Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How To Enable Agent Driver (Kernel) Trace Logging - Windows

App Control: How To Enable Agent Driver (Kernel) Trace Logging - Windows

Environment

  • App Control (Formerly CB Protection) Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Objective

This document describes how to enable the Agent's kernel trace for logging

Resolution

  1. Open a command prompt and change directory to %ProgramFiles(x86)%\Bit9\Parity Agent
  2. Run the following commands in order:
    dascli password <type the CLI or global password here>
    dascli kerneltrace 4 
  3. Run 'dascli status' to verify that the Kernel Level shows "4/0FFFFFFF"
  4. Reproduce the issue for logging
  5. Run the following commands to reset logging to default level:
dascli password <type the CLI or global password here>
dascli kerneltrace 2
       6. Run 'dascli status' to verify that the Kernel Level shows "2/007FFFFFF"
       7. Copy the latest ETL file located in C:\ProgramDATA\Bit9\Parity Agent\Logs if it’s Windows 7 or 2008 and C:\Documents and Settings\All Users\Application Data\Bit9\Parity Agent\Logs if it’s Windows XP or 2003

Additional Notes

Ensure that step 5 is followed every time, as high debugging logs can quickly fill up a hard-drive

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-04-2019
Views:
868
Contributors