You can run the Windows client service using the smc (or smc.exe) command-line interface. You can use the smc
The client service must be running for you to use the command-line parameters, with the exception of smc -start
To run Windows commands using the smc
On the client computer, click
Start > Run
, and then typecmd
.In theCommand Prompt window, do one of the following tasks:
See AlsoLogs Preview - enEndpoint Protection - Configuration ManagerEndpoint Protection - Symantec EnterpriseSEP for Mac: Troubleshooting | UCSF ITIf the parameter does not need a password, enter:
smc -
parameter
Where
parameter
is a parameter.
If the parameter needs a password, enter:
smc -password -parameter
For example:
smc -password-exportconfig c:\profile.xml
You must enter the installation path to the
smc
service before the command. For example, on a 64-bit Windows system on whichSymantec Endpoint Protection
is installed to the default location, enter:C:\Program Files\Symantec\Symantec Endpoint Protection\smc.exe
Parameter | Description | Applies to |
---|---|---|
smc -start | Starts the client service. Returns 0, -1 | All supported versions |
smc -stop | Stops the client service and unloads it from memory. If this command is password-protected, the client is disabled within one minute after the end user enters the correct password. Returns 0, -1 | All supported versions |
smc -cloudmanaged <path toSymantec_Agent_Setup.exe> | Moves a cloud-managed device to another cloud domain or tenant. Moves a client computer from Symantec Endpoint Protection Manager Requires the Symantec_Agent_Setup.exe | New in 14.2 RU1 |
smc -configure -proxy-mode <mode> | Used together with enrollment parameters to enable the client to enroll using the required proxy configuration.Can also be used to correct bad proxy options. Possible modes are as follows: system ,manual ,none .Specifying a proxy address switchesautomaticallyto manual mode. If you entermanual , but don't specify a proxy host, this mode will be ignored.Not supported on the clients that are managed by Symantec Endpoint Protection Manager For more information, see the table: Combinations ofproxy settingsentered at a command prompt | New in 14.3 RU1 |
smc -configure -proxy-address <host or IP> | Allows to manually specify the proxy host or the proxy address. Required if the proxy mode is set to manual . | New in 14.3 RU1 |
smc -configure -proxy-port <port number> | Allows to manually specify theproxy port. The same port will be used both for HTTP and HTTPS connections. If no ports are specified, the ports are automatically set to 80 for HTTP and 443 for HTTPS. | New in 14.3 RU1 |
smc -configure -proxy-port-http <port number> | Allows to manually specify theproxy port for HTTP connections. Overwrites the default HTTP port or the port that has been specified by smc -configure -proxy-port | New in 14.3 RU1 |
smc -configure -proxy-port-https <port number> | Allows to manually specify theproxy port for HTTPS connections. Overwrites the default HTTPS port or the port that has been specified by smc -configure -proxy-port | New in 14.3 RU1 |
smc -configure -proxy-auth-mode basic | Possible authentication modes are as follows: basic ,ntlm .Defaultauthentication mode is basic . | New in 14.3 RU1 |
smc.exe -configure -proxy-user-name <name> | Allows to manually specify theproxy user. For ntlm , you must specify domain/user. | New in 14.3 RU1 |
smc -configure -proxy-password <plain pwd> | Allows to manually specify theproxy password. Maximum length is 255 characters without null. The password is case sensitive. | New in 14.3 RU1 |
smc -enable -ntp smc -disable -ntp | Enables/disables the Symantec Endpoint Protection | All supported versions Password requirement for -disable |
smc -enable -mem smc -disable -mem | Enables/disables the Symantec Endpoint Protection | New in version 14 MP1 |
smc -enable -gem smc -disable -gem | Enables/disables the Symantec Endpoint Protection | Version 14 only |
smc -dismissgui | Closes the client user interface. The client still runs and protects the client computer. Returns 0 | All supported versions |
smc -exportconfig | Exports the client's configuration file to an .xml file. The configuration file includes the following management server settings:
You must specify the path name and file name. For example, you can enter the following command: smc -exportconfig C:\My Documents\MyCompanyprofile.xml Returns 0, -1, -5, -6 | All supported versions |
smc -exportlog | Exports the entire contents of a log to a .txt To export a log, you use the following syntax: smc -exportlog log_type 0 -1 output_file Where: log_type is:
The name output_file is the path name and file name that you assign to the exported file. Returns 0, -2, -5 | All supported versions |
smc -exportadvrule | Exports the client's firewall rules to an .xmlfile. This command only works for firewall rules on an unmanaged client or a client that is in client control mode.For a client in server control mode or mixed mode, use -exportconfig You must specify the path name and file name. For example, you can enter the following command: smc -exportadvrule C:\myrules.xml Returns 0, -1, -5, -6 You cannot import configuration files or firewall rule files directly from a mapped network drive. Preventing users from disabling the Symantec Endpoint Protection client | All supported versions |
smc -image | Unenrolls the Symantec Agent ( Symantec Endpoint Protection The difference from a regularunenrollmentis the removal of the hardware key and the persisted hardware key information. Uses the Require a password to import or export a policy and to import client communication settings Forclients that the SES cloud console manages,running the smc -image Installing Symantec Agent on a client device without automatically enrolling it | New in 14.3 RU1(Symantec Endpoint Security) New in 14.3 RU6(Symantec Endpoint Protection) |
smc -importadvrule | Imports the firewall rules to the client. The rules you import overwrite any existing rules. You can import the following:
You can only import firewall rules if the client is unmanaged or if the managed client is in client control mode or mixed mode. The managed client ignores these rules in server control mode. To import firewall rules, you import an .xml or .sar file. For example, you can enter the following command: smc -importadvrule C:\myrules.xml An entry is added to the System log after you import the rules. Returns 0, -1, -5, -6 To append rules instead of overwriting them, use Import rule For more information, see:
| All supported versions |
smc -importconfig | Replaces the contents of the client's current configuration file with an imported configuration file and updates the client's policy. The client must run to import the configuration file's contents. You must specify the path name and file name. For example, you can enter the following command: smc -importconfig C:\My Documents\MyCompanyprofile.xml Returns 0, 3, -1, -5, -6 | All supported versions |
smc -importsylink <path to sylink.xml> | Imports the client communications file (sylink.xml). | All supported versions |
smc -enable -wss smc -disable -wss | Enables or disables Web and Cloud Access Protection | New in version 14.0.1 MP1 |
smc -p password | Used with a command that requires a password, where password smc -p password | All supported versions |
smc -report | Creates a dump file (.dmp) that includes crashes and logical errors that occurred on the client. The file is sent automatically to Symantec Technical Support. Contact Technical Support to ask for help in diagnosing the error. You can find the dump file at the following location: SEP_Install \Data\LocalDumps Where SEP_Install is the installation folder. By default, this pathis C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ version . | New in version 14 |
smc -restart | Stops and immediately starts the client, which performs the same task as -stop -start | New in 14.3 RU3 |
smc -runhi | Runs a Host Integrity check. Returns 0 | All supported versions |
smc -sepmmanaged | Reverts the client management from the cloud console back to the Symantec Endpoint Protection Manager | New in 14.2 RU1 |
smc -sepmmanaged<path to sylink.xml> | Imports the client communications file (sylink.xml). Equivalent to -importsylink | New in 14.2 RU1 |
smc -showgui | Displays the client user interface. Returns 0 | All supported versions |
smc -updateconfig | Initiates a client-server communication to ensure that the client's configuration file is up-to-date. If the client's configuration file is out-of-date, updateconfig Returns 0 | All supported versions |
smc -checkinstallation smc -checkrunning
* Parameters that only members of the Administrators group can use if the following conditions are met:
The client runs Windows Vista or Windows Server 2008, and users are members of the Windows Administrators group.
If the client runs Windows Vista, and User Account Control is enabled, the user automatically becomes a member of the groups Administrators and Users.
† Parameters that need a password. You password-protect the client in Symantec Endpoint Protection Manager
See: Password-protecting the Symantec Endpoint Protection client
proxy-mode | proxy-user-name | proxy-password | proxy-address | proxy-port | Action |
---|---|---|---|---|---|
system | no | no | no | no | Use system proxy |
system | yes | no | no | no | ERROR_INVALID_COMMAND_LINE (missing password) |
system | no | yes | no | no | ERROR_INVALID_COMMAND_LINE (missing user) |
system | no | no | yes | no | Use system proxy (ignore server) |
system | yes | yes | no | no | Use system proxy with authentication |
system | yes | yes | yes | no | Use system proxy with authentication (ignore server) |
system | yes | yes | yes | yes | Use system proxy with authentication (ignore server and ports) |
manual | no | no | no | no | ERROR_INVALID_COMMAND_LINE |
manual | yes | no | no | no | ERROR_INVALID_COMMAND_LINE |
manual | no | yes | no | no | ERROR_INVALID_COMMAND_LINE |
manual | no | no | yes | no | Valid "manual" (custom) proxy with default ports |
manual | yes | yes | no | no | ERROR_INVALID_COMMAND_LINE |
manual | yes | yes | yes | no | Valid "manual" (custom) proxy with default ports |
manual | yes | yes | yes | yes | Valid "manual" (custom) proxy |
manual | yes | no | yes | yes or no | ERROR_INVALID_COMMAND_LINE (no password) |
manual | no | yes | yes | yes or no | ERROR_INVALID_COMMAND_LINE (no user) |
none | no | no | no | no | Valid “none” proxy |
none | yes | no | no | no | Valid “none” proxy |
none | no | yes | no | no | Valid “none” proxy |
none | no | no | yes | no | Valid “none” proxy |
none | yes | yes | no | no | Valid “none” proxy |
none | yes | yes | yes | no | Valid “none” proxy |
none | yes | yes | yes | yes | Valid “none” proxy |
no | no | no | no | no | No proxy settings |
no | yes | no | no | no | No proxy settings (ignore user) |
no | no | yes | no | no | No proxy settings (ignore password) |
no | no | no | yes | no | Valid “manual” (custom) proxy with default ports |
no | yes | yes | no | no | No proxy settings (ignore extra options) |
no | yes | yes | yes | no | Valid “manual” (custom) proxy with default ports |
no | yes | yes | yes | yes | Valid “manual” (custom) proxy |
More information
command error codes