You want to be able to monitor the status of Symantec Endpoint Protection Cloud (SEP Cloud) on Windows devices with Remote Monitoring and Management (RMM) Software.
This document provides generic recommendations on aspects of the agent to monitor on Windows workstation and server devices to verify its current status. Please refer to the documentation provided by your RMM vendor for specific details on how to configure monitoring for these in your specific solution. Note that it may not be possible to monitor all of these depending on your RMM solution.
On Windows devices, the location of executables and data on the file system is variable, and will be updated when Symantec releases agent upgrades. To verify the current directories related to the agent on a specific device, information is provided within the Windows registry.
This document makes reference the to the following locations:
The INSTALLDIR directory is referred to in the following registry location:
By default, this will point to C:\Program Files\Symantec Endpoint Protection Cloud\Engine\<Product Version> (Example: C:\Program Files\Symantec Endpoint Protection Cloud\Engine\18.104.22.168).
The DATADIR directory is referred to in the following registry location:
By default, this will point to C:\Program Files\Symantec Endpoint Protection Cloud\NortonData\<Product Version> (Example: C:\Program Files\Symantec Endpoint Protection Cloud\NortonData\22.214.171.124).
The following service will be present and start automatically on Windows devices running SEP Cloud. When possible, this is the recommended way to verify that SEP Cloud is running on a system, rather than monitoring for the presence of running processes.
The client version can be checked in the Windows registry under the following location:
At least one instance of the following process will be running on a device running SEP Cloud. This can be used if your RMM solution does not allow for the monitoring of running Windows processes.
Information on current AntiVirus definitions can be found within the following file:
This is a text file in the following format:
An example of this file is as follows:
Some RMM solutions have the ability to invoke a command to update AntiVirus agents. For SEP Cloud, updates can be invoked by running uistub.exe with the /lu argument.
For example, from the Windows command prompt this could be invoked as follows (given agent version 126.96.36.199):
"C:\Program Files\Symantec Endpoint Protection Cloud\Engine\188.8.131.52\uistub.exe" /lu
This section is for customers and partners who utilize ConnectWise Automate as their RMM solution.
For partners who manage SEP Cloud customers through the Partner Management Console (PMC), a ConnectWise Integration Package is available. On the Home Page of the PMC, under Quick Tasks, there is a link to download the ConnectWise Integration Package. This package contains a ReadMe PDF with instructions on how to utilize this package. Please refer to that PDF for details on how to use the integration package.
For customers who do not have access to the PMC, or those who wish to manually configure monitoring in ConnectWise, the following settings are recommended for ConnectWise Automate in order to monitor the status of SEP Cloud agents.