Download SymDiag v3 to detect product issues
search cancel

Download SymDiag v3 to detect product issues

book

Article ID: 281571

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Protection Endpoint Protection Cloud Protection Engine for NAS Protection Engine for Cloud Services Generic Non Product Support Portal Global Customer Assistance Cloud Secure Web Gateway Cloud Secure Web Gateway - Cloud SWG Carbon Black Cloud Endpoint Standard Carbon Black Cloud Enterprise EDR Carbon Black Cloud Workload

Issue/Introduction

Download and learn about SymDiag v3 — the Symantec Diagnostic Tool — which identifies common issues, and gathers data and logs for support-assisted troubleshooting.

This article contains information about Version 3 of SymDiag.  For SymDiag Version 2, click here.

Environment

Use SymDiag Version 3 for products in this table listed below.

Endpoint SecurityInformation SecurityNetwork SecurityAdditional Products
  • Carbon Black Cloud (4.2+)
  • Endpoint Security Agent v2.5
  • Endpoint Protection 16 (SEP 16)
  • Endpoint Protection 14.3.x
  • Endpoint Security 14.3.x
  • Protection Engine Agent and Console
  • Data Loss Prevention
  • Cloud SWG v10
  • WSS
 

 

For products listed below, visit the SymDiag Version 2 (v2) article.

Endpoint SecurityInformation SecurityNetwork SecurityAdditional Products
  • Endpoint Protection 14.3.x
  • Endpoint Security 14.3.x
  • Endpoint Encryption
  • Encryption Powered by PGP
  • Enterprise Agent
  • Data Center Security Agent
  • Protection Engine
  • Advanced Threat Protection (Linux)
  • Data Loss Prevention 11.0 and later
  • Web Cloud Protection
  • Web Gateway
  • Web Security Service
  • Unified Agent/Web Security Service Agent
  • Optical Character Recognition
  • Auth Connector
  • Authentication and Authorization Agent
  • Data Insight
  • Information Center Analytics
  • Information Centric Tagging
  • Mail Security for Microsoft Exchange 6.5.2 and later*
  • Management Platform
  • VIP Access



Additional Notes

  • Both SymDiag v2 and v3 can be used to gather data for Endpoint Protection 14.3.x and Endpoint Security 14.3.x.

Resolution

Table of Contents

SymDiag for Windows v3 (3.0.115)

  1. Download SymDiag for Windows v3.
  2. Save the file to the Windows desktop.
  3. On the Windows desktop, double-click the SymDiagWin.exe icon.
  4. Follow the on-screen instructions to collect data.

Note: Requires Microsoft .NET 4.6.2 or greater.

URL Access Requirements

SymDiag requires access to the following URLs to function.   Please add them to any necessary URL Allow list or Whitelist.  All port requirements are HTTPS only.

URLProtocol and PortDescription
diag.broadcom.comHTTPS 443
  • Primary download location. 
  • Used for decryption services.
ced.broadcom.comHTTPS 443
  • Anonymous usage and diagnostic telemetry.  Blocking of this URL will only suppress telemetry as long as primary download location is accessible.
  • Alternative download location.
share.broadcom.comHTTPS 443
  • Self-updating mechanism.  SymDiag will check if newer version is available and update while running.


When SymDiag runs it checks the network hosts in the TechDoc (below) and reports which are unreachable.

 

SymDiag Viewer for Windows v3 (3.0.115)

  2. Save the file to the Windows desktop.
  3. On the Windows desktop, double click the SymDiagViewer3.msi icon.
  4. Follow the on-screen instructions to install the SymDiag Viewer.
  5. Double click on any *.sdz3 file and the file will be opened in the SymDiag Viewer.
  6. If .Net v8 is not installed, when the SymDiagViewer v3 application runs it will prompt you to download and install .Net v8.

Note: Requires Microsoft .NET 8.

 

Supported products

See the Environment section of this article for supported products.

 

SymDiag command line

The command line format has been updated. An action will start with ‘sd-x’ where x is the action to take.  An action can have options and arguments.  An argument is denoted by 2 dashes: ‘-- ‘.  Spaces delimit options and arguments.  If spaces are needed in the option or argument, then quotes are put around the option or argument.

CommandDetails

-?, -h, --help

 

sd-base <DIR>

  • The directory in which all SymDiag generated files and directories will be created.
  • Example: sd-base c:\basedir
sd-dest --dir <DIR> --file <FILE>
  • Set the destination directory and/or file and skips file save in ui
  • Example to set output directory only: sd-dest --dir c:\outputdir
sd-log <TYPE>

Creates the type of log file and all others in this order (PPPP indicates a pid number):

  • sfx: Logs self-extractor operations in a file with the name SymDiag.SdSfxPPPP.log with cert and log types
  • cert: Logs the certificate checking in a file with the name SymDiag.CertPPPP.log with log type
  • log: Logs the SymDiag operations in a file with the name <COMPUTER>__<YEAR>-<MONTH>-<DAY>__HH-MM-SS.log. If the SymDiag.PPPP.log exists, it is renamed to the log file name.
  • Example: sd-log log
sd-logging <ProductShortName(s)> --for <Minutes>

Enables product logging when running SymDiag silently.

  • <ProductShortName(s)>
    • A comma delimited list of product shortnames to enable product logging for if the product(s) are detected.
    • If not specified, then any detected products that support product logging will be enabled.
  • --for <Minutes>
    • If specified, the number of minutes the product logging will run for
    • If not specified, this defaults to 5
  • Example: sd-logging --for 1

 

Currently the supported products are: Sea (which will enable Sea, WssBlade and SepBlade), WssAgent, WssCloud

sd-open <FILE>
  • Open the file
  • Example: sd-open “c:\data\file.sdz3”
sd-prod <ProductShortName(s)>A comma delimited list of product shortnames to collect data for if the product is detected. If specified, then data is not collected for unlisted detected products.
sd-noup
  • Does not check for an update
  • Example: sd-noup
sd-optional --run <COMMANDS> --notrun <COMMANDS>

Specify to run or not run optional collection commands. COMMANDS is a comma delimited list of commands which are listed in Pascal Case for easier reading.  The command is case insensitive.

  • GroupPolicy
sd-s Run silently
  • Will run SymDiag silently
  • Example: sd-s
sd-skip <OPTIONS>

A comma delimited list of options to skip past ui screens. The options are in Pascal Case for easier reading.  The option is case insensitive.

  • AcceptEula: Skips pressing the "I accept the EULA" button
  • TaskCollect: Selects the "Collect and Analyze Product Data task
  • TaskCollectSave: Selects the "Collect and Analyze Product Data" task and proceeds through a product logging and collection to the the Save screen.  If "sd-dest --dir" is present, the output will be saved.  If both conditions are true, SymDiag will exit after the ave.
sd-update-only

Update to the latest version and then exit

Example command line with multiple options to set the base dir, output dir and SymDiag logging:

sd-base c:\basedir sd-dest --dir "c:\output dir" sd-log log

 

Product short names

Short Name

Product Name

cbcblade

Carbon Black Cloud

Esa

Enterprise Security Agent

SepBladeSymantec Endpoint Protection
WssBladeCloud SWG
SpeServerSymantec Protection Engine Server

SpeConsole

Symantec Protection Engine Console

Files and directories created by SymDiag

SymDiag uses a base directory, which can be set by the command line option sd-base.  Within that base directory, SymDiag creates files and directories.  The file name’s format is: [computer name]__yyyy-mm-dd__hh-mm-ss.

If the sfx or cert argument is provide to the sd-log command, then a SymDiag.PPPPP.log where PPPPP is the initial pid is created.  Once SymDiag starts running, if the SymDiag.PPPP.log exists, it is renamed to [computer name]__yyyy-mm-dd__hh-mm-ss.log.

 

Extension

Type

SymDiag.PPPPP.log

Log of the self-extractor operations and/or the certificate checks prior to SymDiag starting

.log

Log of SymDiag's operation

.realm

Mongo Realm database file

.realm.lock

Mongo Realm database lock file

.sdz3.tmp

SymDiag archive file

 

In the base directory, the following directories are created (PPPP is a common pid):

Name

Purpose

[Name].realm.management

Mongo Realm’s directory

SdSfxPPPP

SymDiag's self-extractor extracts the SymDiag files to this directory

TempPPPP

Directory that is used for creating temporary files while SymDiag is running

TempPPPP\Archive\x

As files are archived, numbered directories are created and the files are compressed into them before being written into the archive

TempPPPP\RebootState

If SymDiag is rebooting the computer, then various state files are written to this directory

TempPPPP\TraceSessions\x

If product logging is running, then separate directories are used for each product and log type

 

Additional Information

Release Information

What's new for SymDiag v3 for Windows?

  • Data collection can be up to 14 times faster.  The average collection time should be about 30 seconds.
  • Resolves v2 issues
  • The UI workflow and performance has been updated.
  • All data collection commands are multi-threaded with the ability to cancel a command after 90 seconds
  • Viewer, Database, and Archive tabs have been added
  • Reports have been redesigned as Facts
  • Product logging UI selections, logs and errors are displayed
  • The WPP logging options and filtering have been updated
  • The Command line options have been updated
  • The archive and database collections have been updated

What's new for SymDiag v3 for Windows Viewer Tab?

  • Updated the display of product data
  • Updated the query UI
  • Updated the tree view for all products
  • SQLite databases are displayed as tables and columns with filtering capability
  • Files larger than 2 MB are displayed
  • New for Endpoint Security Agent v2.5
    • Collects and displays data for Endpoint Security Agent v2.5 and the following products:
      • Endpoint Protection 16
      • Cloud SWG 1.3
  • New for Protection Engine
    • Supports v9

What's new for SymDiag v3 for Windows Viewer

  • .Net v8.0 application
  • The v2 and v3 Viewers can be installed together.  The v2 Viewer will only display v2 (.sdbz) files and the v3 Viewer will only display v3 (.sdz3) files.
  • Includes all of the viewing capability of SymDiag for Windows
  • Updated data collection version check
  • Includes the latest LogJoint for rich log viewing
  • Initial Facts editor with examples

Resolves the following SymDiag v2 for Windows issues:

  • Slow data collection
  • Database is locked error
  • Data collection hangs
  • Large file collections can fail
  • Runs out of memory while collecting some database data
  • UI is slow or stops responding
  • WPP logging errors are not displayed when they happen
  • Windows 64bit OS data may not be collected
  • Viewer will not display files that are larger than 2MB
  • Viewer is slow to open when a large number of file contents have been stored in the database
  • Data is stored in multiple formats
  • Old Windows UI folder selector

What SymDiag v2 for Windows features will not be included?

  • Malware detection and removal as it is no longer under development
  • Language Support
  • License Overview
  • Resources section
  • Real time display of cpu and memory
  • Wolken integration
  • Facts linking to KBs
  • The following reports will not be in v3
    • Latest Version
    • System Requirements
    • Security Advisories

Frequently asked questions

Q: Why is the performance slower than expected?

  • Data collection will be slower on systems with less than 4 CPUs as compared to systems with 4 or more CPUs. The fastest collection times are when the number of active commands are 50%-75% of the virtual CPUs. The number of active commands defaults to 50% of the virtual CPUs.

    This is set in the Scan Options by selecting the number of active commands.

  • Memory usage above 50% before SymDiag runs can increase the data collection time. This is due to the large number of objects that are created, saved to the database and then released.  

Q: How do I extract the files from the .sdz3 file?

  • The .sdz3 file uses a Zip format.  The initial .sdz3 file will have 1 file with the same name.  This file can be extracted using a Zip program.  The files within the extracted .sdz3 have been compressed using LZ4, which most Zip programs do not support.

    You will need to use SymDiagWin, SymDiag Viewer, or an application that supports LZ4 compression.

Release Notes

Build 3.0.95 (09/09/2025)

What's New?What's Fixed?

The following products are now supported:

  • Data Loss Prevention
  • Web Security Service agent
  • ARM-specific drivers are no longer being reported incorrectly.
  • SymDiag now correctly recognizes standalone WSSA.
  • SymDiag no longer terminates when using WPP -reboot logging.
  • The Remote Diagnostic command no longer fails with an error.
  • Tool password verification now occurs in DLP agent Debug mode.
  • The tool password is now mandatory in DLP agent Debug mode.
Powered by Wolken Software