Download and learn about SymDiag v3 — the Symantec Diagnostic Tool — which identifies common issues, and gathers data and logs for support-assisted troubleshooting.
Note: Requires Microsoft .NET 4.6.2 or greater.
Note: Requires Microsoft .NET 8.
These are the initial products that are supported. Additional v2 products will be added in the future:
The command line format has been updated. An action will start with ‘sd-x’ where x is the action to take. An action can have options and arguments. An argument is denoted by 2 dashes: ‘-- ‘. Spaces delimit options and arguments. If spaces are needed in the option or argument, then quotes are put around the option or argument.
Command | Details |
|
|
|
|
sd-dest --dir <DIR> --file <FILE> |
|
sd-log <TYPE> |
Creates the type of log file and all others in this order (PPPP indicates a pid number):
|
sd-logging <ProductShortName(s)> --for <Minutes> |
Enables product logging when running SymDiag silently.
Currently the supported products are: Sea (which will enable Sea, WssBlade and SepBlade), WssAgent, WssCloud |
sd-open <FILE> |
|
sd-prod <ProductShortName(s)> |
A comma delimited list of product shortnames to collect data for if the product is detected. If specified, then data is not collected for unlisted detected products. |
sd-noup |
|
sd-optional --run <COMMANDS> --notrun <COMMANDS> |
Specify to run or not run optional collection commands. COMMANDS is a comma delimited list of commands which are listed in Pascal Case for easier reading. The command is case insensitive.
|
sd-s Run silently |
|
sd-skip <OPTIONS> |
A comma delimited list of options to skip past ui screens. The options are in Pascal Case for easier reading. The option is case insensitive.
|
Example command line with multiple options to set the base dir, output dir and SymDiag logging:
sd-base c:\basedir sd-dest --dir "c:\output dir" sd-log log
Short Name |
Product Name |
DlpAgent |
Data Loss Prevention Agent |
DlpDetection |
Data Loss Prevention Detection |
DlpEnforce |
Data Loss Prevention Enforce |
Sea |
Enterprise Agent |
SpeServer |
Protection Engine Server |
SpeConsole |
Protection Engine Console |
SepAgent |
Endpoint Protection Agent |
SepConsole |
Endpoint Protection Console |
WssAgent |
Web Security Service Agent |
WssBlade |
Web Gateway |
WssCloud |
Web Security Service |
SymDiag uses a base directory, which can be set by the command line option sd-base. Within that base directory, SymDiag creates files and directories. The file name’s format is: [computer name]__yyyy-mm-dd__hh-mm-ss.
If the sfx or cert argument is provide to the sd-log command, then a SymDiag.PPPPP.log where PPPPP is the initial pid is created. Once SymDiag starts running, if the SymDiag.PPPP.log exists, it is renamed to [computer name]__yyyy-mm-dd__hh-mm-ss.log.
Extension |
Type |
SymDiag.PPPPP.log |
Log of the self-extractor operations and/or the certificate checks prior to SymDiag starting |
.log |
Log of SymDiag's operation |
.realm |
Mongo Realm database file |
.realm.lock |
Mongo Realm database lock file |
.sdz3.tmp |
SymDiag archive file |
In the base directory, the following directories are created (PPPP is a common pid):
Name |
Purpose |
[Name].realm.management |
Mongo Realm’s directory |
SdSfxPPPP |
SymDiag's self-extractor extracts the SymDiag files to this directory |
TempPPPP |
Directory that is used for creating temporary files while SymDiag is running |
TempPPPP\Archive\x |
As files are archived, numbered directories are created and the files are compressed into them before being written into the archive |
TempPPPP\RebootState |
If SymDiag is rebooting the computer, then various state files are written to this directory |
TempPPPP\TraceSessions\x |
If product logging is running, then separate directories are used for each product and log type |
Build 3.0.55 (9/20/2024)
Issue key | Component | Summary |
SUPOPS-1423 | Sea, Web Gateway | Unable to open some Sea logs as 0 byte files are not archived |
SUPOPS-1433 | Sea, Web Gateway | Capture RocksDb files immediately by an order and date |
SUPOPS-1430 | SymDiag | Have ArchiveWriter compress before the item is queued for archiving |
SUPOPS-1420 | SymDiag, Viewer | Unable to extract a trace file from ...\Product Logging\Trace Session view |
SUPOPS-1427 | SymDiag, Viewer | Public SymDiag Decryption Service UI does not close |
Build 3.0.54 (9/12/2024)
Issue key | Component | Summary |
SUPOPS-1401 | SymDiag | When saving, the folder path and file name are not showing completely |
SUPOPS-1402 | SymDiag | The screen shows incorrect information, collecting 107 of 106 |
SUPOPS-1422 | SymDiag | Use sdz3.tmp archive extension while collecting data |
SUPOPS-1400 | SymDiag, Viewer | About box is blank |
SUPOPS-1398 | Wss | Collect PAC file for WSS |
SUPOPS-1405 | Wss | Enable WSS silent product logging |
Build 3.0.53 (8/28/2024)
Issue key | Component | Summary |
SUPOPS-1394 | SymDiag | Improve performance and hangs when running on 1-3 cpus |
SUPOPS-1395 | SymDiag | Silent data collection does not set Scan Start |
SUPOPS-1389 | SymDiag, Viewer | Copy Fact to clipboard |
Build 3.0.52 (8/21/2024)
Issue key | Component | Summary |
SUPOPS-1365 | Dlp | Unable to pick the correct version of DLP after a migration |
SUPOPS-1366 | SymDiag, Viewer | An ArchiveGroup view with 2 or more groups can display the same file multiple times |
Build 3.0.51 (8/6/2024)
Issue key | Component | Summary |
SUPOPS-1255 | Sea | Capture the manifest.json from SymPlatform dir |
SUPOPS-1349 | SymDiag | Allow the user a choice to continue collecting data after a product logging failure |
SUPOPS-1356 | SymDiag | Unable to collect data when SymDiagWin launched by a service |
Build 3.0.50 (7/29/2024)
Issue key | Component | Summary |
SUPOPS-1347 | SEA | Collect SEA migration logs |
Build 3.0.49 (7/25/2024)
Issue key | Component | Summary |
SUPOPS-1337 | SEA | Add SEA*.* from TEMP directories to data collection |
SUPOPS-1261 | SEP | Capture the FSD logs |
SUPOPS-1331 | SymDiag | Command line option to enable product logging |
SUPOPS-1333 | SymDiag | "Error starting up..." when setting sd-base command line to c:\Windows\system32 |
SUPOPS-1330 | SymDiag | .sdz3 file is deleted when using sd-base and sd-dest with the same directory |
SUPOPS-1302 | Viewer | Unable to open realm file |
SUPOPS-1325 | Viewer | After opening a Realm file, correctly handle that the archive file is not present in various views |
SUPOPS-1287 | Viewer | Viewer exits from memory when exporting files from File Explorer\All |
SUPOPS-1332 | Viewer | Display a file contents not collected dialog for files which were not collected |
SUPOPS-1339 | Viewer | Unable to update Realm file due to a lower format version |
Build 3.0.48 (4/29/2024)
Issue key | Component | Summary |
SUPOPS-1159 | DLP | DbJdbc ArgumentException: Object of type 'System.DBNull' cannot be converted to type 'System.DateTimeOffset' |
SUPOPS-1165 | SEP | Enabling product logging for sep with ntr results in a blank reproduce screen |
SUPOPS-1007 | SEP | Update sep agent and console url checks for latest version |
SUPOPS-1172 | SEP | Sep14.3 RU8 exceptions are not displayed |
SUPOPS-819 | SPE | Spe Server 9 has new logging options |
SUPOPS-777 | SymDiag | [14.3-RU8 and above][SDBZ] For GEH policy in PMS, please collect Client and Server node |
SUPOPS-1183 | SymDiag | Save decryption information in a file so that files can be decrypted without the database |
SUPOPS-1070 | Viewer | Viewer shortcut path is incorrect to launch it |
SUPOPS-1185 | Viewer | Opening a .sdz3 with no database file the UI is stuck at the 'extracting database file' modal |
SUPOPS-1182 | Viewer | Viewer can display and extract files without the database file |
Build 3.0.47 (4/15/2024)
Issue key | Component | Summary |
SUPOPS-1039 | SEP | Add Sep Client to Manager communication Fact |
SUPOPS-1166 | SPE | Rename SPE CASPI to CSAPI |
SUPOPS-1156 | SymDiag | WindowsFirewall1.Store RealmException: Realm accessed from incorrect thread |
SUPOPS-1158 | SymDiag | OsBitLocker System.Management.ManagementException: Invalid namespace |
SUPOPS-1170 | SymDiag | Updating ScCmd causes SymDiag to exit with the exception: System.Runtime.InteropServices.SEHException |
Build 3.0.46 (4/8/2024)
Issue key | Component | Summary |
SUPOPS-1146 | SEP | Error or crash when viewing SEP Cloud policies or Cc Settings |
SUPOPS-1153 | SEP | Improve sep 14.3 ru 5 detection and data collection |
SUPOPS-1154 | SymDiag | Def Explorer view displays 'unable to display defs' error |
SUPOPS-1151 | SymDiag | RealmException: Realm accessed from incorrect thread for SdArchive |
SUPOPS-1152 | SymDiag | Exception: System.Runtime.InteropServices.SEHException |
SUPOPS-1059 | WSS | Detect Web Gateway version from file wssad.exe |
Build 3.0.45 (4/4/2024)
Initial release.