This article describes steps for configuring the Communication Module logging in Symantec Endpoint Protection (SEP) 14.2 and later. This logging is used to troubleshoot communication issues between the SEP client and the Symantec Endpoint Protection Manager (SEPM). Communication module logging replaces Sylink logging.
SEP 14.2 and later.
This article is for SEP on Windows. See otherwise How to enable SymDaemon debug logging for SEP for Mac and Overview of log and configuration files in SEP for Linux (sylink debugging).
In SEP 14.3 RU2 and later Communication Module logging can be enabled using the Client Management debug log settings
Additional Log level settings are as follows:
This method can still be used on 14.3 RU2 and later clients in addition to the UI method mention above.
Caution: Before you begin, you should make a backup of the Windows Registry. See the Microsoft article Back up the registry.
Note: Tamper protection must be disabled before you follow this process. If you do not disable Tamper Protection, it will block the required registry key modifications. To disable Tamper Protection, see the following article: Disable Tamper Protection
HKLM\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
Note: When troubleshooting communication issues, a value of 1 is strongly recommended to ensure that all pertinent data is collected. If this value is not present or is configured to use an invalid value, the product will default to a logging level of 4.
A service restart is not required for the new settings to take effect.
Note: For Mac specific instructions please see TECH132983
1. Communication logging will be found under C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs in the following two files:
2. Additionally, opstate data will be written in the following files under C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\