How to generate WinHTTP even logs for sensor communication issues. These steps may be requested by support to further troubleshoot a connection issue. 

• Carbon Black EDR Sensor: All Versions
• Microsoft Windows: All Supported Versions

1. Create directory at C:\temp
2. Open a command prompt as an Administrator.
3. Enable winhttp tracing, Be sure to put the EDR master server IP in the command 

   netsh trace start level=5 capture=yes IPv4.Address=<EDR server IP> scenario=InternetClient provider=Microsoft-Windows-WinHttp tracefile=c:\temp\2016_capture.etl

4. Once trace is running, in a different command prompt window, force EDR sensor to check-in a couple of times by running 

   sc control carbonblack 200

5. Stop the capture 

   netsh trace stop

6. Wait until all the capture files are written out (.etl file should be quick, the .cab file will take some time)
7. Send us the resulting .etl and .cab files
8. Capture the command output and send us that as well

Output should look similar to this when captured successfully

Trace configuration:
-------------------------------------------------------------------
Status:             Running
Trace File:         C:\temp\testfive.etl
Append:             Off
Circular:           On
Max Size:           250 MB
Report:             Off


C:\Users\proot\AppData\Local\Temp\NetTraces>netsh trace stop
Correlating traces ... done
Merging traces ... done
Generating data collection ... done
The trace file and additional troubleshooting information have been compiled as "c:\temp\testfive.cab".
File location = c:\temp\testfive.etl
Tracing session was successfully stopped.