Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How to Collect High Debug Agent Logs on Windows (Locally)

App Control: How to Collect High Debug Agent Logs on Windows (Locally)

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Objective

To collect the High Debug version of Agent Logs locally on a Windows endpoint.

Resolution

  1. Login to the endpoint in question.
  2. From an administrative command prompt issue the following commands:
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
    dascli password GlobalCLIPassword
    dascli resetcounters
    dascli debuglevel 6
    dascli kerneltrace 4
    dascli nettrace 1
  3. Reproduce the issue.
  4. In an administrative command prompt issue the following commands to capture & reduce logging to normal:
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
    dascli password GlobalCLIPassword
    dascli debuglevel 0
    dascli kerneltrace 2
    dascli nettrace 0
    dascli capture "%userprofile%\Desktop\%computername%-HDL.zip"
    		
  5. Upload the resulting zip file to the CB Vault.
  6. Once upload is complete, please comment in the case that the files should be available for review.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-28-2018
Views:
8969
Contributors