Download SymDiag to detect product issues

book

Article ID: 155115

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Download and learn about SymDiag the Symantec Diagnostic Tool which identifies common issues and gathers data / logs for support-assisted troubleshooting.

Resolution

Download SymDiag

SymDiag for Windows (2.1.300)

  1. Download SymDiag for Windows.
    Save the file to the Windows desktop.
  2. On the Windows desktop, double-click the SymDiag.exe icon.
  3. Follow the on-screen instructions or consult the Table of Contents below to find further instructions for using SymDiag depending on what you want to accomplish with SymDiag

SymDiag for Linux (2.1.1101)

The method used to gather logs on a Linux system is dependent upon whether the SEP for Linux client  or the SES Linux Agent is being used.  

SEP for Linux (On-prem install)

  1. Download SymDiag for Linux.
    Right-click this link and choose "Save Target As" or "Save Link As".
  2. Save symdiag.run to a directory on the computer.
  3. Mark the file as executable to run as superuser.

    sudo chmod +x ./symdiag.run
    sudo ./symdiag.run

     
  4. Follow the on-screen instructions.

SES Linux Agent (cloud managed)

Get Agent Info script can be used to collect SES Linux Agent logs.  Run the following command from a terminal:

cd /opt/Symantec/sdcssagent/IPS/tools; ./getagentinfo.sh

 

SymDiag for macOS

SymDiag for macOS is not available. Instead, download one of the following:

  1. Download wssa-diag.sh for issues with WSS Agent or Unified Agent
  2. Download GatherSymantecInfo for issues with other Symantec products

Diagnostic .cloud for ProxySG

Additional diagnostic resources are available at Diagnostic .cloud for the following Network Protection products:

  • ProxySG

SymDiag Viewer for Windows (2.1.300)

  1. Download SymDiag Viewer for Windows.
    Save the file to the Windows desktop.
  2. On the Windows desktop, double-click the SymDiagViewer.msi icon.
  3. Follow the on-screen instructions to install the SymDiag Viewer
  4. Double click on any *.sdbz file and the file will be opened in the SymDiag Viewer

About SymDiag

The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic, and security analysis utility. SymDiag is provides self-help support for Symantec product technical issues, zero-day threat analysis, best practice recommendations, and proactive services to customers.

If you require further assistance, SymDiag lowers the level of effort and increases efficiency by automating data gathering and support case submission.

Supported products

SymDiag supports the following Symantec products:

  • Advanced Threat Protection (Linux)
  • Auth Connector
  • Authentication and Authorization Agent
  • Data Center Security Management Server
  • Data Insight
  • Data Loss Prevention 11.0 and later
  • Encryption Powered by PGP
  • Endpoint Encryption
  • Endpoint Protection 11.0 and later*
  • Endpoint Protection Small Business Edition (.Cloud)
  • Endpoint Protection Cloud
  • Information Center Analytics
  • Information Centric Tagging
  • Mail Security for Microsoft Exchange 6.5.2 and later*
  • Management Platform
  • Optical Character Recognition
  • Protection Engine
  • Unified Agent/Web Security Service Agent
  • VIP Access
  • Web Cloud Protection
  • Web Security Service

*SymDiag includes reporting on license status for this product. See About the Licensing Dashboard in SymDiag.

Supported operating systems

Windows

SymDiag runs on the same Windows operating systems that Symantec products that function with SymDiag support.

On Windows 2008 R2 Server Core, run SymDiag with the following command-line switch:

-net2

Linux

The following x86 and x64 Linux distributions are supported.

Distribution Minimum Version
RedHat Enterprise Linux 6.5
CentOS 6.5
Fedora 16
Oracle Linux 6.5
Debian 6.0.5
Ubuntu 11.10
SUSE 11.0
Novell Open Enterprise Server 11.0

 

Command-line and remote deployment

SymDiag comes with many command-line parameters, and you can remotely deploy SymDiag.

Self-help reporting

Before contacting Support, you can identify Symantec product issues, licensing status and identify best-practice configurations of your Symantec product. You can also attempt to identify suspicious files and start an investigation into whether they are zero-day threats.

Data collection for Support

You can run SymDiag on computers to produce self-help solutions, as well as collect data for support cases with Symantec.

Delivering data to Support

You should use SymDiag to gather data on relevant computers for support cases with Symantec. SymDiag lets you deliver that data directly into a new or existing support case.

Windows Root Certificate Requirement

SymDiag requires a root certificate to be auto installed by the Windows OS and that the OS supports SHA-2 code signing certificates.  If these requirements are not met, SymDiag will display an error message of "Failed to launch Symantec Diagnostic Tool".  This issue can be resolved by following the steps in the article Failed to launch Symantec Diagnostic Tool.

Release Notes

Build 2.1.300.1106 (09/01/2021) 

Issue Id Component OS Summary
SUPOPS-344 Auth Connector Windows Collect bcca.ini, saml.ini, and sso.ini in BCCA install directory
SUPOPS-316 DLP Windows Capture Microsoft Edge registry entries for ExtensionInstallForcelist and com.symantec.dlp
SUPOPS-329 SEE Windows Update latest version for Encryption Management Server and Encryption Desktop
SUPOPS-345 SEP Windows Encrypted data is not exported in decrypted format
SUPOPS-352 SEP Windows Sep Security log is missing Intrusion-URL
SUPOPS-354 SEPM Config Review Windows Proactive service scan did not save clients
SUPOPS-105 SymDiag Windows Display the Google extension registry for both 32 and 64bit locations
SUPOPS-355 SymDiag Windows Crash due to null reference in RecentLogsOnly
SUPOPS-358 SymDiag Windows RootkitDetectionMode is not logged
SUPOPS-345 Viewer Windows Encrypted data is not exported in decrypted format
SUPOPS-363 WSS Windows Do not capture pcaps when collecting data for the wssservice product in silent (-s) mode
SUPOPS-337 WSS Windows "File Saved" dialog is not brought to front when shown
SUPOPS-338 WSS Windows No error displayed when saving to non-existent folder

Build 2.1.298.1102 (07/08/2021) 

Issue Key Component/s OS Summary
SUPOPS-223 Viewer Windows Public SymDiag Decryption Service for Partners and Customers

Build 2.1.298.1101 (06/30/2021) 

Issue Key Component/s OS Summary
SUPOPS-272 DLP Linux Improve detection of DLP 15.7 on Linux
SUPOPS-291 DLP Linux Linux Max CPU speed is not correct, which impacts DLP Config review
SUPOPS-292 DLP Linux DLP Config Review incorrectly checks the number of cpus
SUPOPS-275 DLP Windows, Linux DLP 15.8 support
SUPOPS-165 DLP Windows DLP Agent enable or disable ETW / ETL logging
SUPOPS-204 DLP Windows, Linux DLP Enforce Protection Score shows as a decimal in the self-help report title
SUPOPS-271 SEE Windows SEE 11.2.1 and less are EOS
SUPOPS-235 SEE Windows Sql Server Express is not supported since see 11.2.1 mp1
SUPOPS-201 SEP Windows Extra columns in Parsed AV Logs view
SUPOPS-197 SEP Windows Not collecting the MSI logs in %TEMP% from different profiles
SUPOPS-307 SEP Windows In SEP AV Logs view, the Enhanced Outbreak Mode and Action Taken columns have _LT strings
SUPOPS-306 SEP Windows In SEP AV Logs view, the First Seen column data are _LT strings
SUPOPS-110 SymDiag Windows Threat Analysis root kit scan needs to tell user that the system needs to be rebooted to remove driver
SUPOPS-172 Viewer Windows When filtering Windows Events using the description column, it can take a long time to display the pick box or will hang
SUPOPS-122 Viewer Windows Displaying 13K files in file explorer is slow and leaks 25M
SUPOPS-297 WSS Windows Remove "Unified Agent" from product selection when neither are installed
SUPOPS-294 WSS Windows -limiteddata option is not working when using -forsupport in the command line
SUPOPS-219 WSS Windows Not gathering additional files when debugging WSS Agent

Build 2.1.296.1094 (05/13/2021) 

Key Component/s OS Summary
SUPOPS-230 SEP Windows Collect Local GPO info
SUPOPS-242 SEP Windows EP information tab, Serial Number is not showing the serial number
SUPOPS-225 SEP Windows Proactive Threat Protection Truscan state is unknown
SUPOPS-108 SEP Windows Symdiag Reports SEP Firewall & SymTDI is not configured properly
SUPOPS-109 SEP Windows Symdiag reports IPS is inconclusive
SUPOPS-216 SEP Windows In Endpoint Protection Client Summary, the S3 Server is listed
SUPOPS-45 SEP, SEPM Windows EP 14.3 RU1 MP1 released
SUPOPS-255 SEP, SEPM Windows EP 14.3-RU2 released
SUPOPS-168 SEP, Viewer Windows Remove EpClient exceptions from Information tab and encrypt them
SUPOPS-61 SEPM Windows Incorrect Database Version in Information Report
SUPOPS-51 SymDiag Windows Error message "Failed to create temporary folder" needs more data for the failure
SUPOPS-60 SymDiag Windows Capture Device Guard settings
SUPOPS-260 SymDiag Windows Temporarily disable case attachment
SUPOPS-174 Viewer Windows SymDiag Decryption Service UI Control
SUPOPS-59 Viewer Windows Viewer indicates what information has been encrypted
SUPOPS-222 Viewer Windows Make Viewer public
SUPOPS-47 WSS Windows Update etl2pcapng to version 1.5
SUPOPS-63 WSS Windows Run "BNS Curl" command when gathering data
SUPOPS-64 WSS Windows Enable WSS Service debug logging by default

Build 2.1.292.876 (03/01/2021) 

Issue Key Component OS Summary
SAD-908 DLP Windows, Linux Update DLP config review text from feedback
SAD-1109 SED Windows Encryption Desktop 10.5 MP1 released
SAD-1064 SEP Windows SMR521.SYS is installed when an EP Client scan is done
SAD-1084 SEP Windows SEP 14.3 Debug logs are not created
SAD-1098 SEP Windows Add EP 14.3 WPP Providers
SAD-967 SEPM Windows Not saving the output of exec sp_who2 on Sql Server/Express
SAD-1111 SEPM Windows SEPM Client/Server Distribution table does not list all domains 
SAD-1100 SEPM Windows SEPM Config Review Protection Technology Summary needs to be last 30 days
SAD-1082 SEPM Windows Update urls in the SEP Config Review
SAD-1081 SymDiag Windows SymDiag exits after collecting data for support with an EO.WebBrowser exception
SAD-1112 SymDiag Linux Remove the Symantec Mail Gateway (SMG) product
SAD-1078 SymDiag Windows Add Chrome Browser information for OS collection

Build 2.1.290 (02/02/2021) 

Issue key Component Summary
SAD-886 CWP CWP: Integrate CAF data & Azure VM Extension log collection
SAD-968 DLP Enforce and Detection server reports do not allow user to fix date issue
SAD-1025 SED SED Service report errors if SEE is also installed
SAD-1029 SEE Change SEE version from File Version to Product Version
SAD-1008 SEE SEE 11.3.1 is latest version
SAD-1032 SEP SEP Security Log does not show INTRUSION-URL nor X-INTRUSION-PAYLOAD-URL
SAD-1005 SEP [RU1 Refresh] Symdiag reports SDS Defs are corrupt when ADVML is enabled on agent
SAD-1056 SEPM SEPM Config Review has some OS entries of None which are Mac OSes
SAD-1016 SEPM SEPM Config Review Finding tables show "No Data"
SAD-1007 SEPM SEPM Protection Overview section 4 charts are correct, but the table below them are not correct
SAD-1002 SEPM SEP Protection Overview tables empty despite having data in the graphs
SAD-957 SEPM For Sep Config Review, the Log Size recommendation will show the data used to reach the conclusion
SAD-1004 SymDiag Remove SHA-1 cert as SHA-1 timestamp server has shutdown on 1/1/2021

Build 2.1.288 (12/17/2020)

Issue        Component Summary
SAD-988  SEE            Encryption Desktop latest version needs to be updated
SAD-982  SEP            WPP Reboot debugging may error that it is unable to stop wpp logging
SAD-977  WSS           If select to collect additional files, then select a product to debug, you will not be prompted for the additional files
SAD-971  WSS           Error dialog if no network data was captured
SAD-970  WSS           When debugging the WSS Service, "Are you finished" prompt is not displayed
SAD-992                     Not collecting LiveUpdate logs and settings
SAD-990                     It takes 1 minute for the product plugins to load

Build 2.1.286 (12/09/2020)

SAD-959 Update for SEP 14.3 RU1
SAD-926 Command line option to update and then exit
SAD-925 Command line option to specify debug time
SAD-917 WSS Health check for network connectivity
SAD-904 Memory leak by SES Config Review during Findings review process
SAD-903 Slow collection of SES Config Review when there is a large number of clients with old IPS, AV or scans
SAD-895 Viewing a large SES Proactive Service can run the system out of memory
SAD-889 The output when running an external command is displayed
SAD-859 Add System Uptime to the System Information under information tab
SAD-858 Provide "Quick Fix" for missing SSL interception certificate
SAD-857 Collect additional files after debug tests are run
SAD-856 Ability to capture PCAPs using `net trace`
SAD-842 SymDiag will not collect SEP uninstall logs.
SAD-757 launch64.exe is not signed
SAD-205 [Wss Agent] Windows licensing status
SAD-204 [WSS Agent]SymDiag Feature Request: Detect test signing mode

Build 2.1.284 (11/02/2020)

SAD-784 SES information does not show all of the exceptions created in the Exception Policy
SAD-807 The SES Service report shows an incorrect NTR/SEPWSC/ScanService status on Win7
SAD-840 SymDiag exits when trying to collect SES cloud policies when not connected to the cloud
SAD-853 On Linux, Enforce Tns Listener report has result and text issues
SAD-855 Enforce Oracle permission sql errors
SAD-847 SEPM Config Review Technology Summary does not have % symbols in the Percent column
SAD-846 SEPM Config Review has incorrect client count in 2 places of the report
SAD-870 DLP 15.7 MP1 Windows Agent vnwcd service report is a false negative
SAD-878 DLP Agent services vfsmfd and vrtam are flagged as errors when not running, but are demand start
SAD-874 SBE cloud EOL on 11/1
SAD-835 Customer ID is incorrect on WSS Agent page
SAD-837 SES update WTR to NTR in  the output
SAD-877 Enforce ListAgentsLegacy sql query errors on 15.7

Build 2.1.282 (9/10/2020)

SAD-444  File upload to a case is not working
SAD-621  Update URL in Protection Overview Report
SAD-615  Integrate WSSA tool and WSS data collection into EPClient collection
SAD-677  WSS not displaying ThreatPulse
SAD-691  Sep 14.3 GA release
SAD-694  Not collecting additional files that should be collected
SAD-571  Even-though IPS is enabled , symdiag shows IPS feature is Inconclusive
SAD-450  Configuration Review String
SAD-620  Sort Security Advisories by client versions in the config review
SAD-255  Application Learning detail report appears in Configuration Review when it is OK
SAD-657  Number of SEP Clients is counting duplicate systems
SAD-707  Update to latest EO.WebBrowser to resolve exception when logging in to case management
SAD-443  Broken KB URL
SAD-708  Update missing kb links
SAD-451  Configuration Review URL update
SAD-645  Exception when collecting Cloud Policies
SAD-439  Update WSS and UnifiedAgent known versions
SAD-676  Viewer report if serial numbers are core or not
SAD-729  Remove Data Insight reports and only collect data
SAD-579  Database is locked message is sometimes displayed when saving the file
SAD-733  SymDiag not detecting DLP 15.7 on Windows
SAD-740  SymDiag can't connect to the reputation server
SAD-668  SEPM Protection Score report has Download Insight is not enabled on -x endpoints

Build 2.1.280 (5/26/2020)

SAD-424  SymDiag Viewer does not show Config Review on BCP VM
SAD-421  SEP 14.3 unexpected installation configuration report error
SAD-417  Red Hat 7.7 OS is listed as not supported
SAD-413  Unknown DriveFormat on Linux
SAD-412  Not collecting OS name on some Linux
SAD-409  Update DLP Version Checking and Remove Reference to 14.x
SAD-406  KB Click 404 Client communications might not be working
SAD-396  RHEL 7.7 not able to get list of services
SAD-373  EO.WebBrowser exceptions when Save Window is displayed
SAD-361  Version Check for Encryption is out of date
SAD-263  [SEP 14.3] Update system requirements report
SAD-249  Collect and display cloud client policies
SAD-5      Update latest version report
SAD-358  Update DLP Config Review links to Broadcom
SAD-357  Config Review report Clients with less than 1.5 GB free disk space is not correct
SAD-353  Update SEP Config Review KB links to Broadcom links
SAD-268  [PO] modify the thresholds for when the IPS and the virus "Definitions out of date" checks fail and display data
SAD-266  [PO] List group names and policies applied
SAD-265  [PO] Emphasize each of the SEP protection technologies for threats and computers
SAD-264  [PO] Top 5 IPS sigs triggered, top 5 machines with IPS events
SAD-233  Present policy version for Cloud managed client

 


Related terms: symhelp, symhelpexe,symantec help