Products

Data Loss Prevention Endpoint Protection Endpoint Protection Cloud Protection Engine for NAS Protection Engine for Cloud Services Generic Non Product Support Portal Global Customer Assistance Cloud Secure Web Gateway Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Download and learn about SymDiag v3 — the Symantec Diagnostic Tool — which identifies common issues, and gathers data and logs for support-assisted troubleshooting.

Resolution

SymDiag for Windows v3 (3.0.91)
SymDiag Viewer for Windows v3 (3.0.91)
Supported products
SymDiag command line
Product short names
Files and directories created by SymDiag
New features
Frequently asked questions
- Q: Why is the performance slower than expected?
- Q: How do I extract the files from the .sdz3 file?
Release Notes

SymDiag for Windows v3 (3.0.91)

Download SymDiag for Windows v3.
Save the file to the Windows desktop.
On the Windows desktop, double-click the SymDiagWin.exe icon.
Follow the on-screen instructions to collect data.

Note: Requires Microsoft .NET 4.6.2 or greater.

SymDiag Viewer for Windows v3 (3.0.91)

Download SymDiag Viewer for Windows v3.
Save the file to the Windows desktop.
On the Windows desktop, double-click the SymDiagViewer3.msi icon.
Follow the on-screen instructions to install the SymDiag Viewer
Double click on any *.sdz3 file and the file will be opened in the SymDiag Viewer v3
If .Net v8 is not installed, when the SymDiag Viewer v3 runs it will prompt you to download and install .Net v8.

Note: Requires Microsoft .NET 8.

Supported products

These are the initial products that are supported. Additional v2 products will be added in the future:

Endpoint Security Agent v2.5
Endpoint Protection 16
Cloud SWG v10
Protection Engine Agent and Console

SymDiag command line

The command line format has been updated. An action will start with ‘sd-x’ where x is the action to take. An action can have options and arguments. An argument is denoted by 2 dashes: ‘-- ‘. Spaces delimit options and arguments. If spaces are needed in the option or argument, then quotes are put around the option or argument.

Command	Details
-?, -h, --help
sd-base <DIR>	The directory in which all SymDiag generated files and directories will be created. Example: sd-base c:\basedir
sd-dest --dir <DIR> --file <FILE>	Set the destination directory and/or file and skips file save in ui Example to set output directory only: sd-dest --dir c:\outputdir
sd-log <TYPE>	Creates the type of log file and all others in this order (PPPP indicates a pid number): sfx: Logs self-extractor operations in a file with the name SymDiag.SdSfxPPPP.log with cert and log types cert: Logs the certificate checking in a file with the name SymDiag.CertPPPP.log with log type log: Logs the SymDiag operations in a file with the name <COMPUTER>__<YEAR>-<MONTH>-<DAY>__HH-MM-SS.log. If the SymDiag.PPPP.log exists, it is renamed to the log file name. Example: sd-log log
sd-logging <ProductShortName(s)> --for <Minutes>	Enables product logging when running SymDiag silently. <ProductShortName(s)> A comma delimited list of product shortnames to enable product logging for if the product(s) are detected. If not specified, then any detected products that support product logging will be enabled. --for <Minutes> If specified, the number of minutes the product logging will run for If not specified, this defaults to 5 Example: sd-logging --for 1 Currently the supported products are: Sea (which will enable Sea, WssBlade and SepBlade), WssAgent, WssCloud
sd-open <FILE>	Open the file Example: sd-open “c:\data\file.sdz3”
sd-prod <ProductShortName(s)>	A comma delimited list of product shortnames to collect data for if the product is detected. If specified, then data is not collected for unlisted detected products.
sd-noup	Does not check for an update Example: sd-noup
sd-optional --run <COMMANDS> --notrun <COMMANDS>	Specify to run or not run optional collection commands. COMMANDS is a comma delimited list of commands which are listed in Pascal Case for easier reading. The command is case insensitive. GroupPolicy
sd-s Run silently	Will run SymDiag silently Example: sd-s
sd-skip <OPTIONS>	A comma delimited list of options to skip past ui screens. The options are in Pascal Case for easier reading. The option is case insensitive. AcceptEula: Skips pressing the "I accept the EULA" button TaskCollect: Selects the "Collect and Analyze Product Data task TaskCollectSave: Selects the "Collect and Analyze Product Data" task and proceeds through a product logging and collection to the the Save screen. If "sd-dest --dir" is present, the output will be saved. If both conditions are true, SymDiag will exit after the ave.
sd-update-only	Update to the latest version and then exit

Example command line with multiple options to set the base dir, output dir and SymDiag logging:

sd-base c:\basedir sd-dest --dir "c:\output dir" sd-log log

Product short names

Short Name	Product Name
Esa	Enterprise Security Agent
SepBlade	Endpoint Protection
WssBlade	Cloud SWG
SpeServer	Protection Engine Server
SpeConsole	Protection Engine Console

Files and directories created by SymDiag

SymDiag uses a base directory, which can be set by the command line option sd-base. Within that base directory, SymDiag creates files and directories. The file name’s format is: [computer name]__yyyy-mm-dd__hh-mm-ss.

If the sfx or cert argument is provide to the sd-log command, then a SymDiag.PPPPP.log where PPPPP is the initial pid is created. Once SymDiag starts running, if the SymDiag.PPPP.log exists, it is renamed to [computer name]__yyyy-mm-dd__hh-mm-ss.log.

Extension	Type
SymDiag.PPPPP.log	Log of the self-extractor operations and/or the certificate checks prior to SymDiag starting
.log	Log of SymDiag's operation
.realm	Mongo Realm database file
.realm.lock	Mongo Realm database lock file
.sdz3.tmp	SymDiag archive file

In the base directory, the following directories are created (PPPP is a common pid):

Name	Purpose
[Name].realm.management	Mongo Realm’s directory
SdSfxPPPP	SymDiag's self-extractor extracts the SymDiag files to this directory
TempPPPP	Directory that is used for creating temporary files while SymDiag is running
TempPPPP\Archive\x	As files are archived, numbered directories are created and the files are compressed into them before being written into the archive
TempPPPP\RebootState	If SymDiag is rebooting the computer, then various state files are written to this directory
TempPPPP\TraceSessions\x	If product logging is running, then separate directories are used for each product and log type

New features

What's new for SymDiag v3 for Windows?

Data collection can be up to 14 times faster. The average collection time should be about 30 seconds.
Resolves v2 issues
The UI workflow and performance has been updated.
All data collection commands are multi-threaded with the ability to cancel a command after 90 seconds
Viewer, Database, and Archive tabs have been added
Reports have been redesigned as Facts
Product logging UI selections, logs and errors are displayed
The WPP logging options and filtering have been updated
The Command line options have been updated
The archive and database collections have been updated

What's new for SymDiag v3 for Windows Viewer Tab?

Updated the display of product data
Updated the query UI
Updated the tree view for all products
SQLite databases are displayed as tables and columns with filtering capability
Files larger than 2 MB are displayed
New for Endpoint Security Agent v2.5
- Collects and displays data for Endpoint Security Agent v2.5 and the following products:
  - Endpoint Protection 16
  - Cloud SWG 1.3
New for Protection Engine
- Supports v9

What's new for SymDiag v3 for Windows Viewer

.Net v8.0 application
The v2 and v3 Viewers can be installed together. The v2 Viewer will only display v2 (.sdbz) files and the v3 Viewer will only display v3 (.sdz3) files.
Includes all of the viewing capability of SymDiag for Windows
Updated data collection version check
Includes the latest LogJoint for rich log viewing
Initial Facts editor with examples

Resolves the following SymDiag v2 for Windows issues:

Slow data collection
Database is locked error
Data collection hangs
Large file collections can fail
Runs out of memory while collecting some database data
UI is slow or stops responding
WPP logging errors are not displayed when they happen
Windows 64bit OS data may not be collected
Viewer will not display files that are larger than 2MB
Viewer is slow to open when a large number of file contents have been stored in the database
Data is stored in multiple formats
Old Windows UI folder selector

What SymDiag v2 for Windows features will not be included?

Malware detection and removal as it is no longer under development
Language Support
License Overview
Resources section
Real time display of cpu and memory
Wolken integration
Facts linking to KBs
The following reports will not be in v3
- Latest Version
- System Requirements
- Security Advisories

Frequently asked questions

Q: Why is the performance slower than expected?

Data collection will be slower on systems with less than 4 CPUs as compared to systems with 4 or more CPUs. The fastest collection times are when the number of active commands are 50%-75% of the virtual CPUs. The number of active commands defaults to 50% of the virtual CPUs.

This is set in the Scan Options by selecting the number of active commands.
Memory usage above 50% before SymDiag runs can increase the data collection time. This is due to the large number of objects that are created, saved to the database and then released.

Q: How do I extract the files from the .sdz3 file?

The .sdz3 file uses a Zip format. The initial .sdz3 file will have 1 file with the same name. This file can be extracted using a Zip program. The files within the extracted .sdz3 have been compressed using LZ4, which most Zip programs do not support.

You will need to use SymDiagWin, SymDiag Viewer, or an application that supports LZ4 compression.

Release Notes

Build 3.0.91 (05/19/2025)

Issue key	Component	Summary
SUPOPS-1831	SymDiag and Viewer	GA Release

Download SymDiag v3

Article ID: 281571

Updated On: