Debug SymDaemon on the Endpoint Protection Macintosh client


Article ID: 152505


Updated On:


Endpoint Protection Endpoint Security


SymDaemon is the core process of the Symantec Endpoint Protection (SEP) for Macintosh client. It is responsible for scheduling tasks, communicating with the Symantec Endpoint Protection Manager (SEPM), and applying policies among other things. Use the following steps to generate detailed, debug level logging for the SymDaemon process of the SEP for Macintosh client.


  1. Open terminal window and navigate to SMC folder location—

    SEP 14.2 RU2
      cd /Library/Application\ Support/Symantec/Silo/MES/SMC

    SEP 14.2 RU1 MP2 and older:
      cd /Library/Application\ Support/Symantec/SMC

    The following instructions assume that this is the current directory.

  2. Enable debug logging:

      sudo ./tools/SetSettings -ldebug # NOTE: use -lengineer in SEP 14.0.x and older

  3. Restart SymDaemon. This isn't necessary but does force a heartbeat immediately which is useful for debugging:

      sudo launchctl unload /Library/LaunchDaemons/*plist
      sudo launchctl load /Library/LaunchDaemons/*plist

  4. VERIFY that "DEBUG" statements are appearing in ../SMC/debug/smc_debug.log before proceeding.
  5. Reproduce the behavior. SymDaemon will generate debug level logging until debugging is disabled. For communications failures, run the logging for 3 times the length of the heartbeat interval to ensure the logging captures the heartbeat events.

    NOTE: Debugging persists through OS restarts. Debugging rolls over to a new log file after the file reaches 10 MB (not configurable). A maximum of five rolled-over log files are created, after which the older files are purged.
  6. Disable debug logging (i.e. reduce logging to default levels):

      sudo ./tools/SetSettings -linfo
  7. Gather the debug logging (../SMC/debug/smc_debug.log) and other relevant macOS diagnostics using the GatherSymantecInfo tool.