All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Symantec EndPoint version

mcm10285
Communicator
‎06-24-2013 07:41 PM

Hi, anyone here collecting Symantec Endpoint (SEP) logs? I've been trying out the Symantec App but I don't find any of the logs showing me the version of the SEP agent of a certain device. Any tweaking needed on Symantec? Testing on SEP11. Appreciate any assitance.

Tags (1)
0 Karma
Reply

GBNCSYM
Engager
‎08-06-2018 09:59 AM

What you can do is to create an HI policy and create a HI policy item to log this information and then it will be sent to Splunk.

0 Karma
Reply

Chetan_Savade
New Member
‎06-25-2013 07:56 AM

Hi,

I am Chetan Savade from Symantec Technical Support team.

I would be glad to answer your question.

You can check SEP client version details in the Symantec Endpoint Protection Manager (SEPM) if it's installed.
If it's a individual SEP client then can with this way

1) Open the Symantec Endpoint Protection client GUI
2) Click on 'Help' & select About and it would show the version of SEP client.

All SEP releases info is available here: http://bit.ly/m0vOJp

Let me know if you are looking for any other info.

Regards,
Chetan Savade

0 Karma
Reply

mcm10285
Communicator
‎06-25-2013 05:58 PM

Hi Chetan, as mentioned to your colleague Mithun, I'm looking at having the agent version and virus definition installed data in Splunk.

0 Karma
Reply

rashid47010
Communicator
‎05-27-2019 03:21 AM

I am also looking virus defination information logs in splunk.

0 Karma
Reply

mithunsanghavi
New Member
‎06-25-2013 05:02 AM

Hello,

This is Mithun Sanghavi from Symantec Endpoint Protection Technical Support Team.

You can check the Symantec Endpoint Protection by following steps:

1) Open the Symantec Endpoint Protection client GUI
2) Click on "Help"
3) Click on "About" and it would show the version of SEP client.

In order to check the logs, you may collect the sylink.log by following the Article below:

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

http://www.symantec.com/docs/TECH104758

Once the above logs have been collected, yo can open the same in notepad and check the SEP client version as well.

Hope that helps!!

0 Karma
Reply

mcm10285
Communicator
‎06-25-2013 05:57 PM

Hi Mithun, I'm looking into having the information at hand in Splunk, not in the SEP GUI. But I think if we can collect the sylink.log, we may be able tp use that to crossmatch the devices. Does sylink.log also include the virus definition installed? Will look into this, thanks.

0 Karma
Reply

lbenjaminvoigt
Explorer
‎06-25-2013 05:01 AM

My SEP logs (12.1-RU2) don't contain version on the endpoint either.

What I did to give me similar data on endpoints being out of date is write a query based on the status of the endpoint. Such as:

-The client has downloaded the content package successfully
-The client has downloaded the policy successfully
-The client has downloaded the Intrusion Prevention policy successfully
-The management server received the client log successfully

You may be able to use a different product to tell you the version; I get version information from my NAC solution.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...