How does the client computer and the management server communicate?
Symantec Endpoint Protection Managerconnects to the client with a communications file called Sylink.xml. The Sylink.xml file includes the communication settings such as the IP address of the management server and the heartbeat interval. After you install a client installation package on to the client computers, the client and the server automatically communicate.
The sylink file performs many of its functions during the heartbeat. The heartbeat is the frequency at which client computers upload logs to the management server, and download policies and commands.
The sylink file contains:
- The public certificate for all management servers.
- The KCS, or encryption key.
- The Domain ID that each client belongs to.
Do not edit the sylink file. If you change the settings, the management server overwrites most settings the next time the client connects to the management server.
For more information, see:
Troubleshooting Sylink communication
In version 14.2, the communications module was upgraded, and includes new log files. You can use this information to troubleshoot communication issues between
Symantec Endpoint Protection Managerand the clients.
The 14.2 communications module works with all client types, including Windows, Mac, and Linux, and has improved IPv6 support.
As of version 14.2, the communication module only honors system proxy information.
- To troubleshoot Sylink communication
- To view the log files for the communications module, on the Windows client, in the following folder:C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\DataYou can view the following files:
- For client registration:
- RegistrationInfo.xmlClient registration metadata that the client submits toSymantec Endpoint Protection Manager.
- Registration.xmlClient registration metadata thatSymantec Endpoint Protection Managerreturns to the client.
- State.xmlIncludes internal settings, such as the management server IP address.
- For the communications module logs:\Logs\cve.logand\Logs\cve-actions.logUse these logs to troubleshoot communication betweenSymantec Endpoint Protection Managerand the client. Send these logs to Technical Support if asked.
- For the opstate status:Appears in the logs in the\Pendingand\Sentfolders
- To configure the communication module logs, open the Windows Registry Editor, clickStart>Run, typeregedit, and then clickOK.
- To enable the cve.log or cve-actions.log, open the following Windows registry key:[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink REG_DWORD: CVELogLevelUse any of the following values:
If the registry key is not present or does not have a valid value, it defaults to 4. The installation default is also 4.For example, you can type:32-bit:[HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink] "CVELogLevel"=dword:0000000164-bit:[HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink] "CVELogLevel"=dword:00000001
- 1 = Debug
- 2 = Info
- 3 = Warning
- 4 = Error
- 5 = Fatal
- To control the size of these logs, use the following registry value:[HKEY_LOCAL_MACHINE\SOFTWARE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink] REG_DWORD: CVELogSizeDBThe default size is 250 MB.