Endpoint Protection

Data to collect for Support when opening a case

  • 1.  Data to collect for Support when opening a case

    Broadcom Employee
    Posted 01-30-2018 12:29 PM

    Based on Supports review of the data collected below, there may be situations we will need to collect specialized data to continue our investigations into your issue.

     

          1. Please include the following and any other supporting information you believe is relevant to your case.

    • Errors – Document any error messages and the steps to reproduce the error.
    • Occurrences – Document the exact times of first and subsequent occurrences.
    • Environment – List any unique conditions or recent changes in your environment

     

           2. The Symdiag tool should be run for every situation and provided to Support.

           Steps:

    • Download Symdiag from here: http://entced.symantec.com/symhelp/2/dl
    • Accept EULA
    • Click Collect Data for Support
    • Select Symantec products you are running on the system
    • Select All data
    • Once collection is complete. Save the file for support. Have this ready when opening your case.

     

           3. For database related issues support may request a backup of your Database.  You can provide a backup from the SQL server, or use the Backup and Restore Wizard on the SEPM.

     

           4. For Policy issues support will need an export of the policy in question for review purposes.

     

     

    For certain issues debug logging will need to be enabled and the issue reproduced.

     

    • If troubleshooting Symantec Endpoint Protection Manager (SEPM) please enable Finest debugging and reproduce the issue.  This document explains how to enable debugging for SEPM. https://support.symantec.com/en_US/article.TECH230072.html.  Once the issue is reproduced gather a Symdiag for Support.

     

    • For SEP client communication issues please enable Sylink debugging. Sylink logging will log the communication between the SEP client and SEPM. Generally, support will need a minimum of 2 full heartbeats worth of logging.  This document explains how to enable Sylink debugging via the Symdiag tool.  https://support.symantec.com/en_US/article.TECH207795.html.  A Symdiag of the SEP client and SEPM will need to be collected as well.

     

    • For Group Update Provider (GUP) issues please enable SMC Debug logging on the GUP, Sylink logging on the client updating from the GUP, Finest logging on the SEPM. Let the logging run at the same time for a minimum of 2 Heartbests. Collect Symdiag from each system.  To enable Debug logging for the GUP please see: https://support.symantec.com/en_US/article.TECH207795.html

     

    • For driver level conflicts or problems with the SEP Client support will need WPP debug logging. Make sure to always set the Max file size to 500 and the Trace Level to Verbose.  Please follow the steps in this document to enable the logging: https://support.symantec.com/en_US/article.TECH207795.html

     

    Additional Logging:

    • For Application crashes support will need Full Process Dumps as well as a Symdiag.
    • For BSOD issues support will need a Full Memory Dump as well as a Symdiag
    • For system hangs support will need a Full Memory Dump forced at the time of the hang as well as a Symdiag.
    • For slow logon or boot issues support will need WPP Boot Logging and Low-Alt Process Monitor as well as a Symdiag.
    • At times Support may ask for a Low-Alt Process Monitor debug to be run for permission related issues.
    • For networking issues support will need packet captures (Wireshark) and WPP logging of the issue being reproduced.
    • SQL Trace logs may be needed for SQL and SEPM database related issues.
    • System images may (rarely) be needed for issues we are not able to reproduce locally.