Endpoint Protection

 View Only

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.  

Feb 28, 2011 01:39 PM

To explain the entire procedure, please follow the steps below:
1) Download the Symantec Endpoint Protection Support Tool from
2) To generate this data for Technical Support, please follow the steps below:
            a. Open the utility, and accept the license agreement.
            b. Place a check mark next to each category that is relevant to your issue, and then click Next.
            c. After the utility has finished collecting data, click Collect full data for support.
This data is saved by default to the root of drive C,with a filename in the following format :
"<computer name>_<date>_<time>_full.sdbz" 

Submit this report to your Technical Support agent, and attach the .sdbz file to the email he /she has send to you from above as a file attachment. 

This will automatically attach the report file to your case. 
3) While Running the Utility, you can collect the Suspicious files as shown in the picture below:
By Clicking on the Button "Copy the files to a single location", you could save the suspicious files to a particular directory of your choice.
Please zip the Files. Make sure that zip file does not include more than 9 files and /or 10MB of size.


4) You will want to submit these suspicious files, to the Symantec Security Response for analysis,

Click on this link to begin the process:

For Retail License Holders


For Essential License Holders


For BCS License Holders



Fill out the form and upload the file(s).

Your Technical Contact ID:  (check with your Local Technical Support Representative)

You will receive a confirmation email with a tracking number, and within 24 to 48 hours you should receive an email telling you if the file is viral or not. If it is viral, you will be provided with a set of rapid release definitions. These can be installed to your system so that Symantec Endpoint Protection or Symantec AntiVirus can then detect the infected file and prevent a re-infection.
5) Submit the file to Threat Expert (owned by Symantec).

Automated analysis can be performed for some types of threats through http://www.threatexpert.com. This step can quickly identify the sites the threat is coded to contact so they can be blocked at the firewall. Symantec Support does not provide troubleshooting for http://www.threatexpert.com, and this step does not replace the need to submit files to Symantec Security Response.

0 Favorited
0 Files

Tags and Keywords


Jul 24, 2015 09:08 AM

Updated article on this topic now available!


Using Today's SymHelp to Combat Today's Threats

Jun 20, 2013 01:39 AM

Please update this using Symhelp...


Jun 19, 2013 05:32 AM

Nice toll yaa. 

Mar 18, 2013 04:16 AM

Please update this using Symhelp...

Mar 14, 2013 07:25 AM

Nice Article , helpful

Oct 18, 2012 09:28 PM

Gud one

Oct 16, 2012 08:39 AM

its quite helpful.

Nov 25, 2011 04:27 AM

Good One

Mar 09, 2011 01:55 AM

Good one its quite helpful

Mar 07, 2011 09:43 AM

Good One!!

Related Entries and Links

No Related Resource entered.