The following steps assume that SPE is currently using the default configuration for logging levels. The default levels of logging for each component are optimal for most production environments and will not record a log entry when SPE returns a verdict of CLEAN for a file. For tracing through reproductions, SPE logging should be set to VERBOSE level.
- Stop SPE service
- Enable VERBOSE logging
- Start SPE service
- Use symdiag to collect CSAPI and WPP logs (which contain Stargate logs) - see below for detailed steps
- Stop SPE service
- Disable VERBOSE logging
- Start SPE service
To stop SPE service
- Do one of the following
- At the Administrator cmd prompt, type:
net stop SYMCScan
- Within the Windows service.cpl control panel, right click on Symantec Protection Engine Service, then click Stop
To enable VERBOSE SPE logging
To start SPE service
- Do one of the following
- At the Administrator cmd prompt, type:
net start SYMCScan
- Within the Windows service.cpl control panel, right click on Symantec Protection Engine Service, then click Start
To use symdiag to collect CSAPI and WPP(Stargate) logs on Windows
- After downloading symdiag, execute symdiag.
- To confirm symdiag version is higher than 2.1.314.11248, click Help > About. If version is lower then 2.1.314, download a new copy of symdiag.
- Click the button "Collect Data for Support".
- On the "1 Select Products" tab, check "Protection Engine" on the right pane if it is not already selected. Click Next.
- On the "2 Select Data Type" tab, click the "All data" radio button. Below "Debug Logging", check "Protection Engine" if it is not already selected.
- For recording a complex reproduction, set "How long would you like debug log gathering to run?" to twice as many minutes as the longest interval between reproductions.
- Click Advanced. On the PE tab, click the dropdown box next to Trace level. Click VERBOSE. Click OK.
- Click Next.
- On the tab "3 Additional Options", click Next.
- On the tab "4 Reproduce Your Issue", if support requested procmon or wireshark logs, start procmon or wireshark recording as requested.
- Reproduce the issue.
- If you are also recording with procmon or wireshark, stop recording within procmon or wireshark.
- Click Next.
- To confirm you completed reproduction, click "Yes" in the dialog box which appears.
- On the tab "5 Collect", wait for symdiag to collect the evidence into an .sdbz archive file. When the Next button appears, click Next.
- On the tab "6 Attach to case", click the radio button "Save deiagnostic file locally". Click Next.
- Fill in the data for the Customer Information form. Click Save.
- Perform any file transfer within your organization to place the .sdbz file on a machine which can upload the file to the csae within the BROADCOM support portal.