Download SymDiag to detect product issues


Article ID: 155115


Updated On:


Symantec Products


Learn about and download SymDiag, the Symantec Diagnostic Tool. SymDiag helps identify common issues and gathers data for support-assisted troubleshooting.

Also available are links to SymDiag FAQs and additional support resources.


Download SymDiag (v2.1.284)

SymDiag for Windows

  1. Download SymDiag for Windows.
    Save the file to the Windows desktop.
  2. On the Windows desktop, double-click the SymDiag.exe icon.
  3. Follow the on-screen instructions or consult the Table of Contents below to find further instructions for using SymDiag depending on what you want to accomplish with SymDiag

SymDiag for Linux (2.1.848)

The method used to gather logs on a Linux system is dependent upon whether the SEP for Linux client  or the SES Linux Agent is being used.  

SEP for Linux (On-prem install)

  1. Download SymDiag for Linux.
    Right-click this link and choose "Save Target As" or "Save Link As".
  2. Save to a directory on the computer.
  3. Mark the file as executable to run as superuser.

    sudo chmod +x ./
    sudo ./

  4. Follow the on-screen instructions.

SES Linux Agent (cloud managed)

Get Agent Info script can be used to collect SES Linux Agent logs.  Run the following command from a terminal:

cd /opt/Symantec/sdcssagent/IPS/tools; ./


SymDiag for macOS

SymDiag for macOS is not available. Instead, download one of the following:

  1. Download for issues with WSS Agent or Unified Agent
  2. Download GatherSymantecInfo for issues with other Symantec products

Diagnostic .cloud for ProxySG

Additional diagnostic resources are available at Diagnostic .cloud for the following Network Protection products:

  • ProxySG

About SymDiag

The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic, and security analysis utility. SymDiag is provides self-help support for Symantec product technical issues, zero-day threat analysis, best practice recommendations, and proactive services to customers.

If you require further assistance, SymDiag lowers the level of effort and increases efficiency by automating data gathering and support case submission.

Supported products

SymDiag supports the following Symantec products:

  • Advanced Threat Protection (Linux)
  • Auth Connector
  • Authentication and Authorization Agent
  • Data Center Security Management Server
  • Data Insight
  • Data Loss Prevention 11.0 and later
  • Encryption Powered by PGP
  • Endpoint Encryption
  • Endpoint Protection 11.0 and later*
  • Endpoint Protection Small Business Edition (.Cloud)
  • Endpoint Protection Cloud
  • Information Center Analytics
  • Information Centric Tagging
  • Mail Security for Microsoft Exchange 6.5.2 and later*
  • Messaging Gateway
  • Management Platform
  • Optical Character Recognition
  • Protection Engine
  • Unified Agent/Web Security Service Agent
  • VIP Access
  • Web Security Service
  • Web Isolation

*SymDiag includes reporting on license status for this product. See About the Licensing Dashboard in SymDiag.

Supported operating systems


SymDiag runs on the same Windows operating systems that Symantec products that function with SymDiag support.

On Windows 2008 R2 Server Core, run SymDiag with the following command-line switch:



The following x86 and x64 Linux distributions are supported.

Distribution Minimum Version
RedHat Enterprise Linux 6.5
CentOS 6.5
Fedora 16
Oracle Linux 6.5
Debian 6.0.5
Ubuntu 11.10
SUSE 11.0
Novell Open Enterprise Server 11.0


Command-line and remote deployment

SymDiag comes with many command-line parameters, and you can remotely deploy SymDiag.

Self-help reporting

Before contacting Support, you can identify Symantec product issues, licensing status and identify best-practice configurations of your Symantec product. You can also attempt to identify suspicious files and start an investigation into whether they are zero-day threats.

Data collection for Support

You can run SymDiag on computers to produce self-help solutions, as well as collect data for support cases with Symantec.

Delivering data to Support

You should use SymDiag to gather data on relevant computers for support cases with Symantec. SymDiag lets you deliver that data directly into a new or existing support case.


Historical Notes

The Symantec Diagnostic Tool (SymDiag) has been developed by Symantec over many years and has had a number of different names. The following support utilities have been a part of that history and are all now no longer used by support in favor of the improved and inclusive features maintained in SymDiag:

  • Symantec Endpoint Protection Support Tool (SEPST)
    • 8/21/2008 to 11/13/2012
    • Also the separate Backup Exec Support Tool (BEST)
  • Symantec Help (SymHelp)
    • 9/18/2012 to 12/1/2015
    • Veritas product support removed at the end of 2015

Release Notes

Build 2.1.284 (11/02/2020)

SAD-784 SES information does not show all of the exceptions created in the Exception Policy
SAD-807 The SES Service report shows an incorrect NTR/SEPWSC/ScanService status on Win7
SAD-840 SymDiag exits when trying to collect SES cloud policies when not connected to the cloud
SAD-853 On Linux, Enforce Tns Listener report has result and text issues
SAD-855 Enforce Oracle permission sql errors
SAD-847 SEPM Config Review Technology Summary does not have % symbols in the Percent column
SAD-846 SEPM Config Review has incorrect client count in 2 places of the report
SAD-870 DLP 15.7 MP1 Windows Agent vnwcd service report is a false negative
SAD-878 DLP Agent services vfsmfd and vrtam are flagged as errors when not running, but are demand start
SAD-874 SBE cloud EOL on 11/1
SAD-835 Customer ID is incorrect on WSS Agent page
SAD-837 SES update WTR to NTR in  the output
SAD-877 Enforce ListAgentsLegacy sql query errors on 15.7

Build 2.1.282 (9/10/2020)

SAD-444  File upload to a case is not working
SAD-621  Update URL in Protection Overview Report
SAD-615  Integrate WSSA tool and WSS data collection into EPClient collection
SAD-677  WSS not displaying ThreatPulse
SAD-691  Sep 14.3 GA release
SAD-694  Not collecting additional files that should be collected
SAD-571  Even-though IPS is enabled , symdiag shows IPS feature is Inconclusive
SAD-450  Configuration Review String
SAD-620  Sort Security Advisories by client versions in the config review
SAD-255  Application Learning detail report appears in Configuration Review when it is OK
SAD-657  Number of SEP Clients is counting duplicate systems
SAD-707  Update to latest EO.WebBrowser to resolve exception when logging in to case management
SAD-443  Broken KB URL
SAD-708  Update missing kb links
SAD-451  Configuration Review URL update
SAD-645  Exception when collecting Cloud Policies
SAD-439  Update WSS and UnifiedAgent known versions
SAD-676  Viewer report if serial numbers are core or not
SAD-729  Remove Data Insight reports and only collect data
SAD-579  Database is locked message is sometimes displayed when saving the file
SAD-733  SymDiag not detecting DLP 15.7 on Windows
SAD-740  SymDiag can't connect to the reputation server
SAD-668  SEPM Protection Score report has Download Insight is not enabled on -x endpoints

Build 2.1.280 (5/26/2020)

SAD-424  SymDiag Viewer does not show Config Review on BCP VM
SAD-421  SEP 14.3 unexpected installation configuration report error
SAD-417  Red Hat 7.7 OS is listed as not supported
SAD-413  Unknown DriveFormat on Linux
SAD-412  Not collecting OS name on some Linux
SAD-409  Update DLP Version Checking and Remove Reference to 14.x
SAD-406  KB Click 404 Client communications might not be working
SAD-396  RHEL 7.7 not able to get list of services
SAD-373  EO.WebBrowser exceptions when Save Window is displayed
SAD-361  Version Check for Encryption is out of date
SAD-263  [SEP 14.3] Update system requirements report
SAD-249  Collect and display cloud client policies
SAD-5      Update latest version report
SAD-358  Update DLP Config Review links to Broadcom
SAD-357  Config Review report Clients with less than 1.5 GB free disk space is not correct
SAD-353  Update SEP Config Review KB links to Broadcom links
SAD-268  [PO] modify the thresholds for when the IPS and the virus "Definitions out of date" checks fail and display data
SAD-266  [PO] List group names and policies applied
SAD-265  [PO] Emphasize each of the SEP protection technologies for threats and computers
SAD-264  [PO] Top 5 IPS sigs triggered, top 5 machines with IPS events
SAD-233  Present policy version for Cloud managed client


Related terms: symhelp, symhelpexe,symantec help