Collect Agent Interoperability Logs on Windows (Locally)

search cancel

Collect Agent Interoperability Logs on Windows (Locally)

book

Article ID: 286075

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

To collect the necessary information to troubleshoot Carbon Black App Control Agent interop issues

Environment

App Control Windows Agent: All Supported Versions

Resolution

Note: Troubleshooting cannot take place with the agent uninstalled. Support will need access to a device with the agent installed and experiencing the issue.

Open a case with Carbon Black Support and the provide the following:
1. Relevant Information:
  - Date/Time interoperability issue occurred (did any change precede the start of it?)
  - Does the vendor of the application have a recommended exclusion list and has it been implemented?
  - Application name experiencing interoperability
  - Any paths/processes known to be associated with the application
  - Are there any blocks seen locally or within the App Control console during the interop issue?
  - Action being performed when interop issue occurs (Expected outcome vs actual outcome)
  - Are results the same if the Agent is stopped and unloaded?
    - Start and Stop The Agent Via Local Command Line / Terminal
2. Agent Logs:
  1. Open an administrative command prompt and execute the following commands:
```
cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password GlobalCLIPassword
dascli setconfigprop max_rolling_trace_size_mb=0
dascli resetcounters
dascli flushlogs
dascli tamperprotect 0
dascli debuglevel 6
dascli kerneltrace 4 -1
dascli nettrace 1
```
  2. Start a Procmon capture
    - Collect a Procmon Capture
  3. Reproduce the interop issue
  4. Stop the Procmon capture and save "All Events" as a PML file.
  5. In the administrative command prompt execute the following commands to capture and reduce the logging levels to normal:
```
dascli capture "%userprofile%\Desktop\%computername%-Performance.zip"
dascli password GlobalCLIPassword
dascli setconfigprop max_rolling_trace_size_mb=50
dascli debuglevel 0
dascli kerneltrace 2
dascli nettrace 0
dascli tamperprotect 1
```
  6. Zip all files and upload them to the case
    - Uploading files to cases on the Broadcom Support Portal
  7. Once the upload completes, please comment on the support case that the data is available for review (along with all relevant information).

Additional Information

Feedback

thumb_up Yes

thumb_down No