reboot the machine |
|
0x1207500C |
AppRemover failed to remove existing, 3rd party products |
|
0x1207500D |
Client switches management mode to cloud |
Table: Possible values for RebootReason registry subkey
|
Value |
Meaning |
|---|---|
|
0 |
No reboot required. |
|
1 |
Reboot required for threat remediation. |
|
2 |
Reboot required for product patch. |
|
3 |
Reboot required for content update. |
|
4 |
Reboot required for install completion. |
|
5 |
Reboot required by SEP manager command. |
|
6 |
Reboot required due to catastrophic install failure. |
|
7 |
Reboot required for driver config change. |
Feedback
