Gathering information about Symantec products on a Mac using GatherSymantecInfo
Last Updated April 15, 2019
In the course of troubleshooting an issue on an Apple Mac computer, the Support representative has asked for technical information about the computer. There is not currently a SymDiag Tool for Mac, but the GatherSymantecInfo tool described below can be used with all Symantec Products on Mac.
On a Mac computer, the GatherSymantecInfo tool will gather technical information specific to Symantec products.
Place the file on the Mac client and double-click it. It will expand the GatherSymantecInfo.command file as well as a folder called SupportFiles.
Double-click on GatherSymantecInfo.command. It will open a Terminal window.
Enter the administrator password (it will not echo on-screen) and press Enter.
On the "Please enter the subscription key..." window, press Enter to bypass this screen. A subscription key does not apply to Symantec enterprise antivirus applications.
Gathering information... will appear.
When completed the Terminal window will indicate that the information was gathered and saved to the desktop (SymantecInfo.txt and SymantecInfo.zip, which is simply SymantecInfo.txt in a zip archive). Quit the Terminal application (see below). If you would prefer the file be saved elsewhere, run GatherSymantecInfo.command from a terminal prompt with the -z option, as in "GatherSymantecInfo.command -z /path/to/file"
Please submit the SymantecInfo.zip file to Support for review. NOTE that there is data that this tool does not yet collect automatically and should be copied manually and included in your submission for the best picture of whatever technical issue is at hand. Please see Useful data NOT collected by GatherSymantecInfo at bottom of this section
The following information is shown in this report:
NIS 6/NFM 7 definitions' libecomlodr.dylib, definfo.dat and usage.dat files
Application versions (CFBundleShortVersionString) in /Applications
Symantec processes currently running
Symantec kexts currently loaded
All processes currently running
User home folders information
Definitions avdefs group check
VerifySignedFiles - Apple signing verification
Symantec Error Reporting
Contents of Symantec plist files
Files in Symantec's support folders
Expected links in /
Items in /
Permissions of /usr/local folders
Files in /private/tmp
Files in /private/var/tmp
Contents of /private/etc/liveupdate.conf
LiveUpdate date file info
Subscription info (LiveUpdate 5 and earlier)
Corporate files in /Users/Shared
Contents of plist files in /Library/LaunchAgents
Contents of plist files in /Library/LaunchDaemons
Contents of loginwindow.plist files
Shut down times as reported by PrintShutDownTimes
Proxy info via system_profiler
system_profiler -detailLevel mini | grep -iv 'serial num\|part num'
Last 20 lines of SymDaemon logs
Sampling of SymDaemon
Licensing logs in /Library/Application Support/Symantec/Licensing
Licensing logs in /Library/Application Support/Symantec/Silo/NFM/Licensing
Licensing log: /tmp/Logs/O2Spy*
Licensing logs: SymantecNISCC.log in each user's /Library/Logs directory
Last 600 lines of /private/var/log/system.log
CrashReporter and other Symantec logs
Symantec Endpoint Protection support xml files (Sy*.xml)
Symantec Endpoint Protection debug logs
Last 1600 lines of /var/log/install.log
Contents of /Library/Logs/SymantecTestPatchers.log
LUX logs for Norton Zone
Java LiveUpdate log (LiveUpdate 5 and earlier)
LiveUpdate 6 log
NIS/NS 6 and NFM 7 LUX SQL log
NIS/NS 6 and NFM 7 DefUtils LUX log
NIS/NS 6 and NFM 7 Microdefs log
NIS/NS 6 and NFM 7 DefUtils log
NIS/NS 6 and NFM 7 LUX text log
Additional files included with this report
Useful data NOT collected by GatherSymantecInfo
After running GatherSymantecInfo, it may be helpful to archive it with other useful data:
cd ~/Desktop sudo lsof -p `pgrep SymDaemon` > ~/Desktop/lsofSymDaemon.txt sudo tar -cf data.tar SymantecInfo.zip lsofSymDaemon.txt # only first tar command uses -c(reate); subsequent use -u(pdate) sudo tar -uf data.tar /Library/Application\ Support/Symantec/SMC sudo tar -uf data.tar /Library/Application\ Support/Symantec/Silo/NFM/SymUIAgent/Logs sudo tar -uf data.tar /var/logs/system.log* sudo tar -uf data.tar /private/tmp/epmpmac* gzip data.tar # will replace data.tar with data.tar.gz on Desktop - upload this to your support case
Imported Document ID: TECH134761
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe