This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
logo

Knowledge Base

Access official resources from Carbon Black experts

How to Collect a WPR (Windows Performance Recorder) Trace

How to Collect a WPR (Windows Performance Recorder) Trace

Environment

Microsoft Windows: All Supported Versions

Objective

To capture a WPR (Windows Performance Recorder) trace, to assist the Technical Support Team with Troubleshooting & Diagnosis of an issue


Resolution

  1. Install Windows Performance Recorder (“WPTx64-x86_en-us.exe” or “WPTx86-x86_en-us.exe”)
  2. Open the Windows Performance Recorder Application
  3. Under the 'More Options' Dropdown - in the “Select additional profiles for performance recording:” pane, check the following options:

First level triage
– First level triage

Resource Analysis
– CPU Usage
– Disk I/O activity
– File I/O activity
– Networking I/O activity

Scenario Analysis
– Minifilter I/O activity

Other settings can stay as default.

  1. Reproduce the behavior in question (e.g. CPU Utilization spike), then click on the “Save” button
  2. Type a description (or case number) of the problem, and click “Save”
  3. By default, the resulting files will be saved in a location similar to “C:\Users\User1\Documents\WPR Files\.”  There will be an .etl file and a directory full of other …pdb directories. 
  4. Compress the files into a .zip file.
  5. Upload the .zip to https://community.carbonblack.com/groups/cb-vault
  6. Once the upload completes, please comment on your case that the data is available for review.

Additional Notes

  • WPR may ask to modify the registry in order to prevent kernel memory from being paged to disk by Paging Executive.  This will allow the application to collect more-complete stack information.  If it does change the registry, a reboot will be required for the setting to take effect.
  • If the computer OS is Windows 7, the registry modification made by the Windows Performance Recorder can be reversed by running this command in an Administrator-Level Command Prompt window:
    • wpr -disablepagingexecutive off
  • For systems that are running Windows 8 and above, performance recording can operate without setting disablepagingexecutiveto On, so this command Is not needed on those systems after the recording.
  • For systems that are running Windows 10, the Command Line Version should be pre-installed in c:\windows\system32 and the following commands can be ran in place of the GUI option...
    • wpr -start CPU -start diskio -start fileio -start registry -start network -start minifilter
    • (Reproduce the Issue)
    • wpr -stop c:\temp\LogNameHere.etl (The Log can be named as per you requirements, and written to any location of your choosing that has write access)

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
obonshtein
Creation Date:
‎10-31-2016
Views:
6382
Contributors
logo