SymDaemon is the core process of the Symantec Endpoint Protection (SEP) for Macintosh client. It is responsible for scheduling tasks, communicating with the Symantec Endpoint Protection Manager (SEPM), and applying policies among other things. Use the following steps to generate detailed, debug level logging for the SymDaemon process of the SEP for Macintosh client. 

NOTE: This is for the on-premises SEP for Mac only; there is no equivalent debug logging for the cloud-managed SES Mac client.

All supported Mac OS version 10.x to 13.x

SEP for Mac

You have been asked by a Broadcom support engineer to provide a debug trace of the Symantec Endpoint Protection Manager SymDaemon process.

1. Open terminal window and navigate to the SMC folder location—
   
   For SEP 14.2 RU2 and newer: 
     cd /Library/Application\ Support/Symantec/Silo/MES/SMC
   
   For SEP 14.2 RU1 MP2 and older:
     cd /Library/Application\ Support/Symantec/SMC

   The following instructions assume that this is the current directory and tools folder is located here.
   
   

2. To enable debug logging:
   
   NOTE: The SetSettings command is missing in SEP 14.3 RU5 & RU6 -- replace it with the RU3 SetSettings attached at bottom of this article. ( NOTE: If you are not able to run ( sudo ./tools/SetSettings -ldebug ) change the set settings permissions to 755 ( Sudo CHMOD 755 SetSettings ) and try the command again. 
   
   # SEP 14.2.x and newer:
   sudo ./tools/SetSettings -ldebug 
   
   # SEP 14.0.x and older:
   sudo ./tools/SetSettings -lengineer 

3. Additionally:
   
   sudo cp com.symantec.trace.plist /Library/Preferences/
   
   The library file 'com.symantec.trace.plist' is attached at bottom of this article.

4. Restart the Mac. 

5. VERIFY that "DEBUG" statements are appearing in ../SMC/debug/smc_debug.log before proceeding.
   ptrace logging should appear in /Library/Logs/Symantec/ClientSDKService-###.log 

6. Reproduce the behavior. SymDaemon will generate debug level logging until debugging is disabled. For communications failures, run the logging for 3 times the length of the heartbeat interval to ensure the logging captures the heartbeat events.
   
   NOTE: Debugging persists through OS restarts. Debugging rolls over to a new log file after the file reaches 10 MB (not configurable). A maximum of five rolled-over log files are created, after which the older files are purged.
    
7. Disable debug logging (i.e. reduce logging to default levels):
   
   sudo ./tools/SetSettings -linfo 
    
8. Gather the debug logging (../SMC/debug/smc_debug.log) and other relevant macOS diagnostics using the GatherSymantecInfo tool.