How to Debug Symantec Endpoint Protection SymDaemon on the Macintosh client

book

Article ID: 152505

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SymDaemon is the core process of the Symantec Endpoint Protection (SEP) for Macintosh client. It is responsible for scheduling tasks, communicating with the Symantec Endpoint Protection Manager (SEPM), and applying policies among other things. Use the following steps to generate detailed, debug level logging for the SymDaemon process of the SEP for Macintosh client. 

NOTE: this is for the on-premises SEP for Mac only; there is no equivalent debug logging for the cloud-managed SES Mac client.

Cause

You have been asked by a Broadcom support engineer to provide a debug trace of the Symantec Endpoint Protection Manager SymDaemon process.

Environment

All supported Mac OS version 10.x to 12.x

SEP for Mac

Resolution

  1. Open terminal window and navigate to the SMC folder location—

    For SEP 14.2 RU2 and newer
      cd /Library/Application\ Support/Symantec/Silo/MES/SMC

    For SEP 14.2 RU1 MP2 and older:
      cd /Library/Application\ Support/Symantec/SMC

    The following instructions assume that this is the current directory.

  2. To enable debug logging for current SEP for MAC clients:

      sudo ./tools/SetSettings -ldebug
      # NOTE: Use sudo ./tools/SetSettings -lengineer in SEP 14.0.x and older clients.

      sudo cp com.symantec.trace.plist /Library/Preferences/
      # the library file 'com.symantec.trace.plist' is attached at bottom of this article. use the command line or manually copy the file to /Library/Preferences/

  3. Restart the Mac. 

  4. VERIFY that "DEBUG" statements are appearing in ../SMC/debug/smc_debug.log before proceeding.
    ptrace logging should appear in /Library/Logs/Symantec/ClientSDKService-###.log
     
  5. Reproduce the behavior. SymDaemon will generate debug level logging until debugging is disabled. For communications failures, run the logging for 3 times the length of the heartbeat interval to ensure the logging captures the heartbeat events.

    NOTE: Debugging persists through OS restarts. Debugging rolls over to a new log file after the file reaches 10 MB (not configurable). A maximum of five rolled-over log files are created, after which the older files are purged.
     
  6. Disable debug logging (i.e. reduce logging to default levels):

      sudo ./tools/SetSettings -linfo
     
  7. Gather the debug logging (../SMC/debug/smc_debug.log) and other relevant macOS diagnostics using the GatherSymantecInfo tool.

Attachments

1628885636513__com.symantec.trace.plist get_app
Powered by Wolken Software