The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic and security analysis utility. SymDiag is designed to provide self-help support for Symantec product technical issues, zero day threat analysis, best practice recommendations and proactive services to customers. If further assistance is needed, SymDiag lowers customer effort and increases support efficiency by providing automated data gathering and support case submission.
Note: In the latest release Symantec Help (SymHelp) has been renamed to the Symantec Diagnostic Tool (SymDiag).
- Download SymDiag
- What's new
- Supported products
- Support operating systems
- SymDiag overview
- Using SymDiag
- Release notes
Both Windows and Linux versions of SymDiag are available to download. See Downloading SymDiag.
In the latest version of SymDiag many fixes and enhancements were implemented.
|Operating System||SymHelp Version|
SymDiag supports the following Symantec products:
- Data Center Security Management Server
- Data Loss Prevention 11.0 and later
- Endpoint Protection 11.0 and later*
- Endpoint Protection Small Business Edition (Cloud)
- Mail Security for Microsoft Exchange 6.5.2 and later*
- Unified Endpoint Protection Cloud Security
Note: Veritas products are now supported through the Veritas Quick Assist tool.
*Includes reporting on product license status. See About the Licensing Dashboard in SymDiag.
SymDiag will run on the same Windows operating systems that are supported by those Symantec products which function with SymDiag.
To run on Windows 2008 R2 Server Core, the -net2 command-line switch is required.
The following x86 and x64 Linux distributions are supported.
|RedHat Enterprise Linux||6.5|
|Novell Open Enterprise Server||11.0|
- Q: Who is SymDiag designed for?
A: SymDiag is designed to assist Symantec customers and support personnel with data gathering and troubleshooting for Symantec products. See Scan for product issues, view reports and resolve issues with SymDiag.
- Q: What does SymDiag do to my computer?
A: SymDiag performs checks by gathering information from the local computer and analyzing it. SymDiag does not permanently alter any files on the computer unless the user explicitly agrees to this when prompted. SymDiag does not permanently install anything on your computer when it runs.
- Q: Does this utility support remote connections?
A: Yes. You can run the utility over an Remote Desktop Protocol (RDP) connection, or by using other commercial remote administration utilities.
- Q: The utility didn't help me. What next?
A: If SymDiag is unable to diagnose or fix your issue, you can search our knowledge base or contact Technical Support.
You can proactively use SymDiag to gather data that Technical Support may request to diagnose and resolve your issue. You can also create or update a support case directly from SymDiag.
After you start SymDiag, SymDiag checks to see if you have at least Microsoft .NET Framework 2.0 on the computer. If not, SymDiag will provide a prompt with the following options:
- Download and install Microsoft .NET Framework 2.0.
- Exit without running SymDiag
If SymDiag finds an update, it automatically updates itself and restarts. Once you have the latest version, click the "I accept the EULA" to go to the Home page.
In the top, left-hand corner, the Scan section provides a list of scan options, including:
- Self-help reporting - Diagnose detectable issues with Symantec products.
- Threat Analysis - Identify potentially malicious files on a system.
- Data collection for support - Provide support with data about your Symantec product and computer.
In the top right-hand corner, the Resources section contains online Technical Support options, as well as data collection options.
Under Scan, the Installed Products - Licensing Overview section lists the detected Symantec products and, for some products, licensing information.
Under Installed Products, the System section features a dashboard showing various system resource utilization statistics.
Once a scan is complete, scan results are displayed below the Self Help option within the Scans section. The results will contain links to the reports that the scans may generate. Also, once a scan is complete additional tabs will be displayed along side of the Home tab in the blue bar along the top of the window. These buttons depend on the scan options selected and may include the following: Threat Analysis, Report, Information and Save.
Threat Analysis Page
For more information about the Threat Analysis page see the following articles:
The Report Page
If you are experiencing an issue with a supported Symantec product select the Report page button to see a list of issue reports. These reports are grouped by product and have four possible status levels:
- Error - The report has determined that there is an issue that needs to be addressed
- Warning - The report has determined that there might be an issue that needs to be addressed
- OK - The report has determined that there is not an issue
- Missing Data - The report was unable to complete because required data is missing
Each report contains one or more tests which provide more specific information. Each report also contains the button 'Click here for solution' that links to a public knowledge base document that describes the issue in greater detail.
The Information Page
The Information page outlines general information about your computer, such as available disk space, operating system information, etc. It also includes Symantec product specific information when a supported Symantec product is detected.
The Save Page
This page allows the user to specify contextual information and to direct the saving and 7zip compression of the gathered data into a file with the extension .sdbz. This file is typically delivered to Support in order to assist Support in the troubleshooting of an issue that SymDiag's reports have not already been able to provide a resolution for.
You can run SymDiag from a command line with a number of command line options. For detailed information, see Command-line parameters for SymDiag
For more information regarding SymDiag follow this link: Frequently asked questions about the Symantec Diagnostic Tool (SymDiag)
Build 22.214.171.1249 (7/15/2016)
Build 126.96.36.1993 (7/13/2016)
3878625 Report on full.zip download configuration
3957373 [SUEP] Change name to Endpoint Protection Cloud
3957496 Update latest version report for SUEP (aka EP Cloud)
3960521 Set DLP Enforce database password from command line using -enforcedb [password]
3961952 Enable DLP Enforce and Detection on Linux
3962484 Implement DLP Proactive Service report
3963725 EpConsole to use new Proactive Service framework
3967326 Add GUID to the filename of SDBZ for SFDC reporting
3967417 Change the exit questions to look similar to kb "Rate this article"
3967814 Unclosed literal string exception error when run on some SEPM systems
3968486 Update latest version report for MP5 for SEP and SEPM
3968489 Update security advisory report with SYM16-010 and SYM16-011 for SEP and SEPM
3968519 Update for DLP v14.5
3968969 False positive for Proactive Service report "Is the SEPM Manager storing recommended content levels?"
3969021 Display data for Infected Clients summary in SEPM Proactive Service report
3969042 In the SEPM database credentials UI, allow the user to set a password if it is blank
3971838 Remove Ftp update from Linux version
Build 188.8.131.528 (6/9/2016)
3351634 Collect SEPM LU content policy information
3638076 [Query SEPM] Include the database version in SEPM database details captured in information tab.
3900694 [DCS] COllect purge settings and display it in viewer.
3915786 Showing Error instead of warning of Service not installed
3917666 SMSMSE - Update Services report to test for permissions on services not using "SystemAccount".
3941690 Treat SEP SMB/.Cloud version 12.1.4013.4013 differently than SEP 12.1 RU 4 Enterprise
3944803 Add SUEP product to cloud case entitlement
3948332 Invalid path in SUEP data collection
3954318 WPP logs not collected (Norton client)
3957384 When running TAS with no network, .lnk files are being submitted for reputation
3957490 Update latest version report for DCS 6.6 MP1
3957493 Update SMSMSE latest version report for 7.5.4
Build 184.108.40.2063 (5/12/2016)
3718679 Debug logging timer added to automate the process of starting and stopping debug.
3827306 [Command-line] Command-line debug logging does not work
3920432 Update custom file collection file name to SymDiagCustomFiles.txt
3909248 Threat Scan reboot loop fixed
3922165 Threat Analysis Scan set to scan all profiles by default
3918125 SMSMSE Product warning for Rapid Release definitions and Intelligent Updater definition packages no longer available for older versions.
3940480 SymDiag can now open new cases and update existing cases with evidence for SEP .cloud.
3928364 Change the format of the version in the latest version report for EP and SEPM
3939856 SEP update to latest version report
3938558 Updated cancel button to cancel and save locally
3929895 Added EP Client Features installed and configured report
3941016 SMSMSE - Add Product Alert for ALERT1898
3940382 False positives in definition corruption report for SEP 12.1 RU4
3945428 Change the SEP client drivers and services report to indicate a Warning status instead of Error
Build 220.127.116.117 (4/14/2016)
3925167 Update SEPM Security Analysis for new vulnerability
Build 18.104.22.1686 (4/13/2016)
3735366 Add bcp.exe to permissions collection for RU5
3775212 Serstate.dat is not collected
3846883 dbisqlc: "Error at line 1"
3867042 Enumerate temp directory for user account on SEPM service (semsrv)
3877211 Update SEPM security advisory
3885619 client communication report error false positive
3888044 Firewall and Download Insight features listed as not installed in Information report
3890755 SMSMSE - Report - VSAPI threads needs more details and clarification for configuration.
3890758 SMSMSE - Report - "Virus Definition Updates" report needs to updated and possibly combined with another definition report.
3910888 The attached data set is flagging the latest version of the manager as not being the latest. It doesn’t show up in the details at the end of the report, but the “findings overview” does flag it for review.
3910903 unable to set database domain for trusted authentication from file
3912248 Remove product wise education services display according to new format of education services
3917462 Password error when connecting to an offbox Sql Server
3919817 'Operating System Name' is incorrect for Windows 10 in Information report
3920451 [Ducati] Update the SEP and SEPM latest version reports for 12.1 RU6 MP4
3923543 Alphabetize SEP Features in Information report
3925165 Update SEPM Security Analysis for RU6 MP4
3925167 Update SEPM Security Analysis for new vulnerability
3925176 False positive in drivers and services report for SEP client
3925187 [Ducati] Update security advisory report for Manager and Client 12.1.6 MP4 and SYM16-003
3928364 Change the format of the version in the latest version report for EP and SEPM
3929849 Add a kb link button on AutoFix Result page to redirect user directly to kb article.
3931079 When configure threat analysis to scan a folder, it does not identify an .exe that is not named a .exe
Build 22.214.171.1248 (3/31/2016)
Restored open or update support case data delivery
Build 126.96.36.1995 (3/10/2016)
Removed open or update support case data delivery
3921214 Autofix not working
Build 188.8.131.523 (2/24/2016)
3896994 DLP 12.5.3 update
3901381 Unhelpful, confusing error message when running SMR scan
3912348 sepAnalyzer exceptions when move off of sepanalyzer report and then back to it
3913111 telemetry: Uncaught exception in AutofixHostVm.AutofixHostVm_Loaded
3913119 Exception when running Threat Analysis Scan on XP (uncaughtexception dllnotfoundexception StLibC.dll)
Build 184.108.40.2061 (2/16/2016)
3764397 When waiting for defs and it goes over 10 mins, allow user to continue on
3781688 False positive for Windows SBS 2008 in system requirements report
3781694 User Account Control report has potentially contradictory status
3781700 IIS Component Information report multiple issues
3850284 [Disk Usage] Improve data presentation
3864217 Contradictory result in UAC report
3879283 capture ICAP_Trace files
3879721 [SCS - Old Cloud] Add definition corruption report
3879867 [SCS] Implement install requirements report for SUEP
3880875 Remove dialog during data collection
3880880 False positive on drivers and services report
3883912 [SCS] Include serial number in Information Report
3887245 On windows 2003, get "Access is denied" error
3887635 dbisqlc: "Error at line 1" due to using " instead of ' to delimit the output file when its directory has a space on win2003
3906094 Move Sep Security Analyzer to under the Proactive Service and enable for dlp enforce installed
Build 220.127.116.114 (12/1/2015)
Alternate update method
Build 18.104.22.1683 (11/30/2015)
Added data collection and reporting for NIS-based Endpoint Protection.cloud and Unified Endpoint Protection Cloud Security
3870199 [SCS - Old Cloud] Add Endpoint Protection.cloud
3877534 update VIP install requirements
3877538 Update VIP versions
Build 2.1.148 (11/19/2015)
3764369 SymHelp for Linux - Add supported OS information to manual page in SymHelp for Linux
3876511 SymHelp for Linux - Modify summary report. It needs to display despite Symantec Products installed.
3876832 SymHelp for Linux - Series of files are being written to the /tmp/ directory that are not being cleaned up.
3874181 SymHelp for Linux - Telemetry Linux exception_caught System.Diagnostics.Process.Start_noshell
3874747 SymHelp for Linux - Add support for SUSE Linux family.
3874748 SymHelp for Linux - Add support for UBUNTU/Debian Linux family.
3874750 SymHelp for Linux - Add universal launcher script to prevent executing SymHelp after auto-update.
3875913 SymHelp for Linux - Temp folders/files created by SymHelp framwork are not being removed.
3875917 SymHelp for Linux - Add logic to default for RedHat/CentOS/Fedora modules when version/distribution of Linux is unknown.
3876509 SymHelp for Linux - Add support for Oracle Enterprise Linux.
3875385 SymHelp for Linux - cleanup download progress and completion output.
3875876 SymHelp for Linux - Saving files to directories with spaces fail.
3874753 SymHelp for Linux - Update SymHelp for Linux tar.gz directory structure for adding additional Linux families/distributions.
3874760 SymHelp for Linux - Add kernel version comparison for specific distribution execution.
3854921 SymHelp for Linux - Update Execution script(s) to prevent need to restart SymHelp for major changes to binary files.
3876790 SymHelp for Linux - Transition SymHelp for Linux updates to secure HTTPS download.
3879324 SymHelp for Linux - Fix error "date: invalid date '+%Y%m%d'" when unable to download update control file.
Build 22.214.171.1246 (11/17/2015)
Alternate update method
Build 126.96.36.1990 (11/9/2015)
3454788 [Autorun] Change Autorun report to reduce error to warning when the default Application and Device Control policy for blocking Autorun is present
3800139 Clarify text in the Autoruns report
3811987 Specifying an additional directory to scan yields non-executable files in the report
3847508 Numeric data sorts by first number (alphabetically) and not by numeric value
3848922 Ask for the company name and use it when generating the report
3850251 Use a fixed width font to improve text file readability
3853869 Exception when filtering on 'Last Run' in the view Scheduled Tasks
3854778 [Soltador] Update latest version report
3855212 Add IPS detections to Security Analysis report
3856056 Add new Resource section link for training
3856059 Change Home page UI to include product training section.
3858163 Errors when attempting to run Security Analyzer
3864335 SFTP error messages are untranslated in the "Upload failed" SFDC case note that SymHelp creates
3864339 Retry DNS lookup for SFTP on timeout
3869311 Ensure that SEP Analyzer uses the latest version. Latest SEPM is MP2 12.1.6465.6200
3872103 Failure to use secure http to download update .exe
3872112 Crash: TAS reputation DB check when proxy autoconfig script is supplied
3873676 Collect SymEFASI file and registry information
Build 188.8.131.529 (10/5/2015)
3789956 SymHelp needs to determine if the user needs the Veritas version
3821257 Remove Veritas products
3825909 Failure to generate sylink log
3852422 Raise immediate wpp log max size and restore configuration UI
3856332 With new SFTP, evidence is immediately available. Need to change message that says it will take 40 mins
Build 184.108.40.2065 (9/23/2015)
3857075 Unsecure FTP credential option shows in the case management authentication window
Build 220.127.116.114 (9/22/2015)
3840338 [Disk Usage] Reset sem5.log threshold to average + 3 * std dev
3848943 Display threat data for last 30 days does not limit by last 30 days
3854758 False positive in GUP configuration report
Build 18.104.22.1680 (8/31/2015)
3847531 Exception when saving in .net2 mode and no file is saved
Build 22.214.171.1246 (8/27/2015)
3780751 False positive in SEP installation corruption report when Symantec.Cloud server client is installed
3821237 Add link to TECH91070 for the EPClient remote installation report
3822907 Database version is blank in EPConsole Information report
3827867 Collect the key HKLM/Software/Microsoft/SystemCertificates
3837422 Add SYM15-007 to security advisory report for SEP and SEPM
3839213 [SEP Analyzer]Error while running "Collect Data for Support" SEPM console.
3841585 Rename Sep Analyzer to "Security Analysis"
Build 126.96.36.1991 (8/4/2015)
3551648 Improve heartbeat/communication information
3708287 Three problems in SONAR report
3768028 [SEP WPP] Add additional configuration parameters
3783925 [SEP RU6] Possible false positive in system requirements default ports available report
3801557 Add collection of the semwebsrv service key
3806342 Collect semsrv.log
3813436 Add security advisory SYM15-005 to EPClient and EPConsole reports
3819515 Message box and msinfo32 appear during silent data collection
3820260 [Disk Usage] Incorrect text for NoData report result
3821055 Collect more data button does nothing
3821066 SMR does not support server 2003
3821254 ContentTree.bat in SymHelp execution directory is picked up by ThreatScan
3821962 Send Feedback button does nothing when you click on it
3832806 Services report tests are missing
3832838 Add Windows 10 as supported OS for RU6
3832941 Add RU6 MP1 and MP1a for SEP and SEPM
Rate this Article