Enable Sylink debugging for Endpoint Protection clients

book

Article ID: 151511

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This article describes the steps for enabling Sylink debug logging. Sylink debugging is used for troubleshooting communication issues between the Symantec Endpoint Protection (SEP) client and the Symantec Endpoint Protection Manager (SEPM).

Note: For version 14.0, this document applies to clients running SEP 14.0 RU1 MP2 and earlier. For clients running SEP 14.2, refer to TECH250061

Resolution

Caution: Before you begin, you should make a backup of the Windows Registry. See the Microsoft article Back up the registry.


Note: You must disable the Tamper Protection feature before you follow this process. If you do not disable Tamper Protection, it will block the required registry key modifications. To disable Tamper Protection, see the following article: Disable Tamper Protection.

To enable Sylink debug logging via the Windows Registry

I. Enable SMC debug logging

  1. To open the Registry Editor, click Start. In the Search programs and files field, enter regedit, and then click regedit.exe from the list of results.
    Alternately, click Start > Run, enter regedit, and then click OK.
     
  2. Navigate to the following registry subkey on 64-bit systems:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\

    Note: For all 32 bit systems, navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
     
  3. Double-click smc_debuglog_on.
     
  4. Change the Value data to 1 and click OK.
     

II. Enable Sylink debug logging and define Sylink log location

  1. While still in the Windows Registry Editor, navigate to the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink

    Note: For all 32 bit systems, navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
     
  2. Click Edit > New > String Value.
     
  3. Name the new value DumpSylink.
     
  4. Double-click DumpSylink.
     
  5. In the Value data field, specify the name and location for the log file.
    For example, C:\Sylink.log would place the file Sylink.log at the root of the C: drive.
     
  6. Click Edit > New > DWORD
     
  7. Name the new value DumpSylinkLevel
     
  8. Double-click DumpSylinkLevel
     
  9. Change the Value data to 4 and click OK.
     
  10. Close the Registry Editor.
     

III. Restart the Symantec Management Client (SMC)

  1. Click Start, and in the Search programs and files field, enter the following command:
    smc -stop
    Alternately, click Start > Run, enter the command and then click OK.
     
  2. After the Symantec Endpoint Protection icon disappears from the notification area, repeat Step 1, but instead use the following command:
    smc -start

Sylink debug logging is now enabled. The resulting log file appears in the location you specified above.
 

To disable Sylink debug logging via the Windows Registry

After you have collected the necessary data, disable Sylink debug logging by navigating to the same subkeys in the Windows Registry and making the following changes:

  • Delete the DumpSylink string that you created.
  • Delete the DumpSylinkLevel dword that you created
  • Change the Value data of smc_debug_log back to 0.
  • Restart the Symantec Management Client.
  • Enable Tamper Protection again.

If you do not disable Sylink debug logging, the log file may grow very large with the communication data from client to management server.