Where can I find Endpoint Protection client log files?
search cancel

Where can I find Endpoint Protection client log files?

book

Article ID: 152795

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Where can I find the log files for Symantec Endpoint Protection (SEP) client?
What are the functions of each of the log files?

This information can be used for parsing or other data gathering methods.

Resolution

C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs contain the following log files:
  • AVMan.log - Antivirus Management plug-in log (contains copies of all antivirus events)
  • CVE.log- Client communication logs (14.2 and up)
  • CVE-actions.log- Client communications actions (14.2 and up)
  • GUProxy.log - GUP plug-in log (if you have a GUP enabled)
  • LUMan.log - LiveUpdate plug-in log
  • processlog.log - Application and Device Control log
  • rawlog.log - Firewall Packet log
  • seclog.log - Security log (IPS events mainly)
  • syslog.log - System log
  • tralog.log - Firewall Traffic log

Scan logs can be found under C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs\AV

%ProgramData%\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Cached Installs or in %Temp% contains the following log files:

  • SIS_INST.log
  • SMCinst.log - AutoUpgrade log
  • ROLLBACK.log - logs for rollbacks during failed installation
  • SEP_INST.log - MSI log
  • SYMEVENT.log - System Event Driver install log
  • teeferinstall.log - Teefer / Firewall Driver install log
  • vpremote.log - Remote push client log
Powered by Wolken Software