• App Control Agent: All Supported Versions
• Microsoft Windows: All Supported Versions

1. Open a command prompt as Administrator and execute the following commands:

   cd "C:\Program Files (x86)\Bit9\Parity Agent"
   dascli password GlobalCLIPassword
   dascli tamperprotect 0
   net stop parity
   fltmc unload paritydriver

2. Click Start > Run > regedit > OK.
   • Add or Update the FlagsEx value in HKLM\SYSTEM\CurrentControlSet\services\paritydriver\Parameters

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\paritydriver\Parameters]

FlagsEx REG_DWORD 0x80000000

• Under HKLM\CurrentControlSet\Control\WMI\Autologger\ create a new key called ParityDriver and add the following values:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\ParityDriver]

BufferSize REG_DWORD 0x10000
ClockType REG_DWORD 0x00002
FileName REG_SZ C:\Temp\Autolog.etl
LogFileMode REG_DWORD 0x4
GUID REG_SZ {5CBD99EC-AFCE-4FA0-A9ED-0E8C5F7F32FD}
Start REG_DWORD 0x00000001
Status REG_DWORD 0x00000000

• Under HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\ParityDriver create a new key called {15565A80-7AAB-4752-A686-0F14408092C7} and add the following values:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\ParityDriver\{15565A80-7AAB-4752-A686-0F14408092C7}]

Enabled REG_DWORD 0x00000001
EnableFlags REG_DWORD 0x07ffffff
EnableLevel REG_DWORD 0x00000004
Status REG_DWORD 0x00000000

5. Reboot the machine and verify that the C:\Temp\Autolog.etl file has been created
6. Open regedit and check that the Status value under ParityDriver is 0 and that the Enabled value under ParityDriver\{15565A80-7AAB-4752-A686-0F14408092C7}] is 1
7. When done with reproducing the issue and collecting the ETL file log, make sure to remove the "flagsex" and ParityDriver key on Autologger from the registry to avoid continuous logging that can take up disk space
8. Do another reboot to terminate the logging
9. Verify that the C:\Temp\Autolog.etl has a non-zero size and provide it along with the captured diagnostic file