I'm looking for detailed documentation for the setAid.ini file that is created when an installation package is created on the SEP Manager.  I'm looking specifically for information on the OptOutRepSubmission parameter.

I tried putting =1, =0 or even putting a ";" in front of it so that it would not be taken into account when installing.  Whatever setting I choose, I do not see any difference in the log file produced by the MSI installation.  It seems that this parameter is irrelevant.  I want to be sure that my 10,000 SEP clients do not send anything to Symantec directly.

Thank you.




0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity



I have already seen that documentation, it is part of the Symantec Endpoint doc.  It only describes how to designate the features that have to be installed.  I need doc on the other stuff, like the following:







Answered 07/05/2012 by: sylvain_langlois
Orange Belt

  • Have you tried passing this in command line?
  • Yes, I tried it. The command line settings are overridden by the setAid.ini settings.
  • If you export to a single .exe file, you cannot configure Setaid.ini. However, the file is automatically configured when you export Symantec Endpoint Protection client installation files from the console.


    How are you deploying this? If you are using a GPO look at http://www.symantec.com/business/support/index?page=content&id=TECH105237&locale=en_US.
  • I'm deploying using Computer Associates Desktop and Server Management. We usually use the MSI file for deployment.

    I have already looked at that article from Symantec, it's basically the same thing that is in the documentation that was linked by jagadeish.

    I have looked around the console and I witnessed when the SEPM admin generated the installation package (according to my specifications) and nowhere in the interface did I see something about an option of reporting some data to Symantec.
  • If you get no where our sysmantec specialist is on Vacation till next week, email me and I will have him contact you to see if he has any insight.
Please log in to comment

Configure your default group and any other group you have machines in within Symantec console to send a policy to all clients that sets these settings how you want.  They should get the policy upon startup or within 15 minutes.

Answered 07/05/2012 by: SMal.tmcc
Red Belt

  • Yes, I could do that. Still, I'd be intrigued to have some documentation on the different settings in setAid.ini, aside from the features.
Please log in to comment

not much detail out there but look at:


Appendix B (Customizing and deploying the client installation by using third-party tools) starting on page 1003

Symantec recommends for questions like this is to join their group at:

additional assistance with SEP 12.1 here in its dedicated connect forum: https://www-secure.symantec.com/connect/SEP_12_Beta_Group


Answered 07/05/2012 by: SMal.tmcc
Red Belt

Please log in to comment

Might be a non-standard approach, but if I remember correctly the exe generated by the SEP server is nothing but a self-extracting archive containing an MSI installer. You could either analyze this MSI to identify the links between settings, properties and CA's that interpret the ini file, or even modify the MSI directly and run it instead of the exe installer..

Answered 07/06/2012 by: pjgeutjens
Red Belt

  • On the SEP Manager, we elected to have an installation package without compressing all the files into a setup.exe. So we have the setup, but also have a MSI file and the setAid.ini file. They are not compressed inside the setup.
Please log in to comment
Answered 07/05/2012 by: jagadeish
Red Belt

Please log in to comment