Endpoint Protection

 View Only

  • 1.  SEP 12.1 policy file download name and stored location

    Posted Sep 18, 2012 10:14 AM

    When I update a policy in SEPM 12.1, what is the name of the file and location where it will be stored on a SEP 12.1 client when the client gets a policy update?

    I'm trying to troubleshoot some policy issues.

    Thanks.



  • 2.  RE: SEP 12.1 policy file download name and stored location

    Posted Sep 18, 2012 10:59 AM

    Hi,

    policy file (serdef.dat)

    These files are located in

    It is stored in serdef.dat file. The default path is for SEP 11.x:

    \Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection

    for SEP 12.1x:

    \Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.xxx.yyy.zzz\Data\Config

     

    What settings are stored in each of the .DAT files in the Symantec Endpoint Protection 11.x folder?

    http://www.symantec.com/docs/TECH102410



  • 3.  RE: SEP 12.1 policy file download name and stored location

    Posted Sep 18, 2012 11:01 AM

    But is this also for changes made to policies such as the AV, IPS, or Exceptions policy?

    From the article, serdef.dat stores communication settings by location. Doesn't really say if it applies to policies as well.



  • 4.  RE: SEP 12.1 policy file download name and stored location

    Posted Sep 18, 2012 11:04 AM

     

    Server.dat Temporary holding place for policies downloaded from SEPM Policies are stored here before being applied to serdef.dat

     



  • 5.  RE: SEP 12.1 policy file download name and stored location

    Posted Sep 18, 2012 11:09 AM

    The file that would be downloaded by the client is called Server.dat, not serdef.dat



  • 6.  RE: SEP 12.1 policy file download name and stored location

    Posted Sep 18, 2012 11:20 AM

    As per Artical Says

    SerDef.dat
    An encrypted file that stores communication settings by location. Each time the user changes locations, the SerDef.dat file is read and the appropriate communication settings for the new location are applied to the client

    Where Communication Settings are stored on the Client Computer

    http://www.symantec.com/business/support/index?page=content&id=TECH98049&locale=en_US

    Check this thread.

    http://www.symantec.com/connect/forums/sep-policy-location-local-client



  • 7.  RE: SEP 12.1 policy file download name and stored location

    Posted Sep 18, 2012 11:27 AM

    Yea sorry should've clarified. I'm doing packet captures so I'm watching the policy updates. So I need the file that would be downloaded.



  • 8.  RE: SEP 12.1 policy file download name and stored location
    Best Answer

    Posted Sep 18, 2012 11:28 AM

    Than you should look for server.dat. Serdef.dat comes in after the fact.



  • 9.  RE: SEP 12.1 policy file download name and stored location

    Posted Sep 18, 2012 12:03 PM

    If you want to packet Captures (Just Sharing good artical)

    Check this artical

    Capturing network communication packets with Wireshark Utility

    http://www.symantec.com/connect/articles/capturing-network-communication-packets-wireshark-utility



  • 10.  RE: SEP 12.1 policy file download name and stored location

    Posted Sep 18, 2012 12:32 PM

    Assuming you're using Wireshark, you can build a display filter to look for .dat files. Here's one I use:

    (frame matches "\.(?i)(dat)") && (tcp.flags.push == 1) && (ip.src==10.x.x.x) && (tcp.port==8014)

    Edit as you see fit but this should help you in troubleshooting.