With Symantec Endpoint Protection Manager MR4 installed, you notice that client status reports do not reflect the current status of your client computers, possibly as far back as a few days. You will also notice a buildup of .DAT files in the following locations:
..\Symantec Endpoint Protection Manager\data\inbox\agentinfo
..\Symantec Endpoint Protection Manager\data\inbox\log\client
..\Symantec Endpoint Protection Manager\data\inbox\log\behavior
..\Symantec Endpoint Protection Manager\data\inbox\log\system
..\Symantec Endpoint Protection Manager\data\inbox\log\security
..\Symantec Endpoint Protection Manager\data\inbox\log\packets
..\Symantec Endpoint Protection Manager\data\inbox\log\traffic
..\Symantec Endpoint Protection Manager\data\inbox\log\tex\avman
If you enable Symantec Endpoint Protection Manager extended logging (details in the Technical Information section of this document), you will see the following line repeated multiple times in the AgentLogCollector-0.log:
2009-01-12 15:29:02.008 FINE: SQLException: Using batch handler
This will only occur on Symantec Endpoint Protection Manager MR4 when using a Microsoft SQL database.
Installation_Guide.pdf, page 70 (included with Symantec Endpoint Protection distribution files)
To enable Symantec Endpoint Protection Manager extended logging:
- Stop the service named "Symantec Endpoint Protection Manager"
- Go to the following location: ..\Symantec Endpoint Protection Manager\tomcat\etc (depending upon installation settings chosen)
- Find file name 'conf.properties'. Open it in notepad.exe or another non-formatting text editor.
- Add the following line to the bottom: scm.log.loglevel=fine
- Save the changes and close the file
- Start the Symantec Endpoint Protection Manager service.
Logs will be generated in the folder: ..\Symantec Endpoint Protection Manager\tomcat\logs
Imported Document Id