This article describes the steps for enabling Sylink debug logging. Sylink debugging is used for troubleshooting communication issues between the Symantec Endpoint Protection (SEP) client and the Symantec Endpoint Protection Manager (SEPM).
Versions: This document is for version 14.0, this document applies to clients running SEP 14.0 RU1 MP2 and earlier. For clients running SEP 14.2 and later, please refer to article https://knowledge.broadcom.com/external/article/171445/configuring-endpoint-protection-communic.html
Caution: Before you begin, you should make a backup of the Windows Registry. See the Microsoft article Back up the registry.
Note: You must disable the Tamper Protection feature before you follow this process. If you do not disable Tamper Protection, it will block the required registry key modifications. To disable Tamper Protection, see the following article: Disable Tamper Protection.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
Sylink debug logging is now enabled. The resulting log file appears in the location you specified above.
After you have collected the necessary data, disable Sylink debug logging by navigating to the same subkeys in the Windows Registry and making the following changes:
If you do not disable Sylink debug logging, the log file may grow very large with the communication data from client to management server.