SymDaemon is the core process of the Symantec Endpoint Protection (SEP) for Macintosh client. It is responsible for scheduling tasks, communicating with the Symantec Endpoint Protection Manager (SEPM), and applying policies among other things. Use the following steps to generate detailed, debug level logging for the SymDaemon process of the SEP for Macintosh client.
Open terminal window and navigate to SMC folder location— SEP 14.2 RU2: cd /Library/Application\ Support/Symantec/Silo/MES/SMC SEP 14.2 RU1 MP2 and older: cd /Library/Application\ Support/Symantec/SMC
The following instructions assume that this is the current directory.
Enable debug logging: sudo ./tools/SetSettings -ldebug # NOTE: use -lengineer in SEP 14.0.x and older
Restart SymDaemon. This isn't necessary but does force a heartbeat immediately which is useful for debugging: sudo launchctl unload /Library/LaunchDaemons/com.symantec.symdaemon.*plist sudo launchctl load /Library/LaunchDaemons/com.symantec.symdaemon.*plist
Reproduce the behavior. SymDaemon will generate debug level logging until debugging is disabled. For communications failures, run the logging for 3 times the length of the heartbeat interval to ensure the logging captures the heartbeat events.
NOTE: Debugging persists through OS restarts. Debugging rolls over to a new log file after the file reaches 10 MB (not configurable). A maximum of five rolled-over log files are created, after which the older files are purged.