Environment
- App Control Agent: All Supported Versions
- Microsoft Windows: All Supported Versions
Objective
How to configure the Agent service to begin in Debug Level 7 to troubleshoot issues during boot time.
Resolution
- Log in to the Console and navigate to Assets > Computers > relevant Computer.
- Verify the Agent shows as Connected & Up to Date.
- In the URL, note the value for host_id (example: https://ServerAddress/host-details.php?host_id=74)
- Navigate to https://ServerAddress/agent_config.php > Add Agent Config
- Use the following details:
- Property Name: TMP-Max Roll QTY (or something memorable)
- Host ID: Value from step 2 (ex: 74)
- Value: max_rolled_trace_logs_to_keep=20
- Status: Enabled
- Click Save & add another Agent Config using the following details:
- Property Name: TMP-Max Roll Size (or something memorable)
- Host ID: Value from step 2 (ex: 74)
- Value: max_rolling_trace_size_mb=500
- Status: Enabled
- On the endpoint in question, launch an administrative command prompt and execute the following commands to verify the Agent has received the new Agent Configs :
cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password GlobalCLIPassword
dascli showconfigprops filter *max_roll*
- Two values should be returned, example:
305. max_rolled_trace_logs_to_keep=20
306. max_rolling_trace_size_mb=500
- Once confirmed, issue the following commands to stop & unload the Agent:
dascli tamperprotect 0
net stop parity
fltmc unload paritydriver
- Open the Registry (Start > Run > type regedit > OK) and browse to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Parity
- Edit the String Value, “ImagePath” by adding “ /debuglevel 7” to the end of the registry data. Below is an example of what it should look like
C:\Program Files (x86)\Bit9\Parity Agent\Parity.exe" /service /server myparityserver.com /port 41002 /debuglevel 7
- Reboot the machine and reproduce the issue.
- Launch an administrative command prompt and issue the following commands to capture the logs:
cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli capture "%userprofile%\Desktop\%computername%-ServiceTrace.zip"
- Use the following commands to return log settings to defaults, stop the service and unload the driver:
dascli password GlobalCLIPassword
dascli tamperprotect 0
net stop parity
fltmc unload paritydriver
- Open the Registry (Start > Run > type regedit > OK) and once again browse to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Parity
- Find the String Value, "ImagePath" and remove the /debuglevel 7 reference, similar to:
C:\Program Files (x86)\Bit9\Parity Agent\Parity.exe" /service /server myparityserver.com /port 41002
- Load the driver & start the service once again:
fltmc load paritydriver
net start parity
- Disable or Delete the Agent Configs created in Step 5 & 6.
- Upload the captured diagnostics to the Vault.
Additional Notes
- Due to the volume of logging that takes place, the Agent Configs are required in order to prevent writing over important log details.
- Make sure to remove “ /debuglevel 7” and return the Config Props to defaults. Failure to do will cause the Agent to use unnecessary disk space.
Related Content