Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - EndPointSecurity Section
  3. Articles

How to gather troubleshooter logging from GFI EndPointSecurity (agent focused)

Answer

Use these instructions when requested by a GFI Technical Support Representative.  If you do not have an open case, please first submit a request at www.gfi.com/supportform.

Perform the following steps to help us gather the required information and isolate the issue:

Step 1: On the GFI EndPointSecurity Console:
  1. Enable Debug by performing the following steps:​
  1. Stop the GFI EndPointSecurity service.
  2. Go to the installation folder of GFI EndPointSecurity and open the crmiini.xml file with Notepad.
  3. Change the Debug value from 0 to 1, and save the file.
  4. Restart the GFI EndPointSecurity Service.
  1. Go to Start > Programs > GFI EndPointSecurity and start GFI EndPointSecurityTroubleshooter.
  2. Go to the installation directory of GFI EndPointSecurity and locate the Zip file named <Year_Month_Day_####_###_ESECSupport>.zip.  Place the Zip file in a folder named with the format Year_Month_Day_<GFI-xxxxx-xxx>  (For example: 2008_08_16_GFI-12323-6789).
  3. Save your Application and System event logs as "Windows event log format (EVT)" to the folder create on step 3.
  4. Open a command prompt as an Administrator and execute the following command gpresult /user <Domain\User> /V>c:\gpresult.txt 
For example: gpresult /user mydomain\administrator /V >c:\gpresult.txt
  1. Copy the gpresult.txt to the folder create on step 3.
Step 2: On one of the GFI EndPointSecurity agent machines experiencing the issue:
  1. Reproduce the issue and note the exact date/time (to the second, from date and time properties) of the access event to allow for more accurate review of logging.
  2.  With the User that reproduced the issue logged in, run the command: gpresult /user < yourdomain\User> /V >c:\gpresult.txt Then, put gpresult.txt in a folder called Agent.
  3. Save the System, Application and GFI EndPointSecurity Event logs as "Windows event log format (EVT)", then place them in the Agent folder.
  4. With the device plugged in, open regedit and export the full list of devices plugged into the computer (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum) and save it to the Agent folder.
  5. Generate a gfinfo.nfo file by typing  msinfo32 /nfo c:\gfinfo.nfo in the Start > Run line, then place gfinfo.nfo in the Agent folder.
  6. With the device plugged in, open device manager and expand the nodes that show the device.  Take a screenshot and add it to the Agent folder.
  7. Copy the entire EndPointSecurity 6 Agent\DebugLogs directory the to the Agent folder.
  8. Copy the following files to the Agent folder: <Windows>\EndPointSecurity\*.csv and *.log
  9. Copy the Agent folder to the Year_Month_Day_<GFI-xxxxx-xxx> folder on the GFI EndPointSecurity Console machine.
  10. Zip the Year_Month_Day_<GFI-xxxxx-xxx> folder.
  11. Upload the file to our FTP server:
  1. Login to the FTP server (Note: If you see a page with many files and folders, right-click on the page and choose Logon As..., and put in the credentials below).
    • FTP Server details:
      • Host: ftp://ftp.gfisoftware.com
      • User: gfi
      • Pass: gfi911cust
      • (If using Internet Explorer use ftp://gfi:gfi911cust@ftp.gfisoftware.com)
  2. ​Copy and paste the file into the page.
  1. ​Reply to the case email with the exact filename uploaded. Provide any necessary details that may assist in reviewing the logging.
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments