How to enable "Vpdebug Logging" on Symantec Endpoint Protection
search cancel

How to enable "Vpdebug Logging" on Symantec Endpoint Protection

book

Article ID: 151351

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Steps to follow when Symantec Technical Support has requested to enable "VPdebug logging" on a Symantec Endpoint Protection client.

Resolution

VPdebug logging can be enabled either from the Symantec Endpoint Protection GUI, or by adding an entry to the Windows Registry. The "VPdebug.log" file will be created in 

\ProgramData\Symantec\Symantec Endpoint Protection\<version_number>\Data\Logs by default


To enable "VPdebug logging" on a Symantec Endpoint Protection client from the GUI, follow the below steps:
 

  1. In the client, on the Help and Support menu,
  2. Select Troubleshooting...
  3. In the Troubleshooting dialog, click Debug Logs
  4. Under Symantec Endpoint Protection, click Edit Debug Log Settings
  5. In the Symantec Endpoint Protection Debug Log Settings dialog box, type ALL.
  6. Once data has been collected, follow the above steps and remove the ALL value.


 



To enable "VPdebug logging" on a Symantec Endpoint Protection client by adding an entry to the Windows Registry, follow the below steps:
 

  1. Click on Start> Run
  2. Type Regedit
  3. Click Ok
  4. Open the registry editor
  5. Go to HKEY_LOCAL_MACHINE> SOFTWARE\Symantec\Symantec Endpoint Protection\AV\ProductControl
  6. Change the Debug value to ALL.
  7. Once the data has been collected and you need to disable it remove the ALL value.


NOTE:
On 64 bit systems, the correct key is HKEY_LOCAL_MACHINE\SOFTWARE\WoW6432Node\Symantec\Symantec Endpoint Protection\AV\ProductControl.

If Tamper Protection is enabled, you will need to first disable Tamper Protection to make the registry changes.

To enable "VPdebug logging" on a Symantec Endpoint Protection for Linux.

For SEP client version 14.3 RU1 and later:

Stop SEP services
/usr/lib/symantec/stop.sh 

Edit both these files:
/opt/Symantec/sdcssagent/AMD/system/AntiMalware.ini.1
/opt/Symantec/sdcssagent/AMD/system/AntiMalware.ini

In each of these files change the line to:
amdmanagement.antimalware.trace.level=trace

Restart the SEP services
/usr/lib/symantec/start.sh 
The log files will be in /var/log/sdcsslog/amdlog/sisamd_0.log.
 
Note: By default, the AMD logging level is info. You can change the logging level to trace, to warning, or to error.

For SEP client version 14.3 MP1 and earlier:

Use the following command to enable vpdebug logging:

# ./symcfg add --key '\Symantec Endpoint Protection\AV\ProductControl\' --value 'Debug' --data 'ALL' --type REG_SZ

Repeat the same command with no value for data to turn it OFF:

# ./symcfg add --key '\Symantec Endpoint Protection\AV\ProductControl\' --value 'Debug' --data '' --type REG_SZ

Powered by Wolken Software