You want to obtain CPU profiling data to examine performance beyond what is possible via FINEST agent logging.

There are two ways to approach this, with Windows Performance Recorder we can get an ETL file that can be read by Windows Performance Analyzer that gives a really good overview of user mode code activity. With a low altitude Procmon, we can get file, registry, network and process activity including kernel driver activity. However, the Procmon output is a bit harder to examine purely from a call stack frequency perspective.

WPR Trace

1. Set the test agent's logs to FINEST via the Enforce console.
2. In an elevated command prompt run: wpr.exe -start CPU.
3. Recreate issue.
4. In an elevated command prompt run: wpr.exe -stop AgentCPU.etl.
5. Gather AgentCPU.etl file
6. Gather FINEST agent logs via the Enforce console and submit to support.

Procmon Capture (looking for VEP and SNP effect on network file transfers)

1. Set the test agent's logs to FINEST via the Enforce console.
2. Configure Procmon for a Low Altitude trace as outlined in this KB article: Configuring Sysinternals Process Monitor for a Low Altitude trace
3. Start the Procmon trace.
4. Recreate issue.
5. Stop and save Procmon trace.
6. Gather Procmon trace
7. Gather FINEST agent logs via the Enforce console and submit to support.

Reset the Test Agent's Log Level

1. Navigate to System -> Agents -> Overview.
2. Select the test agent.
3. Click the Troubleshoot button in the Agent Overview toolbar and select "Reset Log Level".

Note: Both of these profiling methods are very resource intensive and should be done as tightly around the issue recreation window as is possible.

See also: Configuring Sysinternals Process Monitor for a Low Altitude trace